Tigera Looks to Secure Kubernetes Runtime Environments
Tigera today added a Calico Runtime Threat Defense platform for securing Kubernetes runtimes using a combination of signature and behavior-based techniques.
Utpal Bhatt, chief marketing officer for Tigera, says this latest addition to the Tigera portfolio continuously monitors and analyzes network and container behavior for indicators of attack using the MITRE framework without requiring IT teams to write their own set of complex rules that then need to be maintained.
The Calico Runtime Threat Defense makes use of the extended Berkeley Packet Filter (eBPF) in Linux to monitor processes, file systems activity and system calls. It is based on open source Calico networking software originally developed by Tigera. As such, this latest offering is integrated with the global threat intelligence feed that is already integrated with Calico. Those feeds are then used to surface policy recommendations such as quarantining an infected pod in addition to creating a set of pre-programmed detectors created by Tigera’s Threat Research team to detect threats. New detectors are continually added by Tigera to stay ahead of emerging zero-day threats, noted Bhatt.
The platform also includes a web application firewall to monitor HTTP communication to detect attacks, maintains a database of malware file hashes as part of its threat intelligence library to actively block known malware, deploys decoys or honeypots to monitor and detect suspicious activity within a Kubernetes cluster and makes use of open source SNORT software to provide deep packet inspection (DPI).
Finally, Calico Runtime Threat Defense also uses network traffic logs to baseline the behavior of cluster nodes, pods and services and uses machine learning algorithms to determine indicators of port scans, IP sweeps and domain generation algorithms (DGA).
Many organizations are just now coming to terms with what is required to secure Kubernetes clusters as more cloud-native applications deployed on this platform find their way into production environments. Given the inherent complexity of the Kubernetes platform, Tigera is making a case for the convergence of security and network management at a higher level of abstraction that aggregates the components needed to create a defense-in-depth strategy that is accessible to a wider number of IT teams, notes Bhatt.
Kubernetes presents IT teams with an opportunity to unify networking and security management which have been challenging to accomplish in legacy IT environments. The challenge is making it simple enough for the average IT administrator to take on that task without necessarily requiring the programming expertise of a DevOps team or the need to continuously write and update security rules every time a vulnerability is discovered.
Regardless of approach, as more applications are deployed on Kubernetes clusters, there will be a lot more cybercriminals testing the defenses of the platforms these applications run on. Unfortunately, cybersecurity has been a bit of an afterthought within the open source Kubernetes community, so organizations are going to need to look to other platforms to provide the appropriate level of defense.
