In this article Gilad David Maayan, CEO and Founder of Agile SEO, focuses on how security tools can help improve security for containerized applications.

Guest OpEd by Gilad David Maayan, CEO and Founder of Agile SEO

Kubernetes is an inseparable part of modern DevOps infrastructure. While it is extremely powerful and flexible, it also raises major security concerns – infected container images, insecure communications between containers, lack of visibility, and more.

Security in the container age is a completely different endeavor than securing a traditional network perimeter.

In this article I’ll focus on how security tools can help improve security for containerized applications.

Discover wWhich tools are already used by security operations centers (SOC) which can help secure Kubernetes, and which open source tools can easily be adopted to enhance container security.

(Learn about containerization courtesy of Google Cloud Tech and YouTube.)

Introduction to Kubernetes

Kubernetes is a platform for managing Linux containers in a private, public or hybrid cloud environment. Kubernetes can also be used to manage microservices.

Kubernetes is open source and can be deployed in most cloud systems.

Kubernetes allows IT teams, developers and DevOps engineers to conveniently deploy and operate applications, auto scale applications, automate rollouts and updates, managing a large number of containers across multiple clusters of nodes (physical machines).

(Welcome to the first episode of Kubernetes Essentials from Google Cloud! In this series, we’ll cover anything having to do with Kubernetes. In this first episode, we speak to what Kubernetes is, and how you can use it to resolve issues with monolithic applications. Watch to learn the basics of Kubernetes and how to integrate it into your own developer projects! Courtesy of Google Cloud Tech and YouTube.)

Kubernetes Security Concerns

Security Risks from Images and Image Registries 

Organizations need strong governance policies regarding how images are built and stored in trusted image registries.

You must ensure that container images are built using secure and approved base images that are regularly scanned and ensure that only images from image registries on allow lists are used to launch containers in your Kubernetes environment.

Communication between Containers and Endpoints

To function properly, pods and containers must communicate with each other and with other endpoints, both internal and external.

In the event of a breach, the affected container could allow an attacker to move laterally, depending on the container’s capacity to communicate with other containers or pods. 

It can be practically impossible to segment your network in a distributed container environment, as manually configuring the relevant policies is a complex task.

Insecure Defaults 

Kubernetes supports accelerated deployment of applications and helps simplify operations and management, in line with DevOps principles.

Kubernetes provides an extensive selection of controls that you can use to secure applications and clusters effectively.

For example, the Kubernetes network policies can serve as firewall rules that determine the communication between pods and endpoints. A pod can only communicate with the assets specified in the network policy that applies to it.

However, Kubernetes doesn’t apply network policies to pods by default, so each pod is allowed to communicate with any other pod or endpoint in the Kubernetes environment. 

Managing secrets, such as access keys and credentials, is another challenge.

If you don’t configure your secret management appropriately, you run the risk that sensitive data is treated as environment variables rather than packaged into a read-only volume in a container. 

Compliance Issues

Another challenge of working with a cloud-native environment relates to compliance with internal security policies, regulations, industry standards and best practices.

Companies must maintain compliance and, importantly, be able to prove their compliance.

This involves adapting the organizational security strategy to incorporate Kubernetes environments into the control system, which may have initially been configured for traditional application environments. 

Furthermore, containerized applications are dynamic and distributed in nature. This means that compliance monitoring and audits require full automation to operate successfully at scale.

Using Existing SOC Tools for Container Security

SIEM

Containerization is on the rise, with applications increasingly being developed using container orchestration systems like Kubernetes. However, if you run an application in a cluster, the application is only as secure as the cluster.

To ensure that your production environment is secure, you must maintain visibility. 

Security Information and Event Management (SIEM) systems can facilitate the management of Kubernetes audit logs and help identify important security events while reducing the white noise.

Kubernetes audit events can be used to enhance security by following these steps: 

  • Make sure you are creating approved container images

  • Make sure your API is not exposed to the outside world

  • Monitor both outbound and inbound traffic for clusters and pods

  • Keep track of container log data and visualize it

EDR

Endpoint detection and response (EDR) platforms have become an important part of an organization’s security posture.

You can incorporate EDR capabilities to conduct rapid investigation of endpoint incidents, and get actionable insights on how to remediate security issues.

There are five main functions offered by EDR systems:

  • Proactive monitoring of endpoints and collection of data on suspicious activity

  • Analyzing the collected data to detect patterns that may indicate a threat

  • Responding automatically to any identified threat, to eliminate or contain it

  • Automatically sending notifications of detected threats to the security team 

  • Investigating identified threats that may lead to further suspicious activity using analytics and forensic tools

With EDN, organizations can extend their EPP and EDR solution capabilities to defend the environment better and prevent attackers from moving around. Additionally, organizations can leverage native integrations within the Attivo partner ecosystem to automate incident response for blocking, isolation, and threat hunting.
With EDN, organizations can extend their EPP and EDR solution capabilities to defend the environment better and prevent attackers from moving around. Additionally, organizations can leverage native integrations within the Attivo partner ecosystem to automate incident response for blocking, isolation, and threat hunting. (Courtesy of Attivo Networks, industry experts in preventing identity privilege escalation and detecting lateral movement attacks, and Triple 2020 ‘ASTORS’ Award Winner, recently nominated to compete in the 2021 ‘ASTORS’ Homeland Security Awards Program.)

You can leverage EDR capabilities to detect and protect against the following threats in Kubernetes:

  • Cloud metadata collection for infrastructure simulation

  • Return-oriented programming (ROP), memory corruption and shellcode execution 

  • Loadable kernel modules (LKMs) or payloads

  • Exploitation of access privileges and escalation attacks

  • Shutting down of Linux security systems (e.g. SELinux)

  • Remote shell session exploits

  • Container hit and runs

  • Persistent attacks and backdoors 

Adding to the SOC Toolset: Kubernetes Vulnerability Scanning

Kubernetes vulnerability scanners are simple, open source tools that can dramatically improve visibility over Kubernetes security concerns, and help security and engineering teams remediate them.

The IT security benchmarking organization Open Web Application Security Project (OWASP) provides comprehensive guidelines for best practices to secure your Kubernetes cluster.

These include recommendations for controlling network access to sensitive ports, applying role-based access control (RBAC), using transport layer security and handling features such as Kubelet and the Kubernetes API.

OWASP advises that you use an image scanner to identify known vulnerabilities.

Fortunately, there are many free software packages that you can use to scan for common vulnerabilities and exposures (CVEs) in your Kubernetes pods and clusters. You can test these packages from the command line or use them to produce security vulnerability reports on an ongoing basis.

Scanners can be customized according to benchmarks or processes related to your industry and vendor. You can easily fork open-source tools and tweak them according to your organization’s internal security policies.

Conclusion

In this article I covered several major security concerns affecting Kubernetes architecture: 

  • Images and image registries – container images can contain vulnerabilities, which are present in every container created from the image

  • Communication between containers – containers have many active East-West connections which can be exploited by attackers

  • Insecure defaults – running Kubernetes “out of the box” without hardening configuration exposes your clusters to a variety of threats

  • Compliance issues – it is extremely difficult to apply compliance standards, and generate an audit trail and compliance reports, in containerized environments

In order to deal with these threats, I propose:

    • Using existing SOC tools – primarily SIEM, which can collect security data from across a Kubernetes environment, and EDR, which can help secure Kubernetes nodes.

  • Adding new tools – in particular, Kubernetes vulnerability scanning, which is a simple and effective way to remediate configuration issues and eliminate vulnerable components.

I hope this will be of help as you discover the path to securing your organization’s cloud native IT environments.

About the Author

Gilad David Maayan, CEO and Founder of Agile SEO
Gilad David Maayan

Gilad David Maayan is a technology writer who has worked with over 150 technology companies including SAP, Imperva, Samsung NEXT, NetApp and Ixia, producing technical and thought leadership content that elucidates technical solutions for developers and IT leadership.

Today he heads Agile SEO, a leading marketing agency in the technology industry.

Attivo Networks Returns Compete in Fifth Consecutive ‘ASTORS’ Awards Program

American Security Today’s ‘ASTORS’ Homeland Security Awards program is today in its Sixth Year and continues to recognize the Outstanding Innovations of top firms and agencies in the Homeland Security and Public Safety fields.

The Annual ‘ASTORS’ Awards is the preeminent U.S. Homeland Security Awards Program highlighting the most cutting-edge and forward-thinking security solutions coming onto the market today, to ensure our readers have the information they need to stay ahead of the competition, and keep our Nation safe – one facility, street, and city at a time.

Transportation Security Administration (TSA) Administer, David Pekoske
David Pekoske, Transportation Security Administration (TSA) Administer

American Security Today is pleased to announce TSA Administrator  David Pekoske, will join the organization as a featured speaker at the 2021 ‘ASTORS’ Homeland Security Awards Presentation Luncheon, on November 18, 2021 at ISC East in New York City.

“On the heels of an unprecedented global pandemic, continued unrest in our cities and potentially catastrophic cyberattacks on our nations critical infrastructure, the focus of the 2021 ‘ASTORS’ Awards Luncheon will be on the latest, state-of-the-art innovations that are driving investments in new public security and safety technologies and systems,” said AST Editorial and Managing Director Tammy Waitt.

“As a recognized expert in crisis management, strategic planning, innovation and aviation, surface transportation and maritime security, David Pekoske’s message highlighting his top priorities and challenges for the TSA based on his years of wide-ranging experience will be critical to our attendees internalizing the critical nature of these escalating challenges, and realizing innovative new approaches to meet them.”

In addition to taking Double Platinum Awards in the 2020 ‘ASTORS’ Homeland Security Awards Program for Best Intrusion Detection and Prevention Solution (Attivo Endpoint Detection Net (EDN)), and Best IT Threat Intel Solution (Attivo ThreatDefend Platform with Informer UI), Attivo Networks was also recognized with a coveted 2020 Extraordinary Leadership and Innovation Award.

Attivo Networks

  • 2020 Extraordinary Leadership and Innovation Award

  • Attivo Networks has illustrated the company’s continued innovation in the field of advancing deception technology, developing advanced network security threat detection technology for deployment on premise or as a cloud service, as well as their ongoing development and investment to the ThreatDefend™ Deception & Response Platform.

*Attivo Networks is also a Returning Premier Sponsor of the 2021 ‘ASTORS’ Homeland Security Awards Program, and a Multi-Platinum Award Winner in the 2020, 2019, 2018 and 2017 ‘ASTORS’ Awards Program.

The 2021 ‘ASTORS’ Awards Program is proudly sponsored by AMAROK, along with Returning Premier Sponsors ATI SystemsAttivo NetworksAutomatic Systems, and Reed Exhibitions.

Nominations are currently being accepted for the 2021 ‘ASTORS’ Homeland Security Awards at https://americansecuritytoday.com/ast-awards/.

Comprehensive List of Categories Include:

Access Control/ Identification Personal/Protective Equipment Law Enforcement Counter Terrorism
Perimeter Barrier/ Deterrent System Interagency Interdiction Operation Cloud Computing/Storage Solution
Facial/IRIS Recognition Body Worn Video Product Cyber Security
Video Surveillance/VMS Mobile Technology Anti-Malware
Audio Analytics Disaster Preparedness ID Management
Thermal/Infrared Camera Mass Notification System Fire & Safety
Metal/Weapon Detection Rescue Operations Critical Infrastructure
License Plate Recognition Detection Products And Many Others!
COVID Innovations And Many Others!

 

Don’t see a Direct Hit for your Product, Agency or Organization?

The World Health Organization (WHO) declared the 2019–20 coronavirus outbreak a Public Health Emergency of International Concern (PHEIC) on 30 January 2020 and a pandemic on 11 March 2020. Local transmission of the disease has occurred across all fifty states in the America.

With the unprecedented occurrence of the COVID-19 pandemic, the focus of the safety and security industries has realized the need to increase innovations to address the daily growing challenges.

As such AST aims to make sure these firms and professionals are reflected in the 2021 ‘ASTORS’ Awards Program, so we’d like to encourage you to submit appropriate categories recommendations and include COVID-19 Frontline Professionals in your Nominations to see that these Professionals, Facilities, and Vendors receive the Recognition they Deserve!

Submit your category recommendation for consideration to Michael Madsen, AST Publisher at: mmadsen@americansecuritytoday.com.

Register for the 2021 ‘ASTORS’ Luncheon Today

2019 'ASTORS' Awards Program Banquet Luncheon
2019 ‘ASTORS’ Awards Program Banquet Luncheon

At ISC East 2021 you with the opportunity to interact with a broad array of security industry professionals.

ISC East works closely with other businesses in the security and public safety space to help bring together the Northeast’s largest security trade show each year.

In collaboration with premier sponsor SIA (Security Industry Association) and in partnership with ASIS NYC, ISC East is proud to work with and be supported by various associations, trade publications, charities, and more.

Therefore, the ISC audience of security dealers, installers, integrators, consultants, corporate, government and law enforcement/first responder practitioners will be joined by the ASIS NYC audience of major corporate managerial-through-director-level national and global security executives.

The combination of one-on-one conversations with the industry’s top innovators,  integrators and security executives, special events, high-quality education and training, and strong support from industry associations, will allow attendees to learn and evaluate solutions from leading security exhibitors and brands. 

The 2019 ‘ASTORS’ Awards Program surpassed expectations with a record number of nominations received from industry leaders and government agencies, and drew over 200 attendees to the ‘ASTORS’ Awards Presentation Banquet – an exclusive gourmet luncheon and networking opportunity which filled to capacity, before having to turn away late registrants.

Your ‘ASTORS’ Awards Luncheon registration includes complimentary attendee access to ISC East – Thank take advantage of this exclusive luncheon opportunity to take a break from the show – Invite your team, guests, clients and show visitors to a lovely and affordable plated meal event in the heart of New York City, for  a fabulous networking opportunity!

Go to https://americansecuritytoday.com/product/awards-luncheon/ to secure your seat or reserve a table.

***Limited space available so Register Today. There will be no on-site registrations.

Why American Security Today?

The traditional security marketplace has long been covered by a host of publications putting forward the old school basics to what is Today – a fast changing security landscape.

The traditional security marketplace has long been covered by a host of publications putting forward the old school basics to what is Today – a fast changing security landscape.

American Security Today is uniquely focused on the broader Homeland Security & Public Safety marketplace with over 75,000 readers at the Federal, State and local levels of government as well as firms allied to government.

American Security Today brings forward a fresh compelling look and read with our customized digital publications that hold readers eyes throughout the story with cutting edge editorial that provides solutions to their challenges.

Harness the Power of the Web – with our 100% Mobile Friendly Publications

AST puts forward the Largest and Most Qualified Circulation in Government with Over 75,000 readers on the Federal, State and Local levels.
AST puts forward the Largest and Most Qualified Circulation in Government with Over 75,000 readers on the Federal, State and Local levels.

The AST Digital Publications is distributed to over 75,000 qualified government and homeland security professionals in federal, state and local levels.

‘PROTECTING OUR NATION, ONE CITY AT A TIME’

AST Reaches both Private & Public Experts, essential to meeting these new challenges.

Today’s new generation of public safety and security experts need real-time knowledge to deal with domestic and international terrorism, lone wolf attacks, unprecedented urban violence, shifts in society, culture and media bias – making it increasingly difficult for Homeland Security, Law Enforcement, First Responders, Military and Private Security Professionals to implement coordinated security measures to ensure national security and improve public safety.

American Security Today

These experts are from Government at the federal, state and local level as well as from private firms allied to government.

AST provides a full plate of topics in our AST Monthly Magazine Editions, AST Website and AST Daily News Alerts, covering 23 Vital Sectors such as Access Control, Perimeter Protection, Video Surveillance/Analytics, Airport Security, Border Security, CBRNE Detection, Border Security, Ports, Cybersecurity, Networking Security, Encryption, Law Enforcement, First Responders, Campus Security, Security Services, Corporate Facilities, and Emergency Response among others.

AST has Expanded readership into integral Critical Infrastructure audiences such as Protection of Nuclear Facilities, Water Plants & Dams, Bridges & Tunnels, and other potential targets of terrorism.

Other areas of concern include Transportation Hubs, Public Assemblies, Government Facilities, Sporting & Concert Stadiums, our Nation’s Schools & Universities, and Commercial Business Destinations – all enticing targets due to the large number of persons and resources clustered together.

To learn more about the 2020 ‘ASTORS’ Homeland Security Award Winners solutions, Check Out the New 2020 ‘ASTORS’ CHAMPIONS Edition Fully Interactive Magazine – the Best Products of 2020 ‘A Year in Review’.

The Annual CHAMPIONS edition includes a review of the ‘ASTORS’ Award Winning products and programs, highlighting key details on many of the winning firms products and services, includes video interviews and more.

It is your Go-To source throughout the year for ‘The Best of 2020 Products and Services‘ endorsed by American Security Today, and can satisfy your agency’s and organization’s most pressing Homeland Security and Public Safety needs.

From Physical Security (Access Control, Critical Infrastructure, Perimeter Protection and Video Surveillance Cameras and Video Management Systems), to IT Security (Cybersecurity, Encryption, Data Storage, Anti-Malware and Networking Security – Just to name a few), the 2020 ‘ASTORS’ CHAMPIONS EDITION has what you need to Detect, Delay, Respond to, and Mitigate today’s real-time threats in our constantly evolving security landscape.

It also includes featured guest editorial pieces from some of the security industry’s most respected leaders, and recognized firms in the 2020 ‘ASTORS’ Awards Program.

  • For a complete list of 2020 ‘ASTORS’ Award Winners, click here.

For more information on All Things American Security Today, and the 2021 ‘ASTORS’ Awards Program, please contact Michael Madsen, AST Publisher at mmadsen@americansecuritytoday.com.

AST strives to meet a 3 STAR trustworthiness rating, based on the following criteria:

  • Provides named sources
  • Reported by more than one notable outlet
  • Includes supporting video, direct statements, or photos

Subscribe to the AST Daily News Alert Here.

RELATED ARTICLESMORE FROM AUTHOR