Trend Micro improves DevOps lifecycle protection with enhancements to containers in Deep Security

Trend Micro both integrates and enhances its developer-focused and container-based protection, to give a fuller protection to DevOps environments.

Trend Micro has announced new container security capabilities for their Trend Micro Deep Security data centre solution. The improved container protection is specifically focused on providing protection across the entire DevOps lifecycle and runtime stack.

Trend Micro Deep Security is designed to provide a multiple set of security controls to servers regardless of where they are – physical, virtual or cloud – and is focused on enterprises and MSSPs. It has also had container protection, and even developer-focused container protection, before this.

“Deep Security Smart Check is targeted at developers, scanning their containers, and that has been in place for 12-18 months,” said Mark Nunnikhoven, Vice President, Cloud Research at Trend Micro. “The main Deep Security platform also provides protection for container and container hosts, including run-time controls as containers are running.”

This release enhances protection for the DevOps lifecycle by integrating these two capabilities

“What has been added is that we have enhanced them and connecting them all together to get rid of friction,” Nunnikhoven said. “The DevOps lifecycle needs different tools to enable it because the application code is now changed much more often. It results in an automated build pipeline, so you need a different set of security tools and monitoring tools to deal with these highly automated highly programmatic and customizable interfaces.”

Accordingly, within this software build-pipeline, Trend Micro has added pre-registry scanning to Deep Security’s container image scanning for earlier detection of vulnerabilities and malware. It will now also scan for embedded secrets such as passwords and private keys and provide compliance and configuration validation checks, along with image assertion for digitally signed images. At runtime of the container, container platform protection across Docker and Kubernetes has also been enhanced.

“We have restructured the programmatic interface to make it easier to slot in, and to make Smart Check enabled in policy for run-time,” Nunnikhoven indicated. “We have also improved Smart Check as a scanner, and added more rules for containers.”

Nunnikhoven said that enhanced DevOps protection really is a big deal for partners.

“When you scrape away all the marketing hype around DevOps, from a business perspective, it has changed the criteria for purchasing technology and has changed the decision makers,” he stated. “The old ones were siloed in their work and their buying decisions. Now we see joint buying decisions and a change of requirements. Security teams now have ‘programmable’ and ‘automation’ as critical requirements for any tool because they know it goes into this joint effort. If you don’t have strong APIs and automation it won’t work, because you can’t put people into the process.”

Being able to address the DevOps requirements is critical for partners going forward.

“On the business side its absolutely critical to understand there is common ground here,” Nunnikoven said. “There is a history of having siloed conversations, so dealing with the people and culture side of this can be tricky. But this joint DevOps is a better philosophy and any thing we can do to help is a win for the customer, which means a win for us and our partners. Everybody wins in the end.”