Edera
announced the availability of Am
I Isolated, an open source container security benchmark that probes users
runtime environments and tests for container isolation.
The
Rust-based container runtime scanner runs as a container and detects gaps in
users' container runtime isolation. It also provides guidance to improve users'
runtime environments to offer stronger isolation guarantees.
"The
threat of container escapes is resulting in millions in lost revenue for
enterprises. Companies are either spending unnecessary dollars running separate
Kubernetes environments for untrusted containers or they're using too many
expensive and antiquated tools that don't solve anything," said Emily Long,
co-founder and CEO at Edera. "It's time to change the way containers are run
and secured and that means solving for escapes. Visibility into your level of
vulnerability is the first step. We're excited to bring this tool to our
customers and the community at large."
Containers
are just processes on a host, so isolation is critical to workload and
multi-tenancy security because it limits the blast radius of container escapes
and security incidents. Am I Isolated also probes for ambient privileges
and common misconfigurations made by DevOps teams and platform engineers when
setting up their containerized applications or container runtime environments.
It provides ongoing testing against container escape techniques.
While
Kubernetes turned 10 years-old earlier this year, running secure multi-tenancy
workloads remains an unsolved problem that's costing companies millions of
dollars. Edera introduces a diverse set of technologies with a diverse team of
experts to solve what has been the decade's defining enterprise security
challenge.
Edera
uses a type 1 hypervisor to offer isolation at the container level for the
first time, enabling companies to realize the original promise of Kubernetes
and to move quickly to run GPUs for emerging AI workloads. Instead of running
containers in Linux namespaces, Edera's platform treats a container like a
virtual machine guest. There is no shared kernel state between containers, and a memory-safe Rust
control plane further secures workloads. Edera can be used anywhere users run their containers (public cloud,
private cloud and on-premise) and doesn't require virtualization extensions or
custom infrastructure. It's simple, delivers peace of mind and saves companies
millions in cloud costs.
Am I Isolated is free and open source and can be downloaded on
Edera's GitHub.