As demand for cloud-native architectures and containerization continues to grow, the use of Kubernetes is expected to increase. However, this also presents a double-edged sword for security teams, according to the Kubernetes Security Operation Center (KSOC). On one hand, using Kubernetes can limit an attacker’s blast radius, but on the other hand, a vulnerable web app in an exposed Kubernetes cluster can give attackers unlimited access and control.

The Challenge of Cloud-Native Security

Cloud-native technologies like Kubernetes are becoming increasingly popular due to their flexibility and scalability. However, security concerns continue to delay or slow down their implementation. A recent report by Red Hat found that 67% of companies reported delaying or slowing down deployments due to security concerns, with 37% experiencing revenue or customer loss due to a breach.

The Importance of Automated Risk Triage

KSOC is tackling cloud-native security in a way that is Kubernetes-first through automated risk triage. This involves analyzing a business’s role-based access control (RBAC) settings, misconfigurations, runtime events, image vulnerabilities, network exposure, and public cloud context to identify high-priority risks.

"We combine the relationships between these elements (different Kubernetes risks) to see where they exist together, which immediately increases the risk factor and shows top priority," said KSOC co-founder and CEO Brooke Motta.

The Role of Threat Vectors

A threat vector is a way to reduce the noise of security findings from any one part of Kubernetes to identify high-priority risks. By analyzing multiple sources of data, KSOC’s system can identify potential security issues before they become major problems.

"We connect runtime events to threat vectors so you can see not just your top risk, but where those risks are actually being exploited today, in real time," said Motta.

Real-Time Misconfiguration Polling

KSOC also polls for Kubernetes misconfigurations in real-time, which is a significant improvement over the common practice of doing checks in intervals of hours or even days. Misconfigurations are a top security concern for companies adopting Kubernetes and can result in serious consequences such as potential exposure to ransomware and data loss.

RBAC Permissions Management

KSOC’s platform also shows who has access to what RBAC permissions, giving teams great visibility into their environment. This is particularly important for security teams dealing with staff shortages, especially around Kubernetes and cloud-native technologies.

"Every security team is dealing with staff shortages, especially around Kubernetes and cloud native, so this gives them a practical option for managing Kubernetes security with the team they have," said Motta.

Amazon Detective Supports Container Security

In related news, Amazon has announced that its Detective service now supports container security in Amazon EKS. This is an important step towards improving container security and reducing the risk of breaches.

Conclusion

The use of Kubernetes and cloud-native technologies presents both opportunities and challenges for security teams. By using automated risk triage and real-time misconfiguration polling, KSOC aims to eliminate this headache for companies. With its innovative approach to cloud-native security, KSOC is poised to make a significant impact in the industry.

KSOC’s Team

Brooke Motta co-founded KSOC with Jimmy Mesta (CTO), who is also a veteran security engineer. Before joining KSOC, Motta had a successful career in the tech industry, including stints at leading companies such as Google and Microsoft.

"KSOC’s team has a deep understanding of cloud-native technologies and security, which allows us to develop innovative solutions that meet the needs of our customers," said Motta.

About KSOC

Kubernetes Security Operation Center (KSOC) is a pioneering company in the field of cloud-native security. With its focus on Kubernetes-first security, KSOC aims to provide a comprehensive solution for companies looking to improve their cloud-security posture.

"KSOC’s mission is to make cloud-native security more accessible and effective for all organizations," said Motta. "We believe that our innovative approach will revolutionize the way companies think about cloud-security."