• Latest
  • Trending
Securing Kubernetes With XDR

Securing Kubernetes With XDR

December 17, 2021
Lenovo’s 16-inch ThinkPad claims desktop-like performance with 55 W Intel CPU

Lenovo’s 16-inch ThinkPad claims desktop-like performance with 55 W Intel CPU

May 18, 2022
Testing shows AMD’s FSR 2.0 can even help lowly Intel integrated GPUs

Testing shows AMD’s FSR 2.0 can even help lowly Intel integrated GPUs

May 18, 2022
Tesla announces the date for its second AI day

Tesla announces the date for its second AI day

May 18, 2022
AMD and Qualcomm to Optimize FastConnect Connectivity for AMD Ryzen Processors

AMD and Qualcomm to Optimize FastConnect Connectivity for AMD Ryzen Processors

May 18, 2022
Ericsson to Take Part at GSMA’s Mobile 360 Convention in Riyadh

Ericsson to Take Part at GSMA’s Mobile 360 Convention in Riyadh

May 18, 2022
InterSAT and SES renew partnership to accelerate digital inclusion across Africa

InterSAT and SES renew partnership to accelerate digital inclusion across Africa

May 18, 2022
Applications open for Google Black Founders Fund Africa

Applications open for Google Black Founders Fund Africa

May 18, 2022
Hackers nail Zambia’s Central Bank

Hackers nail Zambia’s Central Bank

May 18, 2022
Western Digital UltraStar DC SN650 NVMe SSDs Announced

Western Digital UltraStar DC SN650 NVMe SSDs Announced

May 18, 2022
OWC Announces Envoy Pro mini Pocket-Sized USB-C and USB-A SSD

OWC Announces Envoy Pro mini Pocket-Sized USB-C and USB-A SSD

May 18, 2022
Transcend Grade 112-Layer 3D NAND SSDs With DRAM Cache

Transcend Grade 112-Layer 3D NAND SSDs With DRAM Cache

May 18, 2022
VMware Certification for Pavilion NVMe-oF Flash Array

VMware Certification for Pavilion NVMe-oF Flash Array

May 18, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Thursday, 19 May, 2022
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

Securing Kubernetes With XDR

by ITECHNEWS
December 17, 2021
in Leading Stories, Opinion
0 0
0
Securing Kubernetes With XDR

Kubernetes is at the forefront of the container orchestration market. A majority of organizations running container workloads manage at least some of them via Kubernetes. However, according to the Red Hat State of Kubernetes Security report, 94% of organizations encountered a serious security incident within their container environment. Of these, 69% of these incidents were security misconfigurations, 27% were runtime security issues and 24% were known vulnerabilities.

Hackers have definitely discovered Kubernetes, too, and are exploiting its security weaknesses. However, security technology is catching up. A new security category, eXtended Detection and Response (XDR), promises to close some of the security gaps created by the container revolution.

YOU MAY ALSO LIKE

Lenovo’s 16-inch ThinkPad claims desktop-like performance with 55 W Intel CPU

Testing shows AMD’s FSR 2.0 can even help lowly Intel integrated GPUs

Kubernetes Security Concerns

Let’s review some of the key Kubernetes security concerns in a production environment. For more background, see this detailed guide to Kubernetes security.

Container Images and Image Registries

Organizations require solid governance policies to dictate how images are stored and retrieved from image registries. It is important to create container images from approved, secure base images and scan images at all stages of the development life cycle. Organizations must also ensure they only use images from trusted image registries.  

Container Networking

Pods and containers communicate over the network, both within Kubernetes clusters and with other external and internal endpoints. If a container is compromised, the capacity for a cybercriminal to move laterally within the environment is directly connected to how widely that container may communicate with other different pods and containers. 

In a sprawling container environment, enforcing network segmentation can be prohibitively challenging. In a large cluster, it is not feasible to configure policies manually and automating them requires special expertise or dedicated security tools.

Kubernetes Default Configurations are Not Secure

In line with a DevOps approach, Kubernetes intends to simplify operations and management and speed application deployment. Kubernetes provides a comprehensive set of controls that organizations can use to secure clusters and their applications successfully. 

Kubernetes network policies, for instance, act similar to firewall rules that dictate how pods communicate with endpoints and each other. When a network policy is applied to a pod, that pod can communicate solely with the asset specified in that policy. However, because Kubernetes does not connect a network policy to a pod by default, all pods can communicate with all other pods in a default Kubernetes environment. This creates a major security risk.

Secrets Management

An additional configuration risk is associated with secrets management: How sensitive information, including keys and credentials, is accessed and stored. It is common to store secrets in plaintext within Kubernetes configurations or containers, but this creates severe security risks. 

Organizations must use secrets management mechanisms—either those provided by Kubernetes or via third party solutions—to ensure credentials are secure. It is critical to periodically scan the environment for any secrets that are accidentally exposed.

Compliance Challenges

Cloud-native environments present challenges when adhering to regulations, industry standards, security best practices, industry benchmarks and internal organizational policies. 

Organizations not only have to remain compliant, but they also have to show proof of compliance. It can be difficult to ensure that Kubernetes adheres to security controls when these were originally defined for conventional application architectures. 

Furthermore, containerized applications are dynamic and distributed by nature. Organizations must put in place automated monitoring and observability strategies to ensure compliance and enable auditing when operating at scale.

What Is XDR?

XDR is a cross-layered response and detection tool. It collects and correlates information across several security layers such as email, endpoints, applications, servers, networks and clouds. This comprehensive approach offers greater visibility into an organization’s technology environment so that security teams can identify, investigate and react to threats more efficiently and successfully. 

Compared to conventional security solutions, XDR can perform deeper investigations and unite all data into one holistic incident identification and response solution. Rather than sifting through countless events from multiple tools, security teams can view the entire attack story in one interface, make logical connections between events and swiftly act on the information to mitigate threats.

How Can XDR Protect Kubernetes?

XDR is especially suited to containerized environments because of its ability to combine data from different IT systems and security tools into a coherent attack story. Kubernetes clusters generate different operating metrics from traditional environments and are supported by new types of monitoring tools, such as Prometheus. 

XDR can make sense of these metrics, combining them with data from endpoints, networks and cloud resources. This enables:

  • Rapid investigation of security incidents in one interface.
  • Threat hunting in a Kubernetes environment.
  • Response automation that connects security events to automated responses at the networking, cloud provider or endpoint level.

In particular, XDR solutions can leverage attributes like cluster, node, deployment type, pod name, container image and container ID, report them to operators and use them in behavioral analysis. These attributes are critical to understanding how threats are impacting a Kubernetes environment. 

XDR can help discover threats like unknown malware and infected container images, zero-day attacks and in-memory attacks that cannot be detected by legacy antivirus solutions. In addition, XDR can enable opening a remote shell to any element in the Kubernetes environment—a node or a specific container—to investigate threats, collect forensics, contain and mitigate attacks.

Protecting Kubernetes With XDR

In this article, I covered the basics of Kubernetes security and explained how XDR, a new type of security solution, can help protect Kubernetes clusters. XDR enables rapid investigation of security incidents in a complex containerized environment, data exploration and threat hunting, and enables automated response by integrating with tools in the Kubernetes environment. 

By Security Boulevard

Tags: KubernetesRed HatXDR
ShareTweetShare

Get real time update about this post categories directly on your device, subscribe now.

Unsubscribe

Search

No Result
View All Result

Recent News

Lenovo’s 16-inch ThinkPad claims desktop-like performance with 55 W Intel CPU

Lenovo’s 16-inch ThinkPad claims desktop-like performance with 55 W Intel CPU

May 18, 2022
Testing shows AMD’s FSR 2.0 can even help lowly Intel integrated GPUs

Testing shows AMD’s FSR 2.0 can even help lowly Intel integrated GPUs

May 18, 2022
Tesla announces the date for its second AI day

Tesla announces the date for its second AI day

May 18, 2022

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Lenovo’s 16-inch ThinkPad claims desktop-like performance with 55 W Intel CPU

Lenovo’s 16-inch ThinkPad claims desktop-like performance with 55 W Intel CPU

May 18, 2022
Testing shows AMD’s FSR 2.0 can even help lowly Intel integrated GPUs

Testing shows AMD’s FSR 2.0 can even help lowly Intel integrated GPUs

May 18, 2022

Recent News

  • Lenovo’s 16-inch ThinkPad claims desktop-like performance with 55 W Intel CPU May 18, 2022
  • Testing shows AMD’s FSR 2.0 can even help lowly Intel integrated GPUs May 18, 2022
  • Tesla announces the date for its second AI day May 18, 2022
  • AMD and Qualcomm to Optimize FastConnect Connectivity for AMD Ryzen Processors May 18, 2022
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021 iTechNewsOnline.Com - Powered by BackUpDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021 iTechNewsOnline.Com - Powered by BackUpDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?
Go to mobile version