Jump to Content
Security & Identity

Monitor and secure your containers with new Container Threat Detection

December 1, 2020
https://storage.googleapis.com/gweb-cloudblog-publish/images/container_threat_detection_hero.max-2200x2200.jpg
Tim Peacock

Product Manager

As more containerized workloads find their way into your organization, you want to be able to detect and respond to threats to containers running in this environment. Today, we’re excited to announce the general availability of Container Threat Detection to help you monitor and secure your container deployments in Google Cloud.

https://storage.googleapis.com/gweb-cloudblog-publish/images/container_threat_detection_3.max-1000x1000.jpg

Container Threat Detection is a built-in service in Security Command Center Premium tier. Container Threat Detection detects the most common container runtime attacks and alerts you to any suspicious activity. This release includes multiple new detection capabilities and provides an API.

Here are the key findings that are identified by Container Threat Detection:

Suspicious Binary Executions: Container Threat Detection can see when a binary that was not part of the original container image is executed, and triggers a finding, indicating that an attacker may have control of the workload and that they are executing suspicious software such as malware or cryptocurrency mining software.

Suspicious Library Loaded: Container Threat Detection can also detect when a library that was not part of the original container image is loaded—a possible sign that the attacker has control of the workload and that they are executing arbitrary code.

Reverse Shell: Container Threat Detection monitors for processes that get started with stream redirection to a remote connected socket. An attacker can use a reverse shell to communicate from a compromised workload to an attacker controlled machine and perform malicious activities, for example as part of a botnet.

Get started today

You can get started with Container Threat Detection by simply enabling the built-in service in the Security Command Center with a Premium subscription. To enable a Premium subscription, contact your Google Cloud Platform sales team.

https://storage.googleapis.com/gweb-cloudblog-publish/images/container_threat_detection_1.max-900x900.jpg

We’ve also made it easy for you to test Container Threat Detection in a non-production environment. To trigger Container Threat Detection findings in a test environment, follow the steps outlined in this Testing Container Threat Detection guide.

Security Command Center is a native security and risk management platform for Google Cloud. In addition to Container Threat Detection, it provides built-in services that enables you to gain visibility into your cloud assets, discover misconfigurations and vulnerabilities in your resources, and help maintain compliance based on industry standards and benchmarks.

https://storage.googleapis.com/gweb-cloudblog-publish/images/Container_Threat_Detection.max-1100x1100.jpg
Click to enlarge

You can learn more about the Security Command Center and how it can help with your security operations using our product documentation.

Posted in