Tenable ate FlawCheck for DevOps enhancement

Because Docker container security leaves something to be desired


In order to remain tenable as the security market adjusts to software containers, Tenable Network Security, based in Columbia, Maryland, has acquired FlawCheck, a San Francisco-based company founded last year to make Docker containers more secure.

Renaud Deraison, CTO and cofounder of Tenable, contends that information technology is in the midst of a significant change as companies move their infrastructure and operations toward cloud computing and containerized workloads.

In a phone interview with The Register, Deraison said the embrace of DevOps is transforming the way organizations build applications.

DevOps refers to the coordination of development, Q&A, and IT operations groups in support of the automation of software creation, deployment, and maintenance. And containers are central to that plan.

But DevOps shifts the responsibility of security remediation onto developers, said Deraison. "The problem with DevOps is it changes the way security is done," he said. "We really believe DevOps is a huge opportunity for organizations and companies to come up with better, safer more-robust code."

Tenable offers vulnerability scanning and management for assets on corporate networks. FlawCheck provides a secure container registry designed to help organizations keep their Docker containers free of malware during continuous integration and continuous deployment operations. Together, the two companies aim to provide customers with security both before and after deployment.

FlawCheck's technology is used for checking containers for vulnerabilities before applications get deployed, explained Anthony Bettini, CEO of FlawCheck and cofounder of the firm. Tenable, he said, has focused on providing security after applications have been put in place. "By marrying the two, we have a good story for the lifecycle of containers," he said.

Deraison cited FlawCheck's speed and ability to scale as factors that made the firm desirable. "We want to be in build pipelines," he said. "It can't take forever."

At the recent PuppetConf 2016 conference, Forrester analyst Robert Stroud noted (on pg 2) that while containers generate a lot of interest among companies, only about 8 per cent of them actually deploy containers for production workloads.

Deraison said that while IT executives may say they're not using containers officially, people further down the corporate ladder often do use them. "It's more widespread than we thought, but it's not mainstream yet," he said.

"What I'm really struck by is how everyone is moving to DevOps," said Deraison, noting that even government agencies, which aren't known for their adoption of recent technology, are doing so.

Though containers and DevOps may not be fully implemented at most companies, Deraison remains undaunted. "It's probably better to be early," he said. ®

Similar topics


Other stories you might like

Biting the hand that feeds IT © 1998–2021