Security Experts:

Connect with us

Hi, what are you looking for?


Cloud Security

Containerized Security: The Next Evolution of Virtualization?

We in the security industry have gotten into a bad habit of focusing the majority of our attention and marketing dollars on raising awareness of the latest emerging threats and new technologies being developed to detect them. One just has to look at the headlines or spend fifteen minutes walking the show floor at a major security conference to see this trend.

We in the security industry have gotten into a bad habit of focusing the majority of our attention and marketing dollars on raising awareness of the latest emerging threats and new technologies being developed to detect them. One just has to look at the headlines or spend fifteen minutes walking the show floor at a major security conference to see this trend. However, while we are focusing on what all the bad guys are doing, we’ve taken the eye off the ball of where our infrastructure business is going.

Don’t get me wrong, detecting new targeted attacks is an important priority for security pros, but it’s equally vital to look for technology advancements in the way we do business and what our counterparts are doing in infrastructure, data centers and/or clouds. 

Data CenterFor example, when security became virtualized, it brought with it the promise of several benefits, including increased speed and scalability with decreased overhead and costs of security infrastructure in virtualized data centers and cloud environments. There’s little doubt that this transition to virtualized security has been a positive one for many organizations who are now able to more effectively scale and customize security policies faster than ever before. 

But what can we do next to make sure we’re continuing to innovate and keep our security functions ahead of the curve?

One of the most promising new approaches is putting security functions into containers. Just as containers provide a wide range of benefits for applications that need to migrate between computing environments, there are also benefits to using them to secure networks. The decrease in size and power needed to run security operations through a container using one operating system, as opposed to operations through several operating systems, can have a massive effect on cost and scalability, while providing an efficient way to secure your network.

There are several benefits to containerizing your security functions. The most obvious of these is cost savings – with all of your operations able to run through only one container, you can decrease the amount you need to spend on multiple operating systems. From a performance standpoint, you will be able to achieve massive scalability and a significant increase in speed of services. Containers can be booted up almost immediately, while your average virtual machine (VM) may take several minutes to start.

Just as we started with VMs on servers, there was a general perception that there was no need for security. But as adoption of containers progresses in data centers and clouds, many organizations have quickly realized the need to add security in the overall mindset of building virtualized environments. 

However, just as with all new forms of security, there can be limitations. For instance, unlike traditional firewalls, you don’t need routing and switching capabilities, especially as environments migrate to more micro service creation and usage. For that reason, you should evaluate the decision to use containers carefully and do it with security at the upstart. If you’re considering this approach, here are a few questions you should be asking yourself to decide what’s right for you:

1) Are you already using Dockers? If your organization is using containers for any other part of their infrastructure, it’s highly logical to extend this practice to security. Once containers are in place, their scalability makes it easy to add other features to their existing functions with minimal additional cost or impact on performance.

2) What kind of environment are you looking to support? If you’re in need of a dense, secure environment, containers could be the best solution for you. If you have already built and prioritized a virtualized environment with virtual machines, a virtual firewall could be a better solution.

3) What is your long term strategic business direction? Is your business investing in more DevOps type resources? Is your business leveraging off the shelf technology, or is the strategic direction to build competitive differentiated technology in house? If your business believes technology is a strategic differentiator and is investing in more DevOps resources and building technology in-house, then containers should naturally be the next step in your data center investments. Start with a full container firewall that has the ability in the future to decompose into micro security services to be able to support your current applications and future micro services.

While using containers to secure your organization is a relatively novel approach, it can lead to cost savings and massive scalability. By considering containers for security, you could be an early adopter to an innovative new approach that will allow you to stay ahead of both the competition and the cybercriminals. 

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...