Host-based logs, container-based threats: How to tell where an attack began


Although containers provide an isolated runtime environment for applications, this isolation is often overestimated.

While containers encapsulate dependencies and ensure consistency, the fact that they share the host system’s kernel introduces security risks. Based on Kaspersky security researchers experience providing Compromise Assessment, SOC Consulting, and Incident Response services to Kaspersky customers, the researchers have repeatedly seen issues related to a lack of container visibility. Many organizations focus on monitoring containerized environments for operational health rather than security threats. Some lack the expertise to properly configure logging, while others rely on technology stacks that don’t support effective visibility of running containers.

Read more…
Source: Kaspersky


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • NSA Advocates Data Sharing Framework

    June 23, 2017

    The economics of cybersecurity are skewed in favor of attackers, who invest once and can launch thousands of attacks with a piece of malware or exploit kit. That’s why Neal Ziring, technical director for the NSA’s Capabilities Directorate, wants to flip the financial equation on bad guys. “We need to conduct defenses in a way that ...