Views:
The benefits of a Docker deployment are real, but so is the concern about the significant attack surface of the Docker host's operating system (OS) itself. Like any well-designed software deployment, OS hardening and the use of best practices for your deployment, such as the Center for Internet Security (CIS) Docker Benchmark, provide a solid foundation as a starting point. Once you have a secure foundation in place, adding Server & Workload Protection to your deployment gives you access to Trend Micro’s extensive experience protecting physical, virtual, and cloud workloads as well as to real-time threat information from the Trend Micro Smart Protection Network. Server & Workload Protection both protects your deployment as well as helps meet and maintain continuous compliance requirements. See Docker support for information on supported Docker editions and releases.
Server & Workload Protection protects your Docker hosts and containers running on Linux distributions. Server & Workload Protection can do the following:
Note
Note
Server & Workload Protection Docker protection works at the OS level. This means that the agent must be installed on the Docker host's OS, not inside a container.
Note
Note
Communication between containers in the pod is not supported.
Server & Workload Protection supports Docker in swarm mode while using an overlay network.

Server & Workload Protection protection for the Docker host

The following Server & Workload Protection modules can be used to protect the Docker host:
  • Intrusion Prevention (IPS)
  • Anti-Malware
  • Integrity Monitoring
  • Log Inspection
  • Application Control
  • Firewall
  • Web Reputation

Server & Workload Protection protection for Docker containers

The following Server & Workload Protection modules can be used to protect Docker containers:
  • Intrusion Prevention
  • Anti-Malware

Limitation on Intrusion Prevention recommendation scans

Although Server & Workload Protection Intrusion Prevention controls work at the host level, it also protects container traffic on the exposed container port numbers. Since Docker allows multiple applications to run on the same Docker host, a single Intrusion Prevention policy is applied to all Docker applications. This means that recommendation scans should not be relied upon for Docker deployments.