Expanding Vulnerability Management to Container Security: FlawCheck Joins Tenable
Today marked a significant milestone, as Tenable Network Security announced the acquisition of FlawCheck, a company that Sasan Padidar and I founded in early 2015. We built FlawCheck to address the difficulty of detecting security risks, at scale, in the world's largest data centers. As we engaged with some of the largest companies on their next-generation data center security challenges, we honed in on container environments as an area particularly fraught with issues.
As organizations seek to accelerate their innovation cycles to deliver better products to customers, DevOps and containerized software are becoming the norm. In fact, a recent survey found 53% of companies had either deployed or were in the process of evaluating containers.
But with new technologies and processes come new challenges. Most notably, vulnerabilities are being inadvertently introduced into production through these nascent DevOps processes – a significant blind spot for security teams. An additional challenge is that in container environments, the role of security operations often changes, with the development team typically taking responsibility for both provisioning and vulnerability remediation.
This is the challenge we have addressed with FlawCheck and are excited to continue working on at Tenable. The product today serves as a private registry for container images, automatically scanning images for vulnerabilities and malware as they’re built, before they can reach production, and continuously monitoring them thereafter. By integrating with the continuous integration and continuous deployment (CI/CD) systems that build container images, it helps ensure production code is secure and compliant with enterprise policy.
The stakes for enterprise security are only growing, as containers deliver more of the world’s digital innovation every day.
Bringing the FlawCheck team, technology, and product to Tenable is an exciting move. This acquisition marks many firsts. For the industry, it is the first acquisition of a container security company. For Tenable, it is the company’s first acquisition in its storied 14 year history, and its first entrance into the application security space. It's a thrilling time to be in technology and the FlawCheck team is honored to join Tenable.
The combined Tenable/FlawCheck team is now working to bring a fully integrated container security offering to market in early 2017.
In the meantime, enterprise security professionals and developers can contact us for a free trial of FlawCheck. As we move forward, we'll provide additional details on our product strategy and offerings. Best wishes on your container journey!
Source - Tenable Blog