Unboxing the new VMware Carbon Black container security solution

“VMware acquired Octarine, a privately held company in Sunnyvale, California on May 27, 2020. Octarine offers a cloud-native security platform for the complete lifecycle of applications running on Kubernetes, helping customers to protect their cloud-native apps from build to runtime.”

“Acquiring Octarine will enable us to further expand VMware’s intrinsic security strategy to containers and Kubernetes environments by embedding the Octarine technology into the VMware Carbon Black Cloud,” said Patrick Morley, general manager and senior vice president, Security Business Unit, VMware.

As one of the “veterans” working in VMware around the cloud-native landscape, I found that announcement exciting. The market is evolving for the last couple of years to cloud-native architecture and running more and more cloud-native workloads in production. The cloud-native architecture characterized as declarative orchestrated architecture and involved lots of open-source bits and pieces. That opened a new security challenge that affects the entire modern application supply chain from the code to production. Vmware has many security services and solutions in every part of that application supply chain as part of the Tanzu portfolio. But, there wasn’t any security-focused product that aimes to answer the CISO and SOC teams’ challenge in the organization.

Like other parts of the organization, the security teams need to evolve to the new architecture and workloads that popped up in the last couple of years. That will change the way those teams addresses security and govern the application supply chain. We saw that slow pacing evolution in the IT department evolving the infrastructure, network, and storage engineers. Now it is time for the security teams to elevate themselves.

In this blog, we will unbox the first version of Carbon black for containers announced as GA last month. The first version main capabilities are:

  1. Prioritized Risk Assessment – Enables Security teams to focus on the most severe risks to Kubernetes environments with the ability to detect and prevent vulnerabilities before containers are deployed by scanning Kubernetes manifests at continuous integration, and on Kubernetes clusters.
  2. Governance & Enforcement – Ensures the integrity of your Kubernetes configurations through control and visibility of workloads that are deployed to your clusters. Customizable policies enforce secure configuration by blocking or alerting on exceptions.
  3. Compliance Policy Automation – Helps Security teams shift-left into the development cycle to detect and prevent vulnerabilities at build. Create automated, customizable policies to enforce secure configuration and ensure compliance with organizational requirements and industry standards such as CIS benchmarking.
  4. Custom Queries – Provides deep visibility into workload security posture and governance to ensure compliance, with the ability to freely explore Kubernetes workload configuration via customized queries.

Lets deep dive to details:

  1. Onboarding your cluster – the onboarding process is as easy as it can be, just run kubectl command with the service operator specs

We can now create a group for your clusters. That group will allow you to build dashboards and enforce policies in a group level

Next step is to create a generic secret based on your cloud service user

And last step is to deploy the agent itself:

Once done and the agent is installed you will see the cluster exposed on your Inventory >> K8s Cluster view

We can already view the cluster and information about it in the Inventory >> K8s Workloads dashboard

On that kubernetes workloads view you will be able to see what’s running on the cluster and what is the risk for that specific workload including a risk assessment metric

To get higher level dashboard with insight around the entire group of managed clusters we can open the K8s Health dashboard on the Harden section

The health dashboard consolidates data of risk and vulnerabilities in managed kubernetes clusters and everything that runs in them. We can also get a detailed view by clicking on the risk tab, alongside the overview tab, which will open a comprehensive risk analysis view of our cluster in that group.

Another important capability is the policy insight and policy enforcement. we can decide what the level of policies that will be applied per cluster group is and we can also choose not to enforce them bat just getting the insight

As we can see on the print screen above everything is in “Alert” mode so nothing will be enforced but we will get the understanding of the level of vulnerabilities in those clusters according to that policy that is being applied. we can see those violations in the Enforce >> K8s policies dashboard

To summarize, the security landscape is changing, just like the infrastructure and development is. The challenge is more significant than before because of the number of entities running in every environment on or off-premise. The declarative way of doing things should make security more straightforward. Still, the fact is that in behind that declaration method there are code dependencies, libraries, open-source projects and other components you use and in every bit of them you can find the new vector of attack. Like always in security, the game just levelled up, and we need to level up with it.

Hope you found this blog useful, feel free to comment about things you want to know more.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.