Global Security Forum

In a cloud environment, containers can hold highly valuable assets. They are like those large, colorful boxes you see on ships, except they are virtual. Inside each one is an application; all its dependencies, libraries and other binaries; and configuration files needed to run them. With most software packages, vulnerabilities can arise, and it only takes one exploitation for an attacker to gain a foothold into the container and connected cloud environment. That's why identifying, prioritizing and remediating container flaws is critical -- while containers are being developed and after they are deployed into your cloud environment.

Recently at Red Con 2021, X-Force Red program manager Scott Wilson, presented a talk about how to detect and manage container vulnerabilities. After receiving many positive comments from clients and IBMers, Scott wrote a blog post about the topic which includes a link to the full talk on YouTube. Read Scott's blog post to learn how attackers may leverage container flaws; and how to fold containers into your vulnerability management program.

Read the blog post: https://securityintelligence.com/posts/containers-cloud-vulnerability-management/

------------------------------
Abby Ross
------------------------------

Thanks for sharing, Abby.

------------------------------
Wendy Batten
Community Manager
IBM Security
Cambridge MA
wjbatten@us.ibm.com
------------------------------

Original Message:
Sent: Thu October 28, 2021 03:27 PM
From: Abby Ross
Subject: Why Containers in the Cloud can be an Attacker's Paradise

In a cloud environment, containers can hold highly valuable assets. They are like those large, colorful boxes you see on ships, except they are virtual. Inside each one is an application; all its dependencies, libraries and other binaries; and configuration files needed to run them. With most software packages, vulnerabilities can arise, and it only takes one exploitation for an attacker to gain a foothold into the container and connected cloud environment. That's why identifying, prioritizing and remediating container flaws is critical -- while containers are being developed and after they are deployed into your cloud environment.

Recently at Red Con 2021, X-Force Red program manager Scott Wilson, presented a talk about how to detect and manage container vulnerabilities. After receiving many positive comments from clients and IBMers, Scott wrote a blog post about the topic which includes a link to the full talk on YouTube. Read Scott's blog post to learn how attackers may leverage container flaws; and how to fold containers into your vulnerability management program.

Read the blog post: https://securityintelligence.com/posts/containers-cloud-vulnerability-management/

------------------------------
Abby Ross
------------------------------