IBM Launches New Tools for Container Security

IBM is buckling down on container security with LinuxONE Emperor II, the next generation of its Linux-only enterprise family unveiled today at Open Source Summit North America. The platform includes the IBM Secure Service Container to protect against internal and external threats.

The announcement comes at a time when security researchers are paying greater attention to container security. Dino Dai Zovi, cofounder and CTO at Capsule8, took the stage at Black Hat 2017 to discuss how datacenter-level operating systems like Docker, Kubernetes, and Mesos change the security paradigms for modern production environments.

"There's a lot of attack surface inside these orchestrated environments - the APIs that are accessible from inside the containers, that you can use to escalate privileges, move around the network, and persist," he said in an interview with Dark Reading.

Last year, more than four billion data records were lost or stolen, a 556% increase from 2015. In the past five years, more than nine billion records have been breached and only 4% of them were encrypted or secure scrambled, IBM reports. The company's LinuxONE technology has been part of the IBM cloud since 2015.

The Secure Service Container protects data from external threats and internal threats at the system level, from users with elevated credentials, or attackers who steal them. Developers don't have to create proprietary dependencies to use these advanced security capabilities; an application only needs to be put in a Docker container ready for Secure Service Container deployment. From there, it can be managed through the Docker and Kubernetes tools.

Read more details here.