News & Views

Study reveals runtime security knowledge gap

Results of Aqua Security’s (https://aquasec.com) 2021 Cloud Native Security Survey (https://info.aquasec.com/aqua-runtime-survey?) reveals a deep knowledge gap around runtime security and the risks this presents to businesses.

In the study only 3% of respondents recognize that a container, in and of itself, is not a security boundary (
https://blog.aquasec.com/container-isolation), indicating that the default security capabilities of containers are overestimated.  This is especially alarming as only 24% of respondents say they have plans in place to deploy the necessary building blocks for runtime security.

"The results of the survey showcase a staggering knowledge gap that leads to an underinvestment in a critical part of full lifecycle, end-to-end security for cloud native applications,” says Amir Jerbi, Co-founder and CTO at Aqua Security.  “When practitioners fail to implement a holistic approach with protecting their workloads at runtime, they are opening up their environments to attackers, since even the most complete ‘shift left’ vulnerability and malware detection cannot prevent zero-day attacks and administrator errors.”

Despite recent reports showing the increased sophistication of cloud native attacks, only 18% of respondents realize they are at risk for zero days in containerized environments.  While 32% of respondents in the Aqua Security survey say they are confident in their overall holistic runtime security protection, detailed questions revealed that less than 23% in fact had the necessary building blocks of runtime security in place.

“We are concerned that there is this overconfidence in the perceived ability to prevent supply chain attacks, when the reality is that runtime security is essential because sophisticated supply chain attacks evade static analysis.  We see unnamed attackers use legitimate vanilla images to download malicious elements at runtime, Kinsing malware that only downloads in runtime, and attackers like Team TNT who hide their malicious communications attacking our honeypots on daily basis,” continues Jerbi.

“Holistic cloud native security should be every practitioner’s goal. It is not just about runtime security or any other one focus area. It is about ensuring the entire application life cycle is covered, from the build to the infrastructure and the workloads.”

Aqua Security’s recent Threat Report (
https://info.aquasec.com/cloud-native-threats-aqua) found that attackers are becoming more proficient at hiding their methods and evading static scanning, while threats to container based environments have become more dangerous and more varied.  

Over a six-month period, Aqua Security has observed honeypots being attacked 17,358 times, representing a 26% increase from just six months previously.  The increasing volume of attacks demonstrates the importance of implementing holistic cloud native security, including runtime protection, in order to protect against attackers who have evaded detection and have access to the production environment.