Layered Insight: Container Native Application Protection

CIO VendorAsif Awan, Founder & CTO
In the past few years, Containerization has emerged as a catchphrase in DevOps for unlocking superior ways of packaging and hosting applications. While the lightweight nature of a container (due to the absence of guest OS and hypervisor) has demonstrable advantages of agility, portability and compute density, deploying containerized applications also raises numerous security concerns. Unlike the traditional monolithic application infrastructure, today’s containerized applications are largely segmented and distributed to a point where organizations are unable to clearly define the boundary of an application. Thus, the age-old perimeter-based security model— sheathing and protecting the entire application at the peripheries—is no more a viable option. To resolve this challenge, Pleasanton, CA-based Layered Insight, has introduced first-of-its-kind container native application protection—a unique approach of embedding security within the container architecture.

Layered Insight offers a fully-automated, fine-grained security model for gaining real-time and continuous visibility of the activities of each container. With the help of this information, Layered Insight observes and tracks the usual behavior of the container to create a normal baseline. In case the solution detects any out of the ordinary behavior, it automatically enforces control policies based on the pre-captured normal baseline information.

The industry classifies the container lifecycle into three key phases: build, ship, and run; the latter two being the more critical phases.

Layered Insight offers a fully automated, fine-grained security model for continuous visibility and control of containerized applications

Asif Awan, founder and CTO of Layered Insight, states, “We offer four distinct products to implement security measures across these two important stages.” The first two products, Layered Assessment and Layered Compliance, are static analysis and enforcement solutions that evaluate and execute the security and configuration of container images after the build process. “Since these products interact directly with the container registries, they do not impact the build phase,” says Awan. Layered Assessment presents the container image with all its composition details and known vulnerabilities, and Layered Compliance leverages the assessed data and helps enterprises create and enforce policies. The other two products, Layered Witness and Layered Control, are runtime solutions that monitor and implement rules during the container’s run phase. Here, the security probes are injected into the container during the ship phase, providing unparalleled security monitoring and enforcement across the network, storage, and application layers of the running container. Combined, these four products provide end-to-end visibility and control of containerized applications.

The company’s foundation is built on the principle: “What you cannot see, you cannot control.” Awan believes that providing deep visibility is the first step toward achieving the greater goal of “intelligent adaptive container protection.” What makes Layered Insight more powerful is the added layer of automation through machine learning capabilities to make the tools, zero touch, and eliminate the need for manual configurations. “Our solution smartly studies container behavior and arbitrates any anomaly without human intervention,” asserts Awan.

Layered Insight’s appetite for innovation and unparalleled security solution has uniquely positioned them in the security market today. Moving forward, with the growing use of containerized applications, Layered Insight is confident that their container native approach will witness a massive opportunity to proliferate in the years to come. Awan says, “Many enterprises used to be hesitant in adopting containerization technology due to a lack of competent risk management models.” Layered Insight’s security model is well-positioned to help all those enterprises espouse containerization and apply new technologies without compromising on security and compliance. As an ongoing pursuit, Awan mentions, “We will continue to strengthen our container security solution to provide more enhanced protection for next-generation cloud-based and hybrid applications.”