The presentation discusses the importance of building a knowledge base for understanding the unique security threats that target orchestration level of Kubernetes. The speakers present the Threat Metrics for Kubernetes, which focus on this specific layer and provide a way to measure coverage to real-world attacks.
- The Threat Metrics for Kubernetes were developed to map threats targeting Kubernetes and to keep track of the interface
- The Metrics are split into tactics and techniques, with each technique representing a specific method that attackers might use
- The Metrics can be used to measure coverage to real-world attacks
- An anecdote is given about an attack that targeted Kubeflow and exploited a misconfigured dashboard
The presentation gives an example of an attack that targeted Kubeflow, a popular framework for machine learning tasks that run on top of Kubernetes. The attack exploited a misconfigured dashboard that didn't require any authentication, allowing free access to a management interface. This anecdote illustrates the importance of understanding the unique security threats that target orchestration level of Kubernetes and the need for a knowledge base to measure coverage to real-world attacks.