Home > Big Data and Hadoop > Container Security using Artificial Intelligence & Machine Learning (AI/ML)

Container Security using Artificial Intelligence & Machine Learning (AI/ML)


The mayfly is an insect found in the Midwestern USA and Canada.  The existence of this  mayfly is ephemeral, its adult life is no more than 24 hours!  What does this have to do with containers?  Just like the mayfly a container is light-weight and has a lifespan that ranges between a few minutes and a few hours.  For instance, Netflix the online media-services provider runs over 1000 microservices in containers and most of these containers have a lifespan of 24 hours.


Why should you care about container security?  Tesla the auto-maker was in the news recently when hackers took over an unsecured Kubernetes console to run scripts to mine digital coins at Tesla’s expense.  This put at risk Tesla telemetry, mapping, and vehicle servicing data not to mention attracting unwanted bad publicity.

The short lives of containers means that it is not feasible for a DevOps or SecOps team to create a manual profile for a container.  So how should they secure containers? AI/ML based algorithms may provide a solution.   AI/ML algorithms have to be trained using large amounts of data on how the container’s behavior changes when the application environment changes.  Vendors like Sysdig will tell you that the way to train the algorithm is by using their hosted SaaS offering Sysdig Secure.  Sysdig Secure will provide DevOps with a snapshot of the container’s behavior and the DevOps or SecOps team can then create a run-time security policy for this container.  To enable this Sysdig provides a rule builder dubbed “Falco Rule Builder”.

Is Sysdig unique in using ML?  No, other competitors likeTwistLock also use ML to combine knowledge of the image and how it is deployed to understand what they term an “application’s DNA”.  This allows them to automatically build rules to compare this DNA against what a container is actually doing.

In conclusion, container security is getting so data intensive, that using AI/ML is the only logical choice.  Stay tuned for more container specific blogs.



Categories: Big Data and Hadoop
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: