Tripwire State of Container Security Report

Similar documents
Tripwire State of Cyber Hygiene Report

THE CYBERSECURITY LITERACY CONFIDENCE GAP

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

TRIPWIRE VULNERABILITY RISK METRICS CONNECTING SECURITY TO THE BUSINESS

Uncovering the Risk of SAP Cyber Breaches

2018 Database DevOps Survey DBmaestro 1

IT Monitoring Tool Gaps are Impacting the Business A survey of IT Professionals and Executives

INTELLIGENCE DRIVEN GRC FOR SECURITY

THE TRIPWIRE NERC SOLUTION SUITE

CICS insights from IT professionals revealed

Trends in Next Generation Data Center Infrastructure. Summary Results January 2018

Video-Aware Networking: Automating Networks and Applications to Simplify the Future of Video

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey

Optimizing Infrastructure Management with Predictive Analytics: The Red Hat Insights Approach

Modern Compute Is The Foundation For Your IT Transformation

Spotlight Report. Information Security. Presented by. Group Partner

Sales Presentation Case 2018 Dell EMC

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

Closing the Hybrid Cloud Security Gap with Cavirin

SQL Server Database Provisioning Report. Survey on database provisioning requirements among SQL Server Professionals

Cloud Computing. January 2012 CONTENT COMMUNITY CONVERSATION CONVERSION

Modern Database Architectures Demand Modern Data Security Measures

CYBERSECURITY RESILIENCE

ACHIEVING FIFTH GENERATION CYBER SECURITY

As Enterprise Mobility Usage Escalates, So Does Security Risk

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

Poor PAM processes and policies leave the crown jewels susceptible to security breaches Global Survey of IT Security Professionals

Best Practices in Securing a Multicloud World

Mastering The Endpoint

IP Risk Assessment & Loss Prevention By Priya Kanduri Happiest Minds, Security Services Practice

TRIPWIRE VIA PLATFORM PROTECTING YOUR DATA WITH INTEGRATED SECURITY CONTROLS

The 2017 State of Endpoint Security Risk

2017 Windows 10 Enterprise Impact Survey Windows 10 Enterprise Impact Survey

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface

74% 2014 SIEM Efficiency Report. Hunting out IT changes with SIEM

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Toward an Automated Future

CHANGING FACE OF MOBILITY RAISES THE STAKES FOR ENDPOINT DATA PROTECTION

The Cost of Denial-of-Services Attacks

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

SIEM: Five Requirements that Solve the Bigger Business Issues

Business Resiliency Strategies for the Cloud. Summary Results September 2017

Cloud Migration Strategies

Information Infrastructure and Security. The value of smart manufacturing begins with a secure and reliable infrastructure

Combating Cyber Risk in the Supply Chain

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

COPYRIGHT 2018 NETSCOUT SYSTEMS, INC. 1

Traditional Security Solutions Have Reached Their Limit

Why Enterprises Need to Optimize Their Data Centers

CYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD

GDPR drives compliance to top of security project list for 2018

THE POWER OF TECH-SAVVY BOARDS:

Skybox Security Vulnerability Management Survey 2012

Reducing Cybersecurity Costs & Risk through Automation Technologies

THE IMPACT OF HYBRID AND MULTI CLOUDS TO CYBERSECURITY PRIORITIES

STATE OF THE NETWORK STUDY

Best wishes for 2018! Bryan Ware, CEO. Haystax Technology INSIDER THREAT PREDICTIONS FOR

Securing Digital Transformation

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.

SDN HAS ARRIVED, BUT NEEDS COMPLEMENTARY MANAGEMENT TOOLS

Panda Security 2010 Page 1

` 2017 CloudEndure 1

Endpoint Security Can Be Much More Effective and Less Costly. Here s How

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

The Convergence of Security and Compliance

Managing complexity and rapid change in 2019

CLOUD WORKLOAD SECURITY

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

What It Takes to be a CISO in 2017

MULTI-CLOUD REQUIRES NEW MANAGEMENT STRATEGIES AND A FORWARD-LOOKING APPROACH

WHITE PAPER AUTHENTICATION YOUR WAY SECURING ACCESS IN A CHANGING WORLD

INSIDER THREAT 2018 REPORT PRESENTED BY:

SD-WAN. Enabling the Enterprise to Overcome Barriers to Digital Transformation. An IDC InfoBrief Sponsored by Comcast

Building a Threat Intelligence Program

The data quality trends report

THALES DATA THREAT REPORT

The State of Cloud Monitoring

Business Value Enabled by HPE Datacenter Care Service

Hearing Voices: The Cybersecurity Pro s View of the Profession

MATURE YOUR CYBER DEFENSE OPERATIONS with Accenture s SIEM Transformation Services

Gaps in Resources, Risk and Visibility Weaken Cybersecurity Posture

How NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity

How SD-WAN will Transform the Network. And lead to innovative, profitable business outcomes

2018 Report The State of Securing Cloud Workloads

Redefining Networking with Network Virtualization

Spotlight Report. Information Security. Presented by. Group Partner

The Convergence of Security and Compliance. How Next Generation Endpoint Security Manages 5 Core Compliance Controls

TRANSACTIONAL BENCHMARK

Disaster Unpreparedness June 3, 2013

Enabling Hybrid Cloud Transformation

IT TRENDS REPORT 2016:

Social Engineering: We are the target Sponsor Guide

THE REAL ROOT CAUSES OF BREACHES. Security and IT Pros at Odds Over AppSec

RSA Cybersecurity Poverty Index

Effective Threat Modeling using TAM

Cybersecurity 2016 Survey Summary Report of Survey Results

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Day One Success for DevSecOps and Automation on Azure

Will your application be secure enough when Robots produce code for you?

Transcription:

RESEARCH Tripwire State of Container Security Report January 2019 FOUNDATIONAL CONTROLS FOR SECURITY, COMPLIANCE & IT OPERATIONS

As DevOps continues to drive increased use of containers, security teams are struggling to secure these new assets and processes. This report explores the challenges that organizations actively using containers today are facing, as well as the real consequences they have experienced. Highlights include:»» 94% are concerned about container security»» 60% have had container security incidents in the past year»» 47% have vulnerable containers in production and 46% don t know if they do Number of containers in production 14% 22% 33% 19% 7% 6% 0 20 40 60 80 100 None We don't use containers in production Fewer than 10 10 100 100 500 500 1,000 More than 1,000 Demographics Survey respondents included 311 IT security professionals who manage environments with containers at companies with over 100 employees. Eight-six percent (269) had containers inproduction. Industry Company size 20% 41% 39% Technology Financial Services and Insurance Manufacturing Healthcare Education Government Services Retail Energy and Utilities Transportation Non-Profit Food and Beverage Other 33% 14% 9% 8% 8% 6% 6% 5% 4% 2% 1% 1% 3% 100 1,000 employees 1,000 5,000 employees 0 5 10 15 20 25 30 35 More than 5,000 employees 2

94% are concerned about container security How concerned are you about security in container environments? 94% 43% 51% 6% 0 20 40 60 80 100 Not Concerned Somewhat Concerned Very Concerned The concern increases with the number of containers in production, and is higher among those with more container security expertise. By # of containers in production By security focus and knowledge of containers How concerned are you about security in container environments? How concerned are you about security in container environments? Very Concerned Very Concerned 60 50 60 50 60 50 40 40 40 30 30 30 20 10 0 31% 34% 45% 54% More than 10 containers 10 100 containers Fewer than 10 containers None (Development only) 20 10 0 61% 39% Security Focus Entire job Major Part of job 20 10 0 53% 35% Container Security Very Knowledgeable Somewhat Knowledgeable 3

Top concerns about container security What specific security concerns do you have about containers? Inadequate container security knowledge among teams Visibility into security of containers and container images is limited Inability to assess risk in container images prior to deployment Lack of tools of defectively secure containers Insufficient process to handle fundamental differences in securing containers Not able to assess risk in deployed containers I have no concerns about container security 54% 52% 43% 42% 40% 38% 5% 0 10 20 30 40 50 60 Organizations are accepting risk and facing consequences Of the 269 respondents with containers in production: 47% have vulnerable containers in production and 46% don t know if they do Do you currently have vulnerable containers deployed in production at this time? Yes, we have them and know what the vulnerabilities are, but have deployed anyway We know we have them, but we don t know exactly what the vulnerabilities are We think we have some, but we don t know for sure We think we don t have any, but we don t know for sure I don t know No, none of our production containers have vulnerabilities 17% 30% 22% 20% 4% 7% 0 5 10 15 20 25 30 4

Those with the most containers in production have ignored security issues More than 100 Do you currently have vulnerable containers deployed in production at this time? By # of containers in production 26% 32% 13% 18% 4% 7% Yes, we have them and know what the vulnerabilities are but have deployed anyway We know we have them, but we don't know exactly what the vulnerabilities are Those with the most containers in production were more likely to acknowledge that some of those containers are vulnerable. With the increased growth and adoption of containers, security practitioners are feeling the pressure to speed their deployment. To keep up with the demand, teams are accepting unnecessary risks by not securing containers. Tim Erlin, Vice President of Product Management and Strategy at Tripwire 10-100 10% 27% 36% 14%4% 9% We think we have some, but don't know for sure We think we don't have any, but we don't know for sure Less than 10 7% 29% 18% 39% 4% 4% 0 20 40 60 80 100 120 I don't know No, none of our production containers have vulnerabilities 60% have had container security incidents in the past year Approximately how many security incidents have occurred in your container infrastructure in the past 12 months? The more containers deployed, the more likely there had been a container security incident. Approximately how many security incidents have occurred in your container infrastructure in the past 12 months? (By # of containers in production) 30 25 20 More than 100 17% 7% 28% 40% 8% I don't know More then 6 15 10 5 0 3% 3% 29% 10% 27% 12% 6% 11% 10-100 Less than 10 26% 35% 6% 37% 21% 11% 16% 18% 15% 16% 2-5 Just one None I don't know More than 100 26-100 11-25 6-10 2-5 Just one None None (Dev only) 55% 14% 19% 2% 10% 0 20 40 60 80 100 5

Organizations are bracing for a rise in container-related security incidents. Most expect rate of security-related security incidents to increase in the coming year How do you expect the rate of container-related security incidents to change in the coming year? 71% 13% 58% 21% 7% 1% 0 20 40 60 80 100 Decrease dramatically Decrease slightly No change Increase slightly Increase dramatically Top reasons for increased security incidents n = expect security incidents to increase Increased adoption of container technology will increase risk 61% Containers will increasingly be used for mission-critical systems that are more likely to be targeted 52% Hackers will target new technology while it is weak 52% Lack of security best practices for containers will leave them vulnerable 49% 0 10 20 30 40 50 60 70 6

42% are limiting container adoption because of security risks Has your company delayed or limited container adoption because of security concerns? 6% There s a belief that you have to accept a significant amount of risk to take advantage of containers, but that s not true. Security can and should be embedded into the DevOps life cycle, incorporating vulnerability and configuration assessment of container infrastructure to monitor risks from build to production. Tim Erlin 52% 42% No Yes I don't know 7

Only a few believe they could detect a compromised container within minutes 50 40 30 20 Approximately how long would it take to detect a compromised container or container image? 10 0 12% 45% 26% 6% 2% 2% 7% Minutes Hours Days Weeks Months or longer We could not detect it I don't know 98% want additional security capabilities for container environments What additional security management tools or capabilities would your organization want for container environments? Incident detection and response for containers and infrastructure Isolate containers that behave abnormally More security-focused monitoring of container infrastructure Greater visibility into container risk Monitor containers for drift or behavior changes Attack-blocking technologies for containers Artificial intelligence security analytics for containers Blockchain We don t want anything special for container security 52% 49% 48% 48% 45% 45% 40% 22% 2% 0 10 20 30 40 50 60 8

Who s in charge? IT security is most likely team to have primary responsibility for container security What organization owns primary responsibility for container security? 20% IT Security DevOps 12% 46% DevSecOps 22% Cross-functional team Because of containers, 82% are rethinking security responsibilities with varying results Has container adoption caused your organization to think about restructuring security responsibilities? 10% 18% 17% 21% 35% No, it didn't even cross our minds to think about it Yes, we thought about it but don't see a need to change anything Yes, we have reassigned security responsibility based on container adoption Container adoption is one of the many changes that is making us re-think security We're still thinking about it 9

Tripwire is a leading provider of security, compliance and IT operations solutions for enterprises, industrial organizations, service providers and government agencies. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business context; together these solutions integrate and automate security and IT operations. Tripwire s portfolio of enterprise-class solutions includes configuration and policy management, file integrity monitoring, vulnerability management, log management, and reporting and analytics. Learn more at tripwire.com The State of Security: Security News, Trends and Insights at tripwire.com/blog Follow us on Twitter @TripwireInc» Watch us at youtube.com/tripwireinc 2019 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. All other product and company names are property of their respective owners. All rights reserved. BRDRSCS1b 1901

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback