logo
allArticlesConferencesPresentations

Know Your Enemy: Mapping Security Risks Using Threat Matrix for Kubernetes

Conference:  KubeCon + CloudNativeCon North America 2021

2021-10-14

Authors:   Ram Pliskin, Yossi Weizman

Summary

The presentation discusses the importance of building a knowledge base for understanding the unique security threats that target orchestration level of Kubernetes. The speakers present the Threat Metrics for Kubernetes, which focus on this specific layer and provide a way to measure coverage to real-world attacks.
  • The Threat Metrics for Kubernetes were developed to map threats targeting Kubernetes and to keep track of the interface
  • The Metrics are split into tactics and techniques, with each technique representing a specific method that attackers might use
  • The Metrics can be used to measure coverage to real-world attacks
  • An anecdote is given about an attack that targeted Kubeflow and exploited a misconfigured dashboard
The presentation gives an example of an attack that targeted Kubeflow, a popular framework for machine learning tasks that run on top of Kubernetes. The attack exploited a misconfigured dashboard that didn't require any authentication, allowing free access to a management interface. This anecdote illustrates the importance of understanding the unique security threats that target orchestration level of Kubernetes and the need for a knowledge base to measure coverage to real-world attacks.

Abstract

In April, Microsoft released an updated version of the Threat Matrix for Kubernetes which was originally released in 2020. The Threat Matrix is a knowledge base for security threats that target Kubernetes. This matrix was the first attempt to systematically cover the attack landscape of Kubernetes. In this session, we will explain how defenders and SecOps engineers can use the matrix to protect their Kubernetes workloads. We will demonstrate how a real-world attack is mapped to the techniques in the matrix and how organizations can measure their coverage to the attack using the matrix. Inspired by the Threat Matrix for Kubernetes, MITRE expanded their ATT&CK framework to include also containers. In the session, we will examine the differences between the Threat Matrix and MITRE ATT&CK and explain how users can leverage both matrices to gain a better security visibility for their environments.
Materials:
Slides
Tags:
Kubernetes
Threat Matrix
Microsoft
SecOps
ATT&CK

Post a comment

Related work

Atomic Red Team: Where Adversary Emulation and EDR Testing Meet

Conference:  RSA Conference 2022
Authors:
2022-06-06

MITRE ATT&CK: The Play at Home Edition

Conference:  BlackHat USA 2019
Authors:
2019-08-07

Hacking and Defending Kubernetes Clusters: We'll Do It LIVE!!! - Fabian Kammel & James Cleverley

Conference:  KubeCon + CloudNativeCon Europe 2023
Authors: James Cleverley-Prance, Fabian Kammel
2023-04-21

ATT&CK® for Adversarial Machine Learning: Tacky or Tasty?

Conference:  RSA Conference 2021
Authors:
2021-05-17

Kubernetes Security: Attacking and Defending K8s Clusters

Conference:  OWASP 20th Anniversary Event
Authors: Magno Logan
2021-09-24

Kubernetes Risk Assessment: Time to Go One Level Deeper

Conference:  SupplyChainSecurityCon 2022
Authors: Ariel Shuper
2022-06-22