Get a Demo
Under Attack?
A blue and white graphic with a circular design in the center, featuring three interlocking geometric shapes. Lines radiate outward from the circle. The word upwind is in the top left corner.

Get Comprehensive Protection for Container-Optimized OS with Upwind

<br />
<b>Warning</b>:  Undefined variable $photo in <b>/nas/content/live/landing173/wp-content/themes/bricks/includes/elements/code.php(236) : eval()'d code</b> on line <b>33</b><br />
<br />
<b>Warning</b>:  Trying to access array offset on value of type null in <b>/nas/content/live/landing173/wp-content/themes/bricks/includes/elements/code.php(236) : eval()'d code</b> on line <b>33</b><br />
Denise Ashur October 31, 2024

We are excited to announce an addition to Upwind’s comprehensive container security, with support for Container-Optimized OS.

What is Container-Optimized OS?

Container-Optimized OS is a Google Cloud operating system image, and is the default node OS Image in Google Kubernetes Engine (GKE). It is primarily used for compute engine VMs and is optimized for running Docker containers. Container-Optimized OS is maintained by Google and based on the Chromium OS project.

Container-Optimized OS provides  a stripped-down method of running containers, with them existing on VMs and without an orchestrator. This method offers several benefits to users, including:

  • The ability to run containers out of the box: Container-Optimized OS instances are pre-installed with Docker and containerd runtimes, giving users the ability to spin up a container at the same time they create a VM
  • Small attack surface: Container-Optimized OS has a smaller attack surface than other methods of running containers
  • Automatic updates: Container-Optimized OS instances automatically download weekly updates and only require users to reboot in order to install

However, this stripped-down operating mode also has drawbacks which include:

  • No package manager: Container-Optimized OS does not include a package manager, meaning users cannot install packages directly on an instance.
  • Locked down kernel: The Container-Optimized OS kernel is locked down, meaning users cannot install third-party kernel modules or drivers.
  • Limited to Google Cloud: Container-Optimized OS is only supported on Google Cloud Platform. For users who want a centralized security solution to protect containerized environments across clouds or on different Oses, this can represent a challenge.

Container-Optimized OS Security Challenges

Container-Optimized OS users who do not use a platform for container orchestration such as Kubernetes traditionally face several security challenges, including not having access to container scanning, vulnerability scanning, and more. In addition, Container-Optimized OS is only available on Google Cloud. This can pose a potential security challenge for users who also run containerized infrastructure on other clouds such as AWS or Azure, who will need a separate solution tuned for the specifics of Container-Optimized OS rather than using a centralized security solution across multi-cloud containerized infrastructure. 

Cloud-providers-denise--1024x597

Upwind’s Support for Container-Optimized OS

Upwind’s use of a lightweight, high-performance eBPF sensor allows us to support Container-Optimized OS to the same degree as other methods of running containers, as we do not require a Kernel extension or other Kernel permissions in order to provide real-time visibility and protection. Instead, Upwind provides container awareness on the node level, without requiring Kernel permissions or needing to query a virtual machine or Kubernetes.

Screenshot-2024-10-29-at-11.48.13%E2%80%AFAM-1024x892

With Upwind’s new support for Container-Optimized OS, customers can now easily secure Container-Optimized OS environments, along with their other containerized environments across multi-cloud environments, all in one centralized platform.

Container-Optimized OS customers who do not use Kubernetes can also easily identify vulnerabilities, malware and more, with Upwind’s comprehensive support for container security, giving them previously unachievable visibility and protection for their containerized infrastructure. 

Want to learn more about Upwind’s support for Container-Optimized OS? Schedule a demo today. 

401 Authorization Required

401 Authorization Required


nginx
Contents

Further Reading

Superhuman AI

Security AI Needs an Honest Scoreboard: What It’s Superhuman At, and Where It Comes Up Short

If you follow AI at all, you know the leaderboards. Every few weeks a model takes the top spot, and we all check where our favorite landed. But a leaderboard only tells you who's ahead, and it stays quiet about where any of those models still come up short. Which, conveniently, is the part that…
Focus Mode

Find What Matters with Upwind Focus Mode

Focus Mode is now available in the Upwind platform, giving security teams a faster, more focused way to work. Instead of navigating across the platform, you can switch to Focus Mode to slice and dice the Upwind platform by Vulnerability Management, Cloud Security Posture, Attack Surface Management, Administration, or Threats, and starting next week, AI…
Early Advisories

Introducing Early Advisories: Turn Emerging Threats into Action

We’re excited to introduce Early Advisories as part of the Upwind platform. Powered by Upwind's security research team, Early Advisories notify customers about emerging threats, including zero-days and supply chain attacks, before they receive a CVE identifier. Early Advisories are published directly into the Vulnerabilities module alongside CVE-based findings and automatically correlated with your live…