Threat Stack Extends Cybersecurity Reach to Kubernetes

Threat Stack, a provider of a software-as-a-service (SaaS) application that makes use of agent software to discover potential cybersecurity threats, has extended the reach of its platform to include support for Kubernetes.

Todd Morneau, director of product management, says Threat Stack applies behavioral analytics to Kubernetes to make it easier to identify anomalous behavior indicative of a cybersecurity breach. That capability is especially valuable within a Kubernetes environment because the number of configuration settings that an IT organization needs to master makes it probable that one or more of those settings will be misconfigured, he says, noting that setting up a Kubernetes cluster requires an IT administrator to navigate hundreds of pages of documentation written by the engineers that developed the platform.

In addition to ranking the potential severity of the threats identified, Threat Stack makes it easier to secure Kubernetes by including a Kubernetes Ruleset that detects actions such as pod creation or deletion, pod starts and stops, node behavior events, login events and configuration changes.

By adding support for the Kubernetes application programming interface (API) to the Threat Stack platform, data from Kubernetes clusters can be analyzed alongside all the platforms Threat Stack already supports, says Morneau. That approach eliminates the need to acquire a dedicated cybersecurity analytics tool just for Kubernetes.

The analytics tools provided by Threat Stack also enable organizations that have embraced Kubernetes to address compliance mandates because the agent software created by Threat Stack captures the configuration data required to satisfy an auditor, he adds.

Arguably, the single biggest inhibitor of Kubernetes adoption are cybersecurity concerns stemming from a lack of visibility into the platform. As a modern platform, Kubernetes tends to be more secure than most legacy platforms. But because of the complexity of the platform, the opportunity for human error is high. As more Kubernetes clusters get deployed in production environments, it’s only a matter of time before cybercriminals scan for vulnerabilities more aggressively, which most commonly manifest themselves in misconfigured settings. In an ideal world, alerts concerning those potential vulnerabilities would be generated via the implementation of a set of best DevSecOps processes that would discover those vulnerabilities long before a Kubernetes cluster was deployed in a production environment. By making available a set of tools for discovering those vulnerabilities using a SaaS application, Threat Stack is making a case for programmatically including its tools to implement those DevSecOps processes.

Of course, it’s still early days in terms of adoption of DevSecOps processes. In the meantime, adoption of containers and Kubernetes continues to accelerate. In fact, it’s not all that uncommon for cybersecurity teams to discover the presence of Kubernetes in a production environment long after it’s been deployed. The challenge IT organizations face now is to first bring their cybersecurity teams up to speed on containers and Kubernetes, then provide them with the tools they need to secure those environments without slowing down the rate at which modern applications are being deployed and updated. That may seem like a tall order, but organizations that can’t achieve that goal more than likely will find themselves falling behind an IT curve that will only become steeper to climb.

Mike Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

Mike Vizard has 1614 posts and counting. See all posts by Mike Vizard