Kaspersky’s recent report, “Managing Geographically Distributed Businesses: Challenges and Solutions,” highlights the prevalence of cybersecurity incidents in container environments.
The Kaspersky study reveals that 85% of companies utilizing container development methods encountered security breaches related to containers or Kubernetes in the past year. Also, 32% of these incidents occurred during runtime, creating serious vulnerabilities.
Runtime security, crucial for safeguarding containerized applications during deployment, poses significant challenges for geo-distributed businesses. These organizations, operating across various locations and regions, face heightened complexities in managing real-time cybersecurity threats.
“Geo-distributed organizations face unique hurdles,” Anton Rusakov-Rudenko, product marketing manager at Kaspersky said in a media release. “Their infrastructures spread across diverse regions, each with distinct network conditions. The dynamic nature of containers further complicates the task.”
He noted that effective runtime security solutions must integrate seamlessly into such infrastructures, providing behavioral monitoring, network segmentation, and threat detection without compromising efficiency.
Inter-region traffic
Key runtime security concerns for geo-distributed businesses include inter-container traffic, container processes, and visibility and context. In microservices architectures, containers frequently communicate, creating complex interaction webs. This inter-region traffic can be challenging to monitor, especially with the dynamic deployment and scaling of containers. Unmonitored traffic can facilitate lateral movement for attackers within the network.
Monitoring processes within containers is essential to detect anomalies indicating potential breaches. The temporary nature of containers and the vast number of processes in large-scale deployments complicate this task.
“Geo-distributed businesses must address this across various locations, each with unique security and compliance needs,” the cybersecurity solutions company said.
Gaining visibility into container operations is inherently difficult due to their isolated nature. For businesses spread across multiple regions, maintaining comprehensive visibility is a significant challenge. Understanding the context of anomalies — distinguishing between benign and malicious activities — requires deep insights into regional operational baselines.
To counter these risks, Kaspersky recommends network segmentation, advanced behavioral monitoring tools, continuous scanning for threats, and centralized logging solutions. These strategies enable quick detection and response to security issues, maintaining robust protection for geo-distributed operations.