logo

Kubernetes Risk Assessment: Time to Go One Level Deeper

2022-06-22

Authors:   Ariel Shuper


Summary

The need for a deeper Kubernetes risk assessment framework beyond the current CIS benchmarks
  • The current common Kubernetes risk assessment framework is based on the CIS benchmarks for Kubernetes
  • The framework only covers security misconfigurations and doesn't go deeper than the security configurations of the various elements
  • Real attacks can start by multiple elements expanding beyond security misconfigurations
  • There is a need for an additional risk-assessment framework that can go deeper than the Kubernetes configurations, verifying that all other attack methods, steps, and stages are covered
  • MITRE has crafted an ATT&CK matrix for containers/Kubernetes, which consists of tactics and techniques used in real attacks
Early attacks on Kubernetes were often due to simple misconfigurations, but as the ecosystem has grown, there are more elements to consider, and attacks can come from multiple sources. The current CIS benchmarks for Kubernetes only cover security misconfigurations, leaving other attack methods, steps, and stages uncovered. MITRE has created an ATT&CK matrix for containers/Kubernetes that goes deeper than the current benchmarks, covering tactics and techniques used in real attacks.

Abstract

At present, the common Kubernetes risk assessment framework is based on the popular CIS benchmarks for Kubernetes. This framework consists of a comprehensive set of tests covering all the Kubernetes elements' configuration. But the framework doesn't go deeper than the security configurations of the various elements. Real attacks can start by multiple elements expanding beyond security misconfigurations. Moreover, in the popular managed Kubernetes services (e.g., EKS, AKS or GKE), running these tests can be challenging. Hence, there's a need for an additional risk-assessment framework that can go deeper than the Kubernetes configurations, verifying that all other attack methods, steps, and stages are covered. This talk will show a new industry-driven framework led by MITRE crafting an ATT&CK matrix for containers/Kubernetes, which consist of tactics and techniques used in real attacks

Materials:

Post a comment