If there’s any lesson to be taken away from the recent DDoS attack on Dyn it’s that we are all under the constant threat of attack no matter how small or how big we are. Even the largest, most heavily defended service providers can be hacked. We probably hear about less than 1% of all the successful and unsuccessful attempts because most of them go unreported. Not to mention the ones that were undetected!
Given the unprecedented magnitude of the attack – using 10’s of millions of IP addresses, including those from IoT devices – there was probably little that could have been done with conventional technology to prevent this attack. However, it reminds us to review some basic safeguards for preventing DDoS attacks.
In the new, uncharted world of application containers, don’t let the need for speed or the rush for cost savings get in the way of simple practical container security measures. As always it’s best to implement a layered approach to securing containers.
While all precautions can be taken to secure the perimeter, platforms, OS, and images from attacks and vulnerabilities, it’s critical to have visibility and security during run-time as well. Containers present a particularly challenging task because they can be short-lived, so detecting and investigating issues are more difficult. It’s also a challenge to secure containers at run-time because security policies need to scale up and down as applications scale.
The attack on critical DNS infrastructure services caught many organizations off-guard. Their security assessments and preventative measures may have not considered seriously enough vulnerabilities in third party services or infrastructure. As more shared services move to the cloud, and as containers speed deployment and integration of microservices distributed across public and private clouds it will become even more critical to have visibility into distributed, dynamic services.