tldr - powered by Generative AI

• Threat modeling is important to identify and address security risks in a system before it goes into production.
• The Microsoft threat matrix for Kubernetes is a useful resource for identifying tactics and entry points an attacker could use and the mitigations to prevent them.
• The presentation demonstrates six exploit scenarios, including leveraging a compromised container, exploiting RBAC misconfigurations, and hijacking the entire cluster.
• For each scenario, the impact of the attack is discussed, and controls and mitigation strategies are presented.
• The presentation concludes with a summary of the lessons learned.

tldr - powered by Generative AI

• Running containers as non-root provides significant security benefits
• Migrating to non-root containers can be done through a programmatic approach
• Stateless containers are easier to migrate than those with volume mounts
• The host users feature in Kubernetes makes it easier to run containers as non-root
• There are vulnerabilities in the Linux kernel that can be exploited to break out of containers
• The presentation offers a demo of running an nginx container as non-root

tldr - powered by Generative AI

• Cube armor provides fine-grained access control on container entities
• Cube armor offers a declarative way to manage policies for access control
• Cube armor has inline policy enforcement
• Cube armor provides Telemetry data with context

tldr - powered by Generative AI

• Threat modeling is important to bring quantifiability and reason to abstract threats and to identify attack paths.
• The Stride process and standards documents can be used to exhaust potential permutations of threats and identify simple controls to cover as many cases as possible.
• The attack tree is a visual representation of an attack and can be used to multiply likelihood and impact to give abstract risk scores.
• Layering controls across the branches of the attack tree can break the attack chain and provide a minimum viable set of security configurations.
• Pipeline metadata is important for piecing things back together and giving a different type of observation.
• Best practices for securing the supply chain include using S-bombs, artifact signing, and evidence leaks and ledgers.
• Measuring SAL level and mean time to remediation are useful indicators of vendor maturity.
• Retrofitting and slowly maturing the supply chain is important.
• Asking vendors for S-bombs is a closer first step than asking for SAL level.

tldr - powered by Generative AI

• Container scanning and security is becoming more widely adopted, but the long-term security posture of containers is not well-understood.
• New vulnerabilities arise constantly, and many vulnerabilities fall into a catchall bucket of 'won't fix'.
• The attack surface of popular public container images like Python and NodeJS has changed over the past year, and different vulnerability scanners show different results.
• Developers and DevSecOps teams face challenges in ensuring containerized applications are free from vulnerabilities due to the complexity of containers and manual processes.
• Practical steps can be taken to stay on top of vulnerabilities and prevent the dev process from grinding to a halt.