Aqua Security: 97% ignorant of major cloud native security ideas

Ninety-seven percent of cloud-native security practitioners are broadly ignorant of major container security ideas, in accordance to a file from Aqua Security.

Actual 3% of respondents precisely smartly-known that a container isn’t any longer a security boundary. This finding, mixed with the indisputable truth that 70% believed ancient instruments — much like an IPS or firewall — also can offer protection to in opposition to assaults in growth in a cloud-native environment, highlights the peril and complexity of working out key cloud-native security dangers and straightforward counteract them.

A tubby 58% did no longer in fact feel at possibility for zero days in containerized environments, and security researchers personal found attackers are turning into an increasing selection of refined over time. Fifty percent of vulnerable targets are being attacked within the hour. And whereas 73% of respondents personal been confident in their capability to conclude software program provide chain assaults, handiest 32% personal been confident within the runtime capabilities required to conclude threats savor Kinsing malware, which handiest downloads in runtime.

Practitioners did no longer file solid plans to make investments in runtime as a key piece of a tubby lifecycle cloud-native security strategy. Runtime security is serious in retaining in opposition to attackers evading static prognosis or in any other case getting spherical extra popular, and better understood, shift-left controls. While static prognosis plays a a must-personal role in container security, it’s miles by no come a silver bullet. Even the most complete shift-left vulnerability and malware detection can no longer conclude zero-day assaults and administrator errors.

Despite the widely publicized possibility landscape, handiest 24% of respondents claimed they deliberate to introduce runtime controls within the upcoming yr, whereas lower than 16% personal been in actuality planning on investing within the required building blocks of runtime security (as an instance, ensuring container immutability). These funding plans personal been reported no matter the indisputable truth that handiest 26% of respondents stated 70% or extra of their cloud-native security stack also can conclude an attack in growth in a cloud-native environment.

The ogle interviewed 150 practitioners all over industries ranging from financial products and services to the public sector. The cohort of practitioners interviewed all labored for colossal organizations, with headcounts ranging from 1,000 to over 10,000. Forty-seven percent had in spite of the whole lot five years of cloud-native security industry experience.

Look the tubby Aqua Security 2021 Cloud Native Security file.