How Visa built its own container security solution
Like many large enterprises, financial services giant Visa has embraced containerization technologies that enable companies to move from legacy monolithic apps to microservice-based application architectures that are easier to maintain, update and deploy at scale on cloud infrastructure. But splitting apps into microservices also comes with the challenge of ensuring the containers hosting the various parts are properly monitored and protected from attacks.
Instead of deploying a combination of commercial solutions and spending resources on getting them to work for its environment, Visa’s security team went back to basics and created its own continuous monitoring solution that handles security policy enforcement, incident detection and remediation, a project that earned the company a CSO50 Award for security excellence. Called MASHUP (Micro-services based Adaptive Security Hardening and Usage Platform), the solution takes advantage of the native capabilities that already exist on container orchestration platforms such as cgroups, filesystem access controls, and SELinux policies, and it is primarily built on top of open-source tools and libraries.