Edera has released Am I Isolated, an open source container security benchmark that probes users runtime environments and tests for container isolation.

Edera is best known for its secure-by-design Kubernetes and AI solution, Protect Kubernetes, which provides a secure-by-default Kubernetes solution that runs anywhere and secures workloads with hard isolation using a cloud-native Type 1 hypervisor. This means Kubernetes containers run at the lowest levels eliminate container escapes. Edera also produces Protect AI, which offers out-of-the-box GPU configuration and security through auto detection, driver isolation, and GPU virtualization.

The new product, Am I Isolated, is open source and provides a security benchmark that tests for container isolation. The Rust-based container runtime scanner detects gaps in users’ container runtime isolation. It evaluates a given runtime environment and looks for things which may be a security problem, as well as providing suggestions for solving any problems it finds to provide stronger isolation guarantees.

Emily Long, co-founder and CEO at Edera, said:

"Currently, companies are either spending unnecessary dollars running separate Kubernetes environments for untrusted containers or they're using too many expensive and antiquated tools that don't solve anything."

Because containers are processes on a host, they need to be isolated to limit the blast radius of container escapes and security incidents. In addition to evaluating the container runtime environment, Am I Isolated also checks for ambient privileges and common misconfigurations made by DevOps teams and platform engineers when setting up containerized applications or container runtime environments. It also provides ongoing testing against container escape techniques.

Long points out that running secure multi-tenancy workloads remains an unsolved problem that’s costing companies millions of dollars:

"Just recently, the Wiz research team reported a critical NVIDIA GPU AI vulnerability that exposes an issue that has been at stake for Kubernetes for 10 years and is affecting AI security - container escapes."

Traditional container escapes access a GPU directly from the host system, which can enable a container escape when a bug is found in the driver. Edera says isolation is critical to workload and multi-tenancy security because it limits the blast radius of container escapes and security incidents. Instead of running containers in Linux namespaces, Edera's platform treats a container like a virtual machine guest. There is no shared kernel state between containers, and a memory-safe Rust control plane further secures workloads. Edera can be used anywhere users run their containers (public cloud, private cloud and on-premise) and doesn't require virtualization extensions or custom infrastructure. Edera says Am I Isolated is simple, delivers peace of mind and saves companies millions in cloud costs.

Am I Isolated is free and open source and can be downloaded on Edera's GitHub. The GitHub page points out that I Am Isolated is still a work in progress and does not yet incorporate tests for all possible container security problems. Current work is focused on providing enough data in a digestable format, rather than overwhelming security engineers and CISOs with too much data.

Am I Isolated is available on GitHub now.

More Information

Wiz Research Team Report

Am I Isolated

Related Articles

Constellation - The First Confidential Kubernetes

Postgres And Kubernetes Together In Harmony

Learn Kubernetes by Example

Kubernetes Security Audit Open Sourced

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Comments

Make a Comment or View Existing Comments Using Disqus

or email your comment to: comments@i-programmer.info