Cloud security teams can now see and stop the exploitation of Kubernetes misconfigurations between scanning intervals
— CTO & Head of Security Research at Invicti
SAN FRANCISCO, CA, UNITED STATES, April 19, 2023/EINPresswire.com/ — Kubernetes Security Operations Center (KSOC) has launched the industry’s first and only real-time KSPM platform with security capabilities that take into account the critical context of the Kubernetes lifecycle. This improves accuracy for cloud security teams struggling to operationalize security in dynamic Kubernetes environments. With real-time context in the KSOC platform, current and historical information pinpoints short-lived attacker activity, while also providing actionable remediation guidance true to the current state of a cluster.
Co-founder and CTO Jimmy Mesta says, “Anybody who operates Kubernetes knows how ephemeral workloads are; they come and they go in the space of 5 minutes. There is no way to secure Kubernetes without taking this into account, and yet that is what the industry has been trying to force-feed platform teams and cloud security teams. It hasn’t worked; nobody is using those solutions. KSOC is here to change all that and give teams a solution so they can finally operationalize security at the speed of Kubernetes.”
Cloud security teams have been struggling with KSPM tools operating on polling intervals that, by definition, point to findings that may or may not be relevant depending on whether the associated workloads are still running. That reality has made it impossible for teams to follow up on remediation guidance or understand their true posture. The polling intervals of these tools can range from hours to days, while compromising and exfiltrating data via a vulnerable Kubernetes misconfiguration or an over-permissioned RBAC policy can take place in seconds.
For cloud security teams trying to secure Kubernetes, dismissing the Kubernetes lifecycle is a great risk. This lifecycle consists of Kubernetes workloads spinning up and down quickly. Containers live for less than 5 minutes and there is evidence that orchestrators can increase churn by up to five times. In aggregate, an average day for a Kubernetes cluster can involve tens of thousands of short-lived pod and container deployments.
The CTO & Head of Security Research at Invicti, Frank Catucci, says,
“KSOC allows for a birds eye view perspective of the security posture of what is running in a cluster. Scanning running workloads instead of everything contained in the image registry allows teams to focus and have visibility into the security practices of 3rd party components trusted to run in the cluster. Continuous real-time security allows for prompt feedback and action.”
With this release, KSOC is seeking to help cloud security teams finally operationalize security for their Kubernetes estate so they can control one of the largest attack vectors and limit the blast radius of any incident. Kubernetes is the main deployment mechanism today for most DevOps processes and cloud native applications, with 96% of developers claiming to use it for app deployment.
Key features in KSOC’s real-time KSPM platform include:
Real-time posture management: event-based misconfigurations that update as fast as your Kubernetes environment changes
-Alert lifecycle management
-Results sorted by misconfiguration or resource
Real-time RBAC: aggregate and easily find over-permissions in Kubernetes RBAC
-Aggregated permissions with easy visualization
-Query by roles, subjects or resources
-Real-time, least privilege recommendations
Admission Control: proactively reduce your potential blast radius by preventing deployment of non-compliant workloads
-Policy enforcement from within the cluster
-Optional dry run mode
Container vulnerabilities: scan for vulnerabilities and generate SBOMs for running containers
-SBOM generation and image scanning in production
-Kubernetes native operations: seamlessly integrate into the platform team’s workflow
-Install via an effortless cluster plugin
KSOC is a cloud native security company that helps development and cloud security teams ship applications faster and innovate by safely harnessing the power of Kubernetes. KSOC is the first and only vendor to use the Kubernetes lifecycle to surface the true risk of clusters at any point in time, plugging into the Kubernetes API event stream to surface, remediate and prevent the most significant security issues.