Can I use Deep Security to protect my Docker containers?

Deep Security controls work at the host system level and this means that it has to be installed on the Docker host system. Deep Security can provide intrusion prevention, integrity monitoring, and log inspection protection for your Docker hosts but currently anti-malware and firewall protection are not supported.

Although Deep Security intrusion prevention controls work at the host level, it can protect container traffic on the exposed container port numbers. You need to keep in mind that since Docker allows multiple applications to run on the same Docker host, a single intrusion prevention policy will be applied to all Docker applications.

Docker manages iptables rules as part of its normal operation. When the intrusion prevention or firewall modules are enabled Deep Security normally removes iptables rules, which would break Docker container networking capabilities. To avoid this conflict, before you install the Deep Security Agent on your Docker host you have prevent the Deep Security Agent installation process from disabling iptables by creating an empty file with the following path on the Docker host: /etc/use_dsa_with_iptables