Although more than 90% of organizations have the open-source container orchestration tool Kubernetes deployed in their environments or will do so in the next two years, alarmingly few have integrated recommended security controls. According to recent polls conducted with IT teams managing Kubernetes:
- 45% do not scan images as part of the CI/CD pipeline
- 80% do not protect applications at runtime with agent-based solutions
- 94% do not protect applications at runtime with agentless solutions
- 85% do not secure Infrastructure-as-Code (IaC) templates and K8s YAMLs
- 88% do not have security policies at deployment using Open Policy Agent or comparable security policy engines
Unsurprisingly, 94% of DevOps, security and development teams report that their organization has experienced a significant Kubernetes security incident in the last year. With most organizations thinking “Adoption first, security later,” the teams who manage these environments should be aware of the most pressing Kubernetes security concerns and what to do about them.
1. Misconfigurations
According to the same security poll mentioned above, 60% of Kubernetes security problems originate from misconfigurations. Some of the most common misconfigurations that create vulnerabilities include:
- Containers Run with allowPrivilegeEscalation: Allows containers to run in privileged mode, granting the container access to the host.
- Privileges Re-enabled by Other Settings: Some admin settings necessary to enable Linux monitoring abilities will set allowPrivilegeEscalation to true.
- –kubelet-https Set to False: –kubelet-https ensures traffic between kubelets and the Kubernetes API is encrypted. If switched off, containers become vulnerable to man-in-the-middle attacks.
2. Immutable Infrastructure
Developers spin Kubernetes and other container types from instances of immutable infrastructure, meaning the application or services are inalterable once iterated. Immutable infrastructure helps prevent configuration drift caused by different manual adjustments to applications running in different containers. Nevertheless, it also increases the rate at which development teams spin new containers, often outpacing security standards and oversights.
3. Lack of Runtime Visibility
Development teams often bypass pre-deployment security tasks such as vulnerability scans. Consequently, 97% of organizations lack runtime visibility into container vulnerabilities while they attempt to manually investigate an average of 2169 new application vulnerability notifications every month. While most alerts prove to be false positives, the overload of information often conceals real attacks that cannot be captured by traditional Linux monitoring tools.
Secure Kubernetes and Containers at Runtime with Spyderbat
Although these Kubernetes security concerns have different origins in the development lifecycle, they share in common the overloading of preventative security measures such as vulnerability scanning and configuration checklists. As the strain on security resources is set to continue for the foreseeable future, organizations need tools to shift from a purely preventative security posture to balance in active runtime visibility and intervention.
Using eBPF technology to thoroughly illuminate activities and processes across distributed, containerized environments, Spyderbat gives the ability to identify and stop attacks in real time. Spyderbat also captures workload behaviors and identifies new runtime deviations to alert or even take action.
To learn more and schedule a demo, contact Spyderbat today.
Write a comment