A team made of former Cisco and Nuage Networks veterans has developed an open source project it released this week named Trireme that takes an application-centric approach to securing code written in containers.
+MORE AT NETWORK WORLD: Peek inside Microsoft Azure's open source rack and server designs +
Trireme was developed by a startup named Aporeto, whose co-founders include the former co-founder and CTO of software-defined networking company Nuage Networks Dimitri Stiliadis; former distinguished engineer at Cisco’s Insieme Business Unit Satyam Sinha; and Amir Sharif, who previously worked at VMware. The first launch of the company is the free release of its Trireme open source code.
Trireme is deigned to work with Docker containers and integrates with Kubernetes, the open source container orchestration platform. Reuven Cohen, who was formerly at Citrix and now runs development at Aporeto, says the goal of Trireme was to develop an agile security platform that doesn't come with the complexities of managing network-based security mechanisms. “Aporeto Trireme attaches security to the application by authentication and authorization,” the project’s web site explains. “This method is simple, scalable, and network-agnostic.” By assigning tags to various application components that are monitored, Trireme can enforce application segmentation and security policies as the application scales up or down or as containers that encompass the app are created or destroyed. This cannot be done as elegantly with a centralized controller approach, which Cohen argues creates inherent limitations as it scales. Read more about Trireme's architecture here.
Aporeto, the company hoping to commercialize Trireme, was founded in December 2015 and has raised $3.5 million in seed funding. It's one of many startups and open source projects aimed at securing containers. Others include the startups Twistlock and the open source project Docker Bench.