Trend Micro enhances Cloud One Services Platform cloud-native container security with Run-Time protection

Trend Micro continues to expand the Cloud One platform it began to roll out last year, adding Run-Time protection for containers to complement the Build and Deploy protection capabilities that had already been introduced.

Trend Micro has announced a major enhancement to the cloud-native container security within their Trend Micro Cloud One services platform, which began a staged roll out last year. The Cloud One – Container Security service has added Run Time Protection, to now provide automated continuous protection at all of the Build, Deploy and Run stages of the container lifecycle, through a single tool.

Trend Micro has rolled out these three stages of container protection gradually. The initial Build Time protection existed before the Cloud One platform itself, in the Trend Micro Deep Smart Check offering through a collaboration with Red Hat OpenShift.

“Build Time protection covers when the developer downloads third party apps, before they deploy into production, and utilizes a Kubernetes Admissions Controller that integrates with Smart Check,” said Antoine Saikaley, Technical Director, Trend Micro Canada. “With the expansion of SaaS, we added additional security controls for containers, for Deploy Time and Run  Time. Deploy Time, which if an image was already scanned, was added when Cloud One was introduced.” It leverages a partnership with Snyk, which specializes in open source vulnerability management, complementing Trend Micro’s strength there in the non-open source space.

The latest element added, to cover the three stages of the CI/CD process, is Run Time protection.

Antoine Saikaley, Technical Director, Trend Micro Canada

“It uses predictive strategies following the MITRE ATT&CK framework to create policies at run time,” Saikaley said. It kicks in once an image has been deemed safe, and is deployed into production. This protection includes ongoing vulnerability detection for the containerized application, as well as providing relevant feedback to security and DevOps teams in case further action is needed.

The focus in the design has been to maximize the security without compromising developer agility.

“We have mitigated thus issue by putting Deploy Time policy and Run Time policy in the hands of the security team,” Saikaley said.  “If the DevOps team fails to do their security scanning, the security team ensures things are mitigated.”

Saikaley said that container security is still a relatively new field, which has to be explained to many customers.

“It is still very much in the early adoption phase,” he noted. “We still need more education highlighting the risk, to help customers see the need for specific security around containers.”

As far as building out the Trend Micro Cloud One services platform goes, Saikaley said to expect more around detection and response.

“Trend Micro has always been a prevention first technology company,” he noted. “All of our solutions are now weaving in detection and response for threat hunters. We just launched our Vision One threat defense platform, to which our Cloud Services platform connects. This platform contains a module for threat hunting, which will provide a list and analysis of risky users, applications and devices on the network. This all reflects how we are moving towards platform services at Trend Micro.”