EP195 Containers vs. VMs: The Security Showdown!
10/21/24 • 41 min
Cross-over hosts:
- Kaslin Fields, co-host at Kubernetes Podcast
- Abdel Sghiouar, co-host at Kubernetes Podcast
Guest:
- Michele Chubirka, Cloud Security Advocate, Google Cloud
Topics:
- How would you approach answering the question ”what is more secure, container or a virtual machine (VM)?”
- Could you elaborate on the real-world implications of this for security, and perhaps provide some examples of when one might be a more suitable choice than the other?
- While containers boast a smaller attack surface (what about the orchestrator though?), VMs present a full operating system. How should organizations weigh these factors against each other?
- The speed of patching and updates is a clear advantage of containers. How significant is this in the context of today's rapidly evolving threat landscape? Are there any strategies organizations can employ to mitigate the slower update cycles associated with VMs?
- Both containers and VMs can be susceptible to misconfigurations, but container orchestration systems introduce another layer of complexity. How can organizations address this complexity and minimize the risk of misconfigurations leading to security vulnerabilities?
- What about combining containers and VMs. Can you provide some concrete examples of how this might be implemented? What benefits can organizations expect from such an approach, and what challenges might they face?
- How do you envision the security landscape for containers and VMs evolving in the coming years? Are there any emerging trends or technologies that could significantly impact the way we approach security for these two technologies?
Resources:
- Container Security, with Michele Chubrika (the same episode - with extras! - at our peer podcast, “Kubernetes Podcast from Google”)
- EP105 Security Architect View: Cloud Migration Successes, Failures and Lessons
- EP54 Container Security: The Past or The Future?
- DORA 2024 report
- Container Security: It’s All About the Supply Chain - Michele Chubirka
- Software composition analysis (SCA)
- DevSecOps Decisioning Principles
- Kubernetes CIS Benchmark
- Cloud-Native Consumption Principles
- State of WebAssembly outside the Browser - Abdel Sghiouar
- Why Perfect Compliance Is the Enemy of Good Kubernetes Security - Michele Chubirka - KubeCon NA 2024
Cross-over hosts:
- Kaslin Fields, co-host at Kubernetes Podcast
- Abdel Sghiouar, co-host at Kubernetes Podcast
Guest:
- Michele Chubirka, Cloud Security Advocate, Google Cloud
Topics:
- How would you approach answering the question ”what is more secure, container or a virtual machine (VM)?”
- Could you elaborate on the real-world implications of this for security, and perhaps provide some examples of when one might be a more suitable choice than the other?
- While containers boast a smaller attack surface (what about the orchestrator though?), VMs present a full operating system. How should organizations weigh these factors against each other?
- The speed of patching and updates is a clear advantage of containers. How significant is this in the context of today's rapidly evolving threat landscape? Are there any strategies organizations can employ to mitigate the slower update cycles associated with VMs?
- Both containers and VMs can be susceptible to misconfigurations, but container orchestration systems introduce another layer of complexity. How can organizations address this complexity and minimize the risk of misconfigurations leading to security vulnerabilities?
- What about combining containers and VMs. Can you provide some concrete examples of how this might be implemented? What benefits can organizations expect from such an approach, and what challenges might they face?
- How do you envision the security landscape for containers and VMs evolving in the coming years? Are there any emerging trends or technologies that could significantly impact the way we approach security for these two technologies?
Resources:
- Container Security, with Michele Chubrika (the same episode - with extras! - at our peer podcast, “Kubernetes Podcast from Google”)
- EP105 Security Architect View: Cloud Migration Successes, Failures and Lessons
- EP54 Container Security: The Past or The Future?
- DORA 2024 report
- Container Security: It’s All About the Supply Chain - Michele Chubirka
- Software composition analysis (SCA)
- DevSecOps Decisioning Principles
- Kubernetes CIS Benchmark
- Cloud-Native Consumption Principles
- State of WebAssembly outside the Browser - Abdel Sghiouar
- Why Perfect Compliance Is the Enemy of Good Kubernetes Security - Michele Chubirka - KubeCon NA 2024
Previous Episode
EP194 Deep Dive into ADR - Application Detection and Response
Guest:
- Daniel Shechter, Co-Founder and CEO at Miggo Security
Topics:
- Why do we need Application Detection and Response (ADR)? BTW, how do you define it?
- Isn’t ADR a subset of CDR (for cloud)? What is the key difference that sets ADR apart from traditional EDR and CDR tools?
- Why can’t I just send my application data - or eBPF traces - to my SIEM and achieve the goals of ADR that way?
- We had RASP and it failed due to instrumentation complexities. How does an ADR solution address these challenges and make it easier for security teams to adopt and implement?
- What are the key inputs into an ADR tool?
- Can you explain how your ADR correlates cloud, container, and application contexts to provide a better view of threats? Could you share real-world examples of types of badness solved for users?
- How would ADR work with other application security technologies like DAST/SAST, WAF and ASPM?
- What are your thoughts on the evolution of ADR?
Resources:
- EP157 Decoding CDR & CIRA: What Happens When SecOps Meets Cloud
- EP143 Cloud Security Remediation: The Biggest Headache?
- Miggo research re: vulnerability ALBeast
- “WhatDR or What Detection Domain Needs Its Own Tools?” blog
- “Making Sense of the Application Security Product Market” blog
- “Effective Vulnerability Management: Managing Risk in the Vulnerable Digital Ecosystem“ book
Next Episode
EP196 AI+TI: What Happens When Two Intelligences Meet?
Guest:
- Vijay Ganti, Director of Product Management, Google Cloud Security
Topics:
- What have been the biggest pain points for organizations trying to use threat intelligence (TI)?
- Why has it been so difficult to convert threat knowledge into effective security measures in the past?
- In the realm of AI, there's often hype (and people who assume “it’s all hype”). What's genuinely different about AI now, particularly in the context of threat intelligence?
- Can you explain the concept of "AI-driven operationalization" in Google TI? How does it work in practice?
- What's the balance between human expertise and AI in the TI process? Are there specific areas where you see the balance between human and AI involvement shifting in a few years?
- Google Threat Intelligence aims to be different. Why are we better from client PoV?
Resources:
- Google Threat Intel website
- “Future of Brain” book by Gary Marcus et al
- Detection engineering blog (Part 9) and the series
- Detect engineering blogs by David French
- The pyramid of pain blog, the classic
- “Scaling Up Malware Analysis with Gemini 1.5 Flash” and “From Assistant to Analyst: The Power of Gemini 1.5 Pro for Malware Analysis” blogs on Gemini for security
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
Select type & size
<a href="https://goodpods.com/podcasts/cloud-security-podcast-by-google-346699/ep195-containers-vs-vms-the-security-showdown-76707908"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to ep195 containers vs. vms: the security showdown! on goodpods" style="width: 225px" /> </a>
Copy