13 Must-Ask Questions about Kubernetes Security in Production

Dawn van Hoegaerden Articles Leave a Comment

Containers and tools like Kubernetes enable enterprises to automate many aspects of application deployment. Speeding up processes, saving time and money for businesses, as well as improving DevOps productivity are key benefits of moving to microservices.

Despite the technology upgrade, these deployments can be just as vulnerable to attacks and exploits as traditional environments. New environments and tools present new challenges for cyber attackers and enterprise security teams. Ransomware, crypto mining, data stealing and service disruption attacks will continue to make media headlines, with new targets – container-based virtual environments in both private and public clouds.

Containers are by default more secure than traditional applications but still, smart teams will implement real-time attack protection. Why? Because attackers more often than not can circumvent standard infrastructure security and exploit zero-days to attack containers.

How can your team ensure Kubernetes security and DevOps productivity? Here are 13 security-related questions to ask your Kubernetes security team.

  1. Do you have visibility into the Kubernetes pods being deployed? For example, how the application pods or clusters are communicating with each other?
  2. Do you have a way to detect bad behavior in east/west traffic between containers?
  3. How can we tell if every individual pod is behaving ‘normally’?
  4. How are you being notified or alerted when internal service pods or containers start to scan ports internally or try to connect to the external network randomly?
  5. Are you familiar with the potential attack vectors in a Kubernetes-based deployment?
  6. How would you know if an attacker gained a foothold into your containers, pods, or hosts?
  7. Are you able to see network connections and inspect them to the same degree as you can for your non-containerized deployments? At Layer 7, for instance?
  8. Are you able to monitor what’s going on inside a pod or container to determine if there is a potential exploit?
  9. Have you reviewed access rights to the Kubernetes cluster(s) to understand potential insider attack vectors?
  10. Do you have a checklist for locking down Kubernetes services, access controls, and container hosts?
  11. When you have compliance policies, how do you enforce compliance at run-time? For example, to ensure the encryption for your internal pod communication? How do you know when there’s a pod that is not following the encryption channel?
  12. If your containers are digitally signed and scanned at the registry, how do you ensure the same image is locked down at run-time? To make sure nobody opened it up or patched it or modified its running instances.
  13. When troubleshooting the application communication or recording forensic data, how do you locate the problem pod and capture its logs, and maybe even capture the raw traffic to analyze quickly before it disappears?

Making time to ask the right questions at the right time is a crucial element of container and Kubernetes security. Having the team discuss and act upon these questions will help improve not only development processes and security but also help organizations save time and resources.

Curious to learn more? The Ultimate Guide to Kubernetes Security

This guide will help security teams understand the attack surface for Kubernetes deployments and how vulnerabilities can be exploited by attackers. Real examples such as those used in Tesla and Jenkins crypto-mining exploits are provided. A complete checklist of actions to secure the infrastructure and application containers in a Kubernetes deployment is provided.

 

Leave a Reply

Your email address will not be published. Required fields are marked *