Sysdig Report Says 58% Of Container Images Run As Root
Sysdig, the cloud-based security startup, released the 2021 Container Security and Usage report that analyzes the trends of the Sysdig enterprise customer base. One of the most disturbing trends highlighted in the report is that most customers did not understand the risk of containers running as root.
The report emphasized the need for developers to set policies that will help detect anomalous behavior and trigger security alerts at run time. Runtime security for Kubernetes is still not a priority for many organizations.
Organizations understand the need to scan for vulnerabilities, but they still do not scan for common configuration mistakes. 58% of all images are running as root, which may potentially compromise privileged containers.
According to the report, Sysdig noticed a rise in suspicious filesystem and container violations. The violations were detected by Falco security policies that are enabled by default in Sysdig Secure.
The report also highlighted Falco, the CNCF Open Source project contributed by Sysdig, which now has over 20 million Docker Hub pulls, accounting for 300% growth. Falco enables the definition of runtime policies that detect security violations and generate alerts.
According to the Sysdig report, 58% of all container images run as root. Container images, unless specifically needed, should be run in the context of a less privileged user than the root to minimize the chances of a breach.
The report also says that organizations have only just begun addressing the need for runtime security for Kubernetes. A container runtime is software that executes containers and manages container images in a machine.
The 2021 Container Security and Usage report also listed the top 7 runtime policy violations:
- Write below etc: Adding or altering files may be an attempt to change the application behavior.
- Launch Privileged Container: These can interact with host system devices causing harm to the host OS.
- Write below root: Modifying data in these directories could be an illegal attempt to install software on the container.
- Suspicious Filesystem changes: It could be an attempt to access sensitive data.
- Launch Sensitive Mount Container: Indicates the container may have access to data volumes containing sensitive information.
- Suspicious Container activity: May indicate compromise within the container system.
- Terminal shell in container: Enables the attacker to manipulate or initiate malicious activity on the system.
Recommended read: 51% of 4 million Docker images have critical vulnerabilities
With increasing concerns about security in container environments, the continuing growth of Falco means more users are taking advantage of community-based rules. As the Falco project grows, Kubernetes security is strengthened by the collective group working together against bad actors.Chris AniszczykCTO of CNCF
Get similar news in your inbox weekly, for free
Share this news:
The all-in-one monitoring solution for IT admins, DevOps and SREs
Get deep visibility into the performance of your complex enterprise applications and cloud native workloads. Identify potential issues, improve productivity, and ensure that your business and end users are unaffected by downtime and substandard performance ...
Should I learn Java in 2023? A Practical Guide
Java is one of the most widely used programming languages in the world. It has …
IT Monitoring Powered by AIOps
Harness the power of artificial intelligence (AI) and machine learning (ML) to monitor your IT resources with Site24x7's artificial intelligence for IT operations (AIOps) and machine learning operations (MLOps). Improve mean time to repair (MTTR) issues with the help of Site24x7 AIOps ...
The fastest way to ramp up on DevOps
You probably have been thinking of moving to DevOps or learning DevOps as a beginner. …
Why You Need a Blockchain Node Provider
In this article, we briefly cover the concept of blockchain nodes provider and explain why …
Top 5 Virtual desktop Provides in 2022
Here are the top 5 virtual desktop providers who offer a range of benefits such …
Why Your Business Should Connect Directly To Your Cloud
Today, companies make the most use of cloud technology regardless of their size and sector. …
7 Must-Watch DevSecOps Videos
Security is a crucial part of application development and DevSecOps makes it easy and continuous.The …