Portshift today unveiled an extension to its lineup of container security offerings to secure Kubernetes application programming interfaces (APIs).
Zohar Kaufman, vice president of research and development for Portshift, says Extended Kubernetes Cluster Protection makes it possible to detect and mitigate runtime risks and malicious activities on worker nodes and all cluster resources by preventing any unauthorized changes that might be made via a Kubernetes API.
That capability will prevent cybercriminals from adding malicious executables to pods, creating crypto-mining cronjobs, launching remote code executions (RCE) in pods, exposing cluster secrets, elevating privileges or deleting Kubernetes log data, he notes.
All role-based access controls (RBAC) within a Kubernetes cluster are also categorized by risk level to provide cybersecurity teams with more visibility into the overall security posture on any Kubernetes deployment, adds Kaufman. Policies can then be applied either manually or using an intelligent policy advisor tool to prevent unwanted API actions and high-risk configurations. Extended Kubernetes Cluster Protection then automatically reviews and monitors all granted permissions and prevents actions that violate an established policy.
As is the case with any platform, most Kubernetes issues stem from misconfigurations that cybercriminals can easily exploit once discovered. In the absence of a well-defined set of best DevSecOps processes, misconfigurations are all but inevitable. Extended Kubernetes Cluster Protection provides a tool that prevents cybercriminals from taking advantage of human errors that are easy to make, given the overall complexity of a Kubernetes environment, Kaufman notes.
At a time when many organizations are still trying to determine who is responsible for Kubernetes security, a policy-based approach is more important than ever, he says. It allows cybersecurity teams to implement a set of inviable controls to ensure security is maintained. In an ideal DevSecOps world, developers will assume more responsibility for implementing security controls. However, it’s still the responsibility of cybersecurity teams to verify controls have been implemented. A policy-based approach to cybersecurity allows cybersecurity teams to achieve that goal without having to monitor every event as it occurs on a Kubernetes cluster in real-time.
Ultimately, most organizations are trying to achieve cybersecurity in a way that doesn’t slow down application development. That issue becomes especially challenging as organizations transition to cloud-native applications running on Kubernetes clusters that are highly dynamic. There are simply not enough cybersecurity professionals available to participate in, much less track, every update being made to a Kubernetes environment. As a result, cybersecurity teams are more dependent on policies than ever.
Of course, the policies that are created need to make sense to application development teams. It’s not especially difficult for many developers to spin up a Kubernetes cluster when they don’t appreciate every rule in place. However, at a time when many developers are being held more accountable for fixing cybersecurity issues once they arise, many of them are also starting to discover a greater appreciation for policies that, when properly enforced, reduce the number of cybersecurity incidents that otherwise would take time away from writing and deploying code.