Press
Karamba Security Announces World-First Secure Boot Support for Containers
HOD HASHARON, Israel, September 5, 2024 – Karamba Security, a world leader in end-to-end product security, has extended its XGuard host protection solution to support Secure Boot for Containers, in addition to protection of containerized applications.
Container tools for runtime and orchestration have become an integral part of IoT devices and ECU firmware. The general benefits of utilizing container architectures involve significantly simpler development & testing, feature upgrades, portability, and feature deployment.
Existing security solutions for container images focus on making sure that the image pulled from the cloud-based repository is valid. These solutions are sufficient for Cloud workloads and SaaS environments in which the lifespan of container applications is short. In IoT and automotive, however, to save bandwidth costs and to ensure resilience to connectivity issues, the container image is stored on the device for future runs. Due to performance and boot-time constraints, current Secure Boot mechanisms do not cover the device file system, where containers are stored, making the containers vulnerable to hackers. When a container instance is created out of an image, there’s a need to validate that the original image has not been tampered with or replaced.
Container Authentication (Secure Boot): XGuard for Containers automatically calculates the container’s image hash “signature” and creates a policy describing all allowed container images. The policy is enforced at runtime each time a container instance is created. XGuard also supports scenarios in which images are added, removed or updated, without the need to modify the underlying host Linux OS.
Securing the Running Container: Containers are essentially autonomous execution units, each representing a separate network entity. As such, they need to be protected from attackers by preventive solutions. XGuard’s User-space-based enforcement model is tailored to protect running containers, and can be applied using several integration alternatives:
- Protection at the image build stage, by adding XGuard build steps to the Dockerfile (or files for similar technologies such as Podman)
- Protection of the container image after the build.
Karamba’s XGuard for Containers provides a full runtime-security feature set for running containers, including: Application Whitelisting, File Protection, Associated Execution and Security Monitoring.
Download a paper here to learn more about Container Authentication and XGuard.
About Karamba Security
Karamba Security is the world leader in End-to-End security for IoT products. IoT product manufacturers in medical, automotive, renewable energy, enterprise edge and IoT rely on Karamba’s products and services to seamlessly protect their connected devices against cyberattacks. With more than 120 successful engagements with Fortune 500 companies, IoT product manufacturers trust Karamba’s award-winning solutions for compliance and brand competitiveness when protecting their customers against cyberthreats.
More information is available at www.karambasecurity.com and follow us on LinkedIn at www.linkedin.com/company/karamba-security.
Media Contact:
Montner Tech PR
Deb Montner, [email protected]
Chloe Amante, [email protected]
Want to learn more?
Contact UsIsrael
24 HaNagar Street
Hod Hasharon
45277-13
Tel: +972 9 88 66 113
USA
41000 Woodward Ave
Building East, Suite 350
Bloomfield Hills, MI 48304
Tel: +1 833 4KARAMBA
Germany
Wasserburger
Landstr. 264, Munich
81827
Tel: +49 892 1547 7583