The newly released guidelines recommend the following mitigation measures: scan environments for vulnerabilities and misconfigurations; monitor privileged access control, use network separation; limit network connectivity; deploy strong authorization and authentication; capture and monitor audit logs; and periodically review Kubernetes settings.
Despite millions of developers leveraging the power of Kubernetes, many struggle to properly secure the containerized infrastructure. The guidance released by the NSA and CISA will help organizations better navigate the complexity of securing Kubernetes architecture, avoid misconfigurations and strengthen overall container security strategies. KSOC supports organizations by providing a solution focused on event-driven decisioning, distributed policies, and least-privileged identity entitlements. These product capabilities allow users to leverage Kubernetes with confidence and peace of mind.
“I am very pleased that the Federal Government stepped up to provide individuals and industry with important recommendations to encourage data care and mitigation of security risks,” said Ron Gula, President of Gula Tech Adventures and Co-founder of Tenable Network Security. “As Kubernetes has been increasingly adopted by organizations of all sizes, it is critical that people and companies apply these federal recommendations to their systems. One of the critical ways to do this is by using products. such as KSOC, that are securely engineered to simplify the process of securing clusters for developers and helping protect all of our systems from malware and hacking.”
The KSOC platform consists of Kubernetes Detection and Response (KDR) and Kubernetes Infrastructure Entitlements Management (KIEM) products comprised of the following capabilities deemed critical for securing Kubernetes clusters:
- KSOC seamlessly connects to Kubernetes and public cloud APIs as the data source, continuously monitoring for misconfigurations and vulnerabilities within a cluster, and parsing Kubernetes audit logs.
- KSOC frequently checks privileged containers running inside of a cluster, alerting users about changes to admin privileges, and remediating over-privileged access automatically.
- KSOC provides capabilities to audit Kubernetes Role-Based Access Control activities and provides suggestions over time to right-size access.
- KSOC is an event-driven platform that monitors running clusters in real-time for security issues including known vulnerabilities and other security events. The platform can quickly identify and remediate common misconfigurations and vulnerabilities, as well as not-so-common ones.
“KSOC was founded to address the market need for better Kubernetes security, and the NSA and CISA guidance underscores the importance of ensuring that clusters are appropriately secured to thwart today’s security threats,” says Jimmy Mesta, Co-founder and CTO at KSOC. “We have deep expertise in Kubernetes and have built a comprehensive platform that addresses all critical security components. We truly believe that this new guidance will propel organizations in the right direction and we are excited to serve as a trusted Kubernetes security partner.”