Vanilla containers start slowly, taking up to tens of seconds to warm up, so adequate end-user response time requires containers to be running all the time, even before there is user demand. That wastes cloud instances, money, and carbon.
Vanilla containers typically include the kitchen sink, with artifacts often including enormous amounts of code that aren’t needed to run the container in production. That wastes resources and fattens the attack surface. For example, a Python container pulled from Docker Hub is about 30 times the size as the equivalent kontainer built from the same source code.
Exploits can escape a vanilla container to take control of the underlying OS kernel, then attack other containers or leverage even more exploits to metastasize across the cluster.
Kontainers offer the ultimate in efficiency and scalability — but enterprises turn to us most for our unprecedented security.
The most famous zero-day attack of late is Log4Shell. A bug in a program called Log4j, used in countless numbers of Java applications built over the last two decades, forced every company doing business on the internet to scrutinize their software to determine their vulnerability. The code Log4Shell needs to successfully penetrate your network isn’t present in kontainers — and this is true of many other zero-day exploits.
Don’t wait for the next zero-day to sting you. With kontainers, you lose the fat attack surfaces and reduce the blast radius.