🦝 Guardians of the Runtime: Leveraging Behavioral Analysis and Policies

The presentation discusses an innovative approach to securing Kubernetes clusters using behavior analysis during continuous integration testing and generating native policies based on behavior. The focus is on leveraging continuous behavioral analysis to replace tedious manual policy definitions and the importance of native policies to enforce security policies directly within Kubernetes without relying on third-party tools.

• Continuous behavioral analysis can replace manual policy definitions
• Native policies allow for direct enforcement of security policies within Kubernetes
• Hands-on practices for implementing this approach are covered
• The presentation emphasizes the importance of leveraging innovative approaches to security in Kubernetes clusters

The speaker shared that their production system was overwhelmed with public open-source images with over 100 vulnerabilities, making it difficult to manage and update them. They introduced a new feature called 'cubescape relevancy' that uses an ebpf agent to report all file activities on every workload running inside the cluster. This enables them to create a filtered vulnerability scanned results list by removing all packages that haven't been touched during the runtime of the container, reducing the number of vulnerabilities by 80%. This is a significant noise reduction for them and a useful tool for those working with vulnerability scanners.

In this presentation, we will explore an innovative approach to securing Kubernetes clusters using behavior analysis during continuous integration testing and generating native policies based on behavior. By leveraging continuous  behavioural analysis, we can replace tedious manual policy definitions which take long to define and can break easily. We will also discuss the importance of native policies, which allow us to enforce security policies directly within Kubernetes without relying on third-party tools.We will cover hands-on practices for implementing this approach, including how to integrate behavioral analysis into CI testing and how to use native policies to enforce security policies.By the end of this presentation, attendees will have a deeper understanding of how to leverage innovative approaches to security in Kubernetes clusters, and how to use behavioral analysis and native policies to protect their environments against the latest threats.