With the growing adoption of containerized workloads in cloud and on-premises environments, securing these dynamic entities presents significant challenges. Containerized environments are particularly vulnerable due to their transient nature, which makes it difficult to monitor activities, detect threats, and preserve forensic evidence. Additionally, the traditional methods of incident response and recovery struggle to keep pace with the fast-evolving container lifecycle, further exacerbating security concerns. Existing security tools and frameworks, while useful, are not optimized for the unique requirements of containerized environments. Traditional methods of incident detection, forensic data collection, and recovery often fall short in handling the scale and complexity of containers. This leaves organizations exposed to potential security breaches, prolonged downtime, and regulatory non-compliance. To address these challenges, this study proposes a comprehensive framework for Incident Response, Digital Forensics, and Incident Recovery in containerized workloads, grounded in the NIST Cybersecurity Framework (CSF). The solution integrates real-time monitoring tools like Falco for runtime detection and Wazuh for host security, along with automated recovery mechanisms using ArgoCD and Terraform for seamless service restoration. The framework also supports efficient evidence collection, enhancing post-incident forensic analysis. This study introduces a streamlined recovery process using automated deployment tools, ensuring rapid response and minimal operational disruption. Performance evaluations demonstrate that the proposed framework significantly improves both detection and recovery times, reducing the overall impact of security incidents in containerized environments.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Cyber Resilience for Containerized Workloads: A NIST-Based Approach to Incident Management and Recovery

  • Saritha Nagaraju,
  • Nishanth Kumar Pathi,
  • Rashmi Agarwal

摘要

With the growing adoption of containerized workloads in cloud and on-premises environments, securing these dynamic entities presents significant challenges. Containerized environments are particularly vulnerable due to their transient nature, which makes it difficult to monitor activities, detect threats, and preserve forensic evidence. Additionally, the traditional methods of incident response and recovery struggle to keep pace with the fast-evolving container lifecycle, further exacerbating security concerns. Existing security tools and frameworks, while useful, are not optimized for the unique requirements of containerized environments. Traditional methods of incident detection, forensic data collection, and recovery often fall short in handling the scale and complexity of containers. This leaves organizations exposed to potential security breaches, prolonged downtime, and regulatory non-compliance. To address these challenges, this study proposes a comprehensive framework for Incident Response, Digital Forensics, and Incident Recovery in containerized workloads, grounded in the NIST Cybersecurity Framework (CSF). The solution integrates real-time monitoring tools like Falco for runtime detection and Wazuh for host security, along with automated recovery mechanisms using ArgoCD and Terraform for seamless service restoration. The framework also supports efficient evidence collection, enhancing post-incident forensic analysis. This study introduces a streamlined recovery process using automated deployment tools, ensuring rapid response and minimal operational disruption. Performance evaluations demonstrate that the proposed framework significantly improves both detection and recovery times, reducing the overall impact of security incidents in containerized environments.