News

Aqua Security: 97% unaware of crucial cloud native security principles

All the sessions from Transform 2021 are available on-demand now. Watch now.

Ninety-seven percent of cloud-native security practitioners are broadly unaware of essential container security principles, according to a report from Aqua Security.

Just 3% of respondents correctly noted that a container is not a security boundary. This finding, combined with the fact that 70% believed traditional tools — such as an IPS or firewall — could protect against attacks in progress in a cloud-native environment, highlights the difficulty and complexity of understanding key cloud-native security risks and how to counteract them.

A full 58% did not feel at risk for zero days in containerized environments, and security researchers have found attackers are becoming increasingly sophisticated over time. Fifty percent of vulnerable targets are being attacked within the hour. And while 73% of respondents were confident in their ability to stop software supply chain attacks, only 32% were confident in the runtime capabilities required to stop threats like Kinsing malware, which only downloads in runtime.

Practitioners did not report strong plans to invest in runtime as a key part of a full lifecycle cloud-native security strategy. Runtime security is critical in protecting against attackers evading static analysis or otherwise getting around more popular, and better understood, shift-left controls. While static analysis plays an important role in container security, it is by no means a silver bullet. Even the most complete shift-left vulnerability and malware detection cannot prevent zero-day attacks and administrator errors.

Despite the widely publicized threat landscape, only 24% of respondents claimed they planned to introduce runtime controls in the coming year, while less than 16% were in fact planning on investing in the necessary building blocks of runtime security (for example, ensuring container immutability). These investment plans were reported despite the fact that only 26% of respondents said 70% or more of their cloud-native security stack could stop an attack in progress in a cloud-native environment.

The study interviewed 150 practitioners across industries ranging from financial services to the public sector. The cohort of practitioners interviewed all worked for large organizations, with headcounts ranging from 1,000 to over 10,000. Forty-seven percent had at least five years of cloud-native security business experience.

View the full Aqua Security 2021 Cloud Native Security report.

VentureBeat

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Source: Read Full Article