Cloud security management challenges customers. That is according to Gartner, claiming that most cloud security failures are the end-users’ fault, not the providers. Considering the volatile landscape of cloud-native applications, even the smallest mistakes can lead to serious cybersecurity breaches and data leaks.
Since more workloads move to the cloud, securing those cloud environments will get more complex. With that in mind, Gartner came up with several essential tools for the evolving market of cloud security and assessment solutions. In this article, we will focus on the two more dominant ones:
You’re managing a complicated app on Kubernetes and want to see which microservices communicate with one another. Here are four different approaches you can take:
Working with Kubernetes namespaces enables you to manage users spread across multiple teams and projects. Namespaces are essentially virtual clusters backed by the same physical single cluster. As Kubernetes clusters help in managing workloads and deployed objects, these numbers increase and can become unmanageable over time.
Kubernetes use is rising rapidly: 58% more respondents than last year - 78% of this years’ respondents - reported in the 2019 CNCF (Cloud Native Computing Foundation) survey that they use Kubernetes today. With numbers like those, it looks like everyone is headed towards the cloud.
Last month, the Microsoft Azure Security Center published a fully detailed Threat Matrix for Kubernetes. This article identifies attack vectors unique to a Kubernetes environment. This important contribution is derived from the more generalized MITRE ATT&CK® framework that offers a complex matrix of common attack vectors.
Process whitelisting is a simple concept. In the K8s context, the basic idea is to create a list for each pod of all the processes that the pod is expected to run. Every time a process runs in your cluster you check if it is in the list. If an attacker manages to gain access to your cluster and starts running a malicious process then you can identify it immediately because a new non-whitelisted process is running. It doesn’t matter whether that process is a known bitcoin miner, a custom RAT (Remote Access Tool), or even a legitimate process like ssh. If the new process isn’t in the whitelist and isn’t part of the pod’s regular behaviour then it should be flagged immediately.
