Guest OpEd by Gilad David Maayan, CEO and Founder of Agile SEO
Kubernetes is an inseparable part of modern DevOps infrastructure. While it is extremely powerful and flexible, it also raises major security concerns – infected container images, insecure communications between containers, lack of visibility, and more.
Security in the container age is a completely different endeavor than securing a traditional network perimeter.
In this article I’ll focus on how security tools can help improve security for containerized applications.
Discover wWhich tools are already used by security operations centers (SOC) which can help secure Kubernetes, and which open source tools can easily be adopted to enhance container security.
(Learn about containerization courtesy of Google Cloud Tech and YouTube.)
Introduction to Kubernetes
Kubernetes is a platform for managing Linux containers in a private, public or hybrid cloud environment. Kubernetes can also be used to manage microservices.
Kubernetes is open source and can be deployed in most cloud systems.
Kubernetes allows IT teams, developers and DevOps engineers to conveniently deploy and operate applications, auto scale applications, automate rollouts and updates, managing a large number of containers across multiple clusters of nodes (physical machines).
(Welcome to the first episode of Kubernetes Essentials from Google Cloud! In this series, we’ll cover anything having to do with Kubernetes. In this first episode, we speak to what Kubernetes is, and how you can use it to resolve issues with monolithic applications. Watch to learn the basics of Kubernetes and how to integrate it into your own developer projects! Courtesy of Google Cloud Tech and YouTube.)
Kubernetes Security Concerns
Security Risks from Images and Image Registries
Organizations need strong governance policies regarding how images are built and stored in trusted image registries.
You must ensure that container images are built using secure and approved base images that are regularly scanned and ensure that only images from image registries on allow lists are used to launch containers in your Kubernetes environment.
Communication between Containers and Endpoints
To function properly, pods and containers must communicate with each other and with other endpoints, both internal and external.
In the event of a breach, the affected container could allow an attacker to move laterally, depending on the container’s capacity to communicate with other containers or pods.
It can be practically impossible to segment your network in a distributed container environment, as manually configuring the relevant policies is a complex task.
Kubernetes supports accelerated deployment of applications and helps simplify operations and management, in line with DevOps principles.
Kubernetes provides an extensive selection of controls that you can use to secure applications and clusters effectively.
For example, the Kubernetes network policies can serve as firewall rules that determine the communication between pods and endpoints. A pod can only communicate with the assets specified in the network policy that applies to it.
However, Kubernetes doesn’t apply network policies to pods by default, so each pod is allowed to communicate with any other pod or endpoint in the Kubernetes environment.
Managing secrets, such as access keys and credentials, is another challenge.
If you don’t configure your secret management appropriately, you run the risk that sensitive data is treated as environment variables rather than packaged into a read-only volume in a container.
Another challenge of working with a cloud-native environment relates to compliance with internal security policies, regulations, industry standards and best practices.
Companies must maintain compliance and, importantly, be able to prove their compliance.
This involves adapting the organizational security strategy to incorporate Kubernetes environments into the control system, which may have initially been configured for traditional application environments.
Furthermore, containerized applications are dynamic and distributed in nature. This means that compliance monitoring and audits require full automation to operate successfully at scale.
Using Existing SOC Tools for Container Security
Containerization is on the rise, with applications increasingly being developed using container orchestration systems like Kubernetes. However, if you run an application in a cluster, the application is only as secure as the cluster.
To ensure that your production environment is secure, you must maintain visibility.
Security Information and Event Management (SIEM) systems can facilitate the management of Kubernetes audit logs and help identify important security events while reducing the white noise.
Kubernetes audit events can be used to enhance security by following these steps:
Make sure you are creating approved container images
Make sure your API is not exposed to the outside world
Monitor both outbound and inbound traffic for clusters and pods
Keep track of container log data and visualize it
Endpoint detection and response (EDR) platforms have become an important part of an organization’s security posture.
You can incorporate EDR capabilities to conduct rapid investigation of endpoint incidents, and get actionable insights on how to remediate security issues.
There are five main functions offered by EDR systems:
Proactive monitoring of endpoints and collection of data on suspicious activity
Analyzing the collected data to detect patterns that may indicate a threat
Responding automatically to any identified threat, to eliminate or contain it
Automatically sending notifications of detected threats to the security team
Investigating identified threats that may lead to further suspicious activity using analytics and forensic tools
You can leverage EDR capabilities to detect and protect against the following threats in Kubernetes:
Cloud metadata collection for infrastructure simulation
Return-oriented programming (ROP), memory corruption and shellcode execution
Loadable kernel modules (LKMs) or payloads
Exploitation of access privileges and escalation attacks
Shutting down of Linux security systems (e.g. SELinux)
Remote shell session exploits
Container hit and runs
Persistent attacks and backdoors
Adding to the SOC Toolset: Kubernetes Vulnerability Scanning
Kubernetes vulnerability scanners are simple, open source tools that can dramatically improve visibility over Kubernetes security concerns, and help security and engineering teams remediate them.
The IT security benchmarking organization Open Web Application Security Project (OWASP) provides comprehensive guidelines for best practices to secure your Kubernetes cluster.
These include recommendations for controlling network access to sensitive ports, applying role-based access control (RBAC), using transport layer security and handling features such as Kubelet and the Kubernetes API.
OWASP advises that you use an image scanner to identify known vulnerabilities.
Fortunately, there are many free software packages that you can use to scan for common vulnerabilities and exposures (CVEs) in your Kubernetes pods and clusters. You can test these packages from the command line or use them to produce security vulnerability reports on an ongoing basis.
Scanners can be customized according to benchmarks or processes related to your industry and vendor. You can easily fork open-source tools and tweak them according to your organization’s internal security policies.
In this article I covered several major security concerns affecting Kubernetes architecture:
Images and image registries – container images can contain vulnerabilities, which are present in every container created from the image
Communication between containers – containers have many active East-West connections which can be exploited by attackers
Insecure defaults – running Kubernetes “out of the box” without hardening configuration exposes your clusters to a variety of threats
Compliance issues – it is extremely difficult to apply compliance standards, and generate an audit trail and compliance reports, in containerized environments
In order to deal with these threats, I propose:
Using existing SOC tools – primarily SIEM, which can collect security data from across a Kubernetes environment, and EDR, which can help secure Kubernetes nodes.
Adding new tools – in particular, Kubernetes vulnerability scanning, which is a simple and effective way to remediate configuration issues and eliminate vulnerable components.
I hope this will be of help as you discover the path to securing your organization’s cloud native IT environments.
About the Author
Gilad David Maayan is a technology writer who has worked with over 150 technology companies including SAP, Imperva, Samsung NEXT, NetApp and Ixia, producing technical and thought leadership content that elucidates technical solutions for developers and IT leadership.
Today he heads Agile SEO, a leading marketing agency in the technology industry.
Attivo Networks Returns Compete in Fifth Consecutive ‘ASTORS’ Awards Program
American Security Today’s ‘ASTORS’ Homeland Security Awards program is today in its Sixth Year and continues to recognize the Outstanding Innovations of top firms and agencies in the Homeland Security and Public Safety fields.
The Annual ‘ASTORS’ Awards is the preeminent U.S. Homeland Security Awards Program highlighting the most cutting-edge and forward-thinking security solutions coming onto the market today, to ensure our readers have the information they need to stay ahead of the competition, and keep our Nation safe – one facility, street, and city at a time.
American Security Today is pleased to announce TSA Administrator David Pekoske, will join the organization as a featured speaker at the 2021 ‘ASTORS’ Homeland Security Awards Presentation Luncheon, on November 18, 2021 at ISC East in New York City.
“On the heels of an unprecedented global pandemic, continued unrest in our cities and potentially catastrophic cyberattacks on our nations critical infrastructure, the focus of the 2021 ‘ASTORS’ Awards Luncheon will be on the latest, state-of-the-art innovations that are driving investments in new public security and safety technologies and systems,” said AST Editorial and Managing Director Tammy Waitt.
“As a recognized expert in crisis management, strategic planning, innovation and aviation, surface transportation and maritime security, David Pekoske’s message highlighting his top priorities and challenges for the TSA based on his years of wide-ranging experience will be critical to our attendees internalizing the critical nature of these escalating challenges, and realizing innovative new approaches to meet them.”
In addition to taking Double Platinum Awards in the 2020 ‘ASTORS’ Homeland Security Awards Program for Best Intrusion Detection and Prevention Solution (Attivo Endpoint Detection Net (EDN)), and Best IT Threat Intel Solution (Attivo ThreatDefend Platform with Informer UI), Attivo Networks was also recognized with a coveted 2020 Extraordinary Leadership and Innovation Award.
2020 Extraordinary Leadership and Innovation Award
Attivo Networks has illustrated the company’s continued innovation in the field of advancing deception technology, developing advanced network security threat detection technology for deployment on premise or as a cloud service, as well as their ongoing development and investment to the ThreatDefend™ Deception & Response Platform.
*Attivo Networks is also a Returning Premier Sponsor of the 2021 ‘ASTORS’ Homeland Security Awards Program, and a Multi-Platinum Award Winner in the 2020, 2019, 2018 and 2017 ‘ASTORS’ Awards Program.
The 2021 ‘ASTORS’ Awards Program is proudly sponsored by AMAROK, along with Returning Premier Sponsors ATI Systems, Attivo Networks, Automatic Systems, and Reed Exhibitions.
Nominations are currently being accepted for the 2021 ‘ASTORS’ Homeland Security Awards at https://americansecuritytoday.com/ast-awards/.
|Access Control/ Identification||Personal/Protective Equipment||Law Enforcement Counter Terrorism|
|Perimeter Barrier/ Deterrent System||Interagency Interdiction Operation||Cloud Computing/Storage Solution|
|Facial/IRIS Recognition||Body Worn Video Product||Cyber Security|
|Video Surveillance/VMS||Mobile Technology||Anti-Malware|
|Audio Analytics||Disaster Preparedness||ID Management|
|Thermal/Infrared Camera||Mass Notification System||Fire & Safety|
|Metal/Weapon Detection||Rescue Operations||Critical Infrastructure|
|License Plate Recognition||Detection Products||And Many Others!|
|COVID Innovations||And Many Others!|
Don’t see a Direct Hit for your Product, Agency or Organization?
With the unprecedented occurrence of the COVID-19 pandemic, the focus of the safety and security industries has realized the need to increase innovations to address the daily growing challenges.
As such AST aims to make sure these firms and professionals are reflected in the 2021 ‘ASTORS’ Awards Program, so we’d like to encourage you to submit appropriate categories recommendations and include COVID-19 Frontline Professionals in your Nominations to see that these Professionals, Facilities, and Vendors receive the Recognition they Deserve!
Submit your category recommendation for consideration to Michael Madsen, AST Publisher at: email@example.com.
Register for the 2021 ‘ASTORS’ Luncheon Today
At ISC East 2021 you with the opportunity to interact with a broad array of security industry professionals.
ISC East works closely with other businesses in the security and public safety space to help bring together the Northeast’s largest security trade show each year.
In collaboration with premier sponsor SIA (Security Industry Association) and in partnership with ASIS NYC, ISC East is proud to work with and be supported by various associations, trade publications, charities, and more.
Therefore, the ISC audience of security dealers, installers, integrators, consultants, corporate, government and law enforcement/first responder practitioners will be joined by the ASIS NYC audience of major corporate managerial-through-director-level national and global security executives.
The combination of one-on-one conversations with the industry’s top innovators, integrators and security executives, special events, high-quality education and training, and strong support from industry associations, will allow attendees to learn and evaluate solutions from leading security exhibitors and brands.
Your ‘ASTORS’ Awards Luncheon registration includes complimentary attendee access to ISC East – Thank take advantage of this exclusive luncheon opportunity to take a break from the show – Invite your team, guests, clients and show visitors to a lovely and affordable plated meal event in the heart of New York City, for a fabulous networking opportunity!
Go to https://americansecuritytoday.com/product/awards-luncheon/ to secure your seat or reserve a table.
***Limited space available so Register Today. There will be no on-site registrations.
Why American Security Today?
The traditional security marketplace has long been covered by a host of publications putting forward the old school basics to what is Today – a fast changing security landscape.
The traditional security marketplace has long been covered by a host of publications putting forward the old school basics to what is Today – a fast changing security landscape.
American Security Today is uniquely focused on the broader Homeland Security & Public Safety marketplace with over 75,000 readers at the Federal, State and local levels of government as well as firms allied to government.
American Security Today brings forward a fresh compelling look and read with our customized digital publications that hold readers eyes throughout the story with cutting edge editorial that provides solutions to their challenges.
Harness the Power of the Web – with our 100% Mobile Friendly Publications
The AST Digital Publications is distributed to over 75,000 qualified government and homeland security professionals in federal, state and local levels.
‘PROTECTING OUR NATION, ONE CITY AT A TIME’
AST Reaches both Private & Public Experts, essential to meeting these new challenges.
Today’s new generation of public safety and security experts need real-time knowledge to deal with domestic and international terrorism, lone wolf attacks, unprecedented urban violence, shifts in society, culture and media bias – making it increasingly difficult for Homeland Security, Law Enforcement, First Responders, Military and Private Security Professionals to implement coordinated security measures to ensure national security and improve public safety.
These experts are from Government at the federal, state and local level as well as from private firms allied to government.
AST provides a full plate of topics in our AST Monthly Magazine Editions, AST Website and AST Daily News Alerts, covering 23 Vital Sectors such as Access Control, Perimeter Protection, Video Surveillance/Analytics, Airport Security, Border Security, CBRNE Detection, Border Security, Ports, Cybersecurity, Networking Security, Encryption, Law Enforcement, First Responders, Campus Security, Security Services, Corporate Facilities, and Emergency Response among others.
AST has Expanded readership into integral Critical Infrastructure audiences such as Protection of Nuclear Facilities, Water Plants & Dams, Bridges & Tunnels, and other potential targets of terrorism.
Other areas of concern include Transportation Hubs, Public Assemblies, Government Facilities, Sporting & Concert Stadiums, our Nation’s Schools & Universities, and Commercial Business Destinations – all enticing targets due to the large number of persons and resources clustered together.
To learn more about the 2020 ‘ASTORS’ Homeland Security Award Winners solutions, Check Out the New 2020 ‘ASTORS’ CHAMPIONS Edition Fully Interactive Magazine – the Best Products of 2020 ‘A Year in Review’.
The Annual CHAMPIONS edition includes a review of the ‘ASTORS’ Award Winning products and programs, highlighting key details on many of the winning firms products and services, includes video interviews and more.
It is your Go-To source throughout the year for ‘The Best of 2020 Products and Services‘ endorsed by American Security Today, and can satisfy your agency’s and organization’s most pressing Homeland Security and Public Safety needs.
From Physical Security (Access Control, Critical Infrastructure, Perimeter Protection and Video Surveillance Cameras and Video Management Systems), to IT Security (Cybersecurity, Encryption, Data Storage, Anti-Malware and Networking Security – Just to name a few), the 2020 ‘ASTORS’ CHAMPIONS EDITION has what you need to Detect, Delay, Respond to, and Mitigate today’s real-time threats in our constantly evolving security landscape.
It also includes featured guest editorial pieces from some of the security industry’s most respected leaders, and recognized firms in the 2020 ‘ASTORS’ Awards Program.
For a complete list of 2020 ‘ASTORS’ Award Winners, click here.
For more information on All Things American Security Today, and the 2021 ‘ASTORS’ Awards Program, please contact Michael Madsen, AST Publisher at firstname.lastname@example.org.
AST strives to meet a 3 STAR trustworthiness rating, based on the following criteria:
- Provides named sources
- Reported by more than one notable outlet
- Includes supporting video, direct statements, or photos