Trend Micro Cloud One – Container Security

Trend Micro Cloud One – Container Security manages securing containerized applications throughout their entire lifecycle, from build to runtime. This solution integrates into CI/CD pipelines, enabling automated scanning of container images and registries for vulnerabilities, malware, secrets, and compliance violations. The Trend Micro Artifact Scanner (TMAS) performs these scans, leveraging industry-leading rules and databases like Snyk’s open-source vulnerability database to detect threats early in the development cycle.

The technical architecture relies on policy-based admission control, which ensures that only compliant container images are deployed in Kubernetes environments. This is achieved through native integration with Kubernetes, where admission control webhooks check images against defined security policies before allowing deployment. Continuous compliance monitoring post-deployment ensures that running containers adhere to the defined policies, with regular scans for new vulnerabilities and enforcement of updated policies.

At runtime, Container Security provides visibility into container activity, detecting violations of customizable rules, including those aligned with the MITRE ATT&CK framework. This includes container drift detection and the ability to mitigate issues by terminating or isolating non-compliant pods. Additional protection modules such as real-time anti-malware scanning, firewall rules, and intrusion prevention can be applied to container network traffic, further enhancing security.

Operational considerations include the need for a Workload license to enable container protection and the potential for network policy adjustments, especially in environments like Red Hat OpenShift or AWS EKS Fargate. The solution is optimized for DevOps workflows, minimizing disruption to development schedules with non-intrusive security measures and comprehensive API support for automation.