The vulnerability disclosed in glibc on Tuesday, which was discovered jointly by engineers at Google and Red Hat, has attracted a lot of attention in the media, just as Heartbleed did before it. Essentially, through this flaw, attackers could remotely crash or even force the execution of malicious code on machines without the knowledge of the end user. As patches are being delivered by Linux vendors and community distributions, there’s one glaring issue at play:
Who’s fixing containers?
Many companies playing in the Linux container space are developing, and, in some cases, delivering container scanners to help identify issues like glibc, or Heartbleed before it. But these vendors aren’t actually in control of the containers that their users are deploying, let alone the underlying operating system powering these container deployments. This means that while they are offering the tools for you to find these problems, when it comes to actual fixes, they may not have the expertise, capabilities or the ownership to actually fix the problem.
In short - in our view, container scanners are a paper tiger. Sure, they look fierce and they’ll roar to let you know that trouble’s on the way, but they fold like the paper that they’re made out of when you need them to do more than just...well...scan.
That’s why we believe that container security is about far more than just a vulnerability scanner. Not only do we provide a certified container registry, the tools for container scanning, and an enterprise-grade, supported platform with security features for container deployments, we back all of this up with more than 20 years of Linux operating system experience. You remember Linux - that thing that virtual machines, the cloud and containers were supposed to make irrelevant?
Turns out it still matters. A lot. Once you peel back that first layer, it’s often Linux all the way down. And it takes real skill and real experience to properly fix problems like glibc when they emerge in the middle of a mission-critical deployment.
Containers hold significant promise for the enterprise, but for adoption to take off in a meaningful way, security must be a priority, and it starts at the operating system layer. Even if you can boot securely, running an insecure container in an insecure environment doesn’t actually help anyone, especially you, the user. If a vendor’s container security story starts and stops with container scanning, we believe that it’s falling short and offering a false sense of security. Good security is timeless; containers don’t change any rules, they just change how we play the game.
Not only can Red Hat help you identify the vulnerabilities affecting your containers and the underlying infrastructure, but we also can
-
Deliver the fix to you, as a patch and a rebuilt container image through our certified container registry. Before anyone even knew about the issue with glibc, Heartbleed and countless other vulnerabilities, Red Hat had experts working on a fix and to rebuild and test our container images alongside our enterprise platform.
-
Help provide the tools and strategies to properly test the image.
-
Offer verification that the images are functioning as they should.
-
Even if you’re not in a place to rip and replace your container images, you can still go old school and ‘yum update’ inside of the containers, as we give you the tools and processes to do exactly that with Red Hat Enterprise Linux Atomic Host.
Linux containers are the way forward for enterprise IT, but in the face of innovation, you can’t forget the solid foundation provided by the operating system or the right partner to maintain it for you.
When it comes to real container security, you don’t want a paper-thin tiger; you want a real-life watch dog. And that’s what Red Hat and our decades of expertise in building stable, more secure enterprise solutions offer you.
저자 소개
Gunnar Hellekson is vice president and general manager for the Red Hat® Enterprise Linux® business. Before that, he was chief strategist for Red Hat’s U.S. Public Sector group. He is a founder of Open Source for America, one of Federal Computer Week’s Fed 100 for 2010, and was voted one of the FedScoop 50 for industry leadership. Hellekson was a founder of the Military Open Source working group, a member of the SIIA Software Division Board, the Board of Directors for the Public Sector Innovation Group, the Open Technology Fund Advisory Council, New America’s California Civic Innovation Project Advisory Council, and the CivicCommons Board of Advisors.
Prior to Red Hat, Hellekson worked as a developer, systems administrator, and IT director for a number of internet businesses. He has also been a business and IT consultant to not-for-profit organizations in New York City. During that time, he spearheaded the reform of safety regulations for New York State’s electrical utilities through the Jodie Lane Project.
채널별 검색
오토메이션
기술, 팀, 인프라를 위한 IT 자동화 최신 동향
인공지능
고객이 어디서나 AI 워크로드를 실행할 수 있도록 지원하는 플랫폼 업데이트
오픈 하이브리드 클라우드
하이브리드 클라우드로 더욱 유연한 미래를 구축하는 방법을 알아보세요
보안
환경과 기술 전반에 걸쳐 리스크를 감소하는 방법에 대한 최신 정보
엣지 컴퓨팅
엣지에서의 운영을 단순화하는 플랫폼 업데이트
인프라
세계적으로 인정받은 기업용 Linux 플랫폼에 대한 최신 정보
애플리케이션
복잡한 애플리케이션에 대한 솔루션 더 보기
오리지널 쇼
엔터프라이즈 기술 분야의 제작자와 리더가 전하는 흥미로운 스토리
제품
- Red Hat Enterprise Linux
- Red Hat OpenShift Enterprise
- Red Hat Ansible Automation Platform
- 클라우드 서비스
- 모든 제품 보기
툴
체험, 구매 & 영업
커뮤니케이션
Red Hat 소개
Red Hat은 Linux, 클라우드, 컨테이너, 쿠버네티스 등을 포함한 글로벌 엔터프라이즈 오픈소스 솔루션 공급업체입니다. Red Hat은 코어 데이터센터에서 네트워크 엣지에 이르기까지 다양한 플랫폼과 환경에서 기업의 업무 편의성을 높여 주는 강화된 기능의 솔루션을 제공합니다.