CFOtech India - Technology news for CFOs & financial decision-makers
Story image

Runtime security challenges for geo-distributed businesses

Fri, 28th Jun 2024

Runtime security, the practice of protecting containerised applications while they are deployed in the orchestrator, is essential for defending against real-time cyber threats that can compromise active workloads. For geographically distributed businesses operating across multiple locations and regions, the challenges of managing runtime security are more complex compared to companies without branches, according to Kaspersky.

The latest Kaspersky study, "Managing geographically distributed businesses: challenges and solutions", reports that 85% of those using container development methods have experienced cybersecurity incidents related to containers and/or Kubernetes in the last 12 months. Around one-third of these (32%) were cyber incidents during runtime, creating serious system vulnerabilities.

Runtime security involves the protection of containerised applications and their environment while they are deployed in the orchestrator. This includes monitoring and managing several aspects and risks associated with them:

Traffic between containers: In a microservices architecture, multiple containers often communicate with each other, forming a complex web of interactions. For geo-distributed businesses, this traffic spans different regions, making it even more challenging to monitor. The dynamic nature of container orchestration, where containers can be deployed, scaled, and terminated frequently, adds to the complexity. Unmonitored traffic can be exploited by attackers to move laterally within the network, gaining access to sensitive data and services.

Processes inside containers: Each container runs processes that can be potential entry points for security breaches. Monitoring these processes is crucial to detect any unusual behaviour that might indicate a compromise. However, the ephemeral nature of containers and the sheer volume of processes running in large-scale deployments make this task daunting. For geo-distributed businesses, the challenge is magnified by the need to monitor processes across different locations, each with its own set of security requirements and compliance issues.

Visibility and context: Gaining visibility into what happens inside containers is inherently difficult because they operate as isolated environments. For geo-distributed businesses, maintaining visibility across multiple regions is one of the major challenges. Additionally, understanding the context of detected anomalies—whether they are benign or malicious—requires deep insight into the application's normal behaviour and the environment's baseline, which can differ from one region to another.

Several strategies can help enhance runtime security for geo-distributed businesses. One is to segment the network, which means breaking it into smaller, isolated sections with strict access controls. This can limit an attacker's ability to move sideways within the network if they breach a container.

Another strategy is to monitor the behaviour of containers and their processes. By using advanced monitoring tools, unusual activity can be quickly identified and flagged as a potential threat. Additionally, specialised security solutions with continuous scanning functionality play a crucial role. Such tools scan for threats and respond in real time, which helps in quickly addressing any security issues without needing constant human oversight. Continuous scanning can provide immediate defence against attacks, detecting and preventing malicious activities as they happen.

Keeping detailed logs of all container activities and network traffic is also vital. These logs help in understanding what happened during a security incident and in taking corrective measures to prevent future breaches. For geo-distributed businesses, centralised logging solutions that aggregate data from different regions can provide a comprehensive view of security events and streamline incident response.

Anton Rusakov-Rudenko, Product Marketing Manager, Cloud & Network Security Product Line at Kaspersky, stated, "Runtime security is a critical component of modern containerized application protection, yet it presents significant challenges especially for geo-distributed businesses. Their client services, business applications, and entire infrastructure are spread across different regions with their specific network conditions and limitations. It is a challenge to observe such infrastructure by itself. Containerization brings another complexity level due to the dynamic nature of containers and interactions between them. It is crucial to adopt a runtime security solution that can be integrated in geo-distributed infrastructure without harming its efficiency, provide behavioural monitoring of running containers, network segmentation, and threat detection tools. Our Kaspersky Container Security is designed to address these challenges, providing real-time protection and ensuring the integrity of your active workloads."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X