VMware unveiled new container runtime security capabilities to provide end-to-end security for cloud-native applications.
The new capabilities aim to target the security challenges of containerized applications including how to allow only legitimate traffic in and how to enable least-privileged communications between services and defend against the lateral movement of attackers, according to the company.
“Protecting the runtime is the foundation of securing the inner workings of a modern application. With the introduction of container runtime protection, our end-to-end security offering is now tightly integrated across the entire application lifecycle, protects all east-west traffic, and brings a new level of distributed visibility and security to APIs,” said Tom Gillis, the senior vice president and general manager of Networking and Advanced Security Business Group at VMware.
The new container runtime security capabilities include:
- Runtime cluster image scanning to automate runtime vulnerability scanning and customize policies.
- Integrated alerts dashboard that provide a single pane of glass for security teams to view events and address anomalies in their runtime environment.
- Kubernetes visibility mapping that allows DevOps and security teams to quickly understand the architecture of an application that was set pre-deployment to better identify egress destination connections.
- Workload anomaly detection that leverages artificial intelligence to standardize networking modules and alert SecOps teams.
- Egress and ingress security that provides security teams with added visibility.
- Threat detection allows customers to scan open ports to check for vulnerabilities and quickly see if there is a lateral attack in progress.