What We've Learned from Scanning 10K+ Kubernetes Clusters

The presentation discusses the state of Kubernetes risk, compliance, and security vulnerabilities based on the analysis of telemetry data from Kubescape, an open source tool that has scanned over 10K+ unique Kubernetes clusters. The talk sheds light on the most common misconfigurations, known software vulnerabilities, and RBAC violations in Kubernetes deployments, and provides insights on why and where Kubernetes deployments mostly commonly fail and statistics on which controls fail most. The presentation also offers simple measures to work towards eliminating these risks and improving overall cloud native security posture.

• Telemetry data from Kubescape reveals a high number of misconfigurations, unpatched vulnerabilities, and overly-privileged users in Kubernetes systems
• The talk highlights the most common misconfigurations across Kubernetes deployments according to multiple frameworks, known software vulnerabilities, and RBAC violations at early stages of the CI/CD pipeline
• The presentation provides insights on why and where Kubernetes deployments mostly commonly fail and statistics on which controls fail most
• Simple measures are offered to work towards eliminating these risks and improving overall cloud native security posture

The speaker shared that they have tested a lot of images in their general sample and used only the relevant vulnerabilities, which resulted in a corrected result that showed a big difference in the number of vulnerabilities between the general sample and the graduated project. They also found that most CNCF projects are written in Go, which is a single binary loaded into memory, making it difficult to detect unused code paths and less interesting to analyze. The speaker emphasized the need to secure the configurations of Kubernetes clusters, as most of them are currently bad and need improvement.

The number of misconfigurations, unpatched vulnerabilities, and overly-privileged users in Kubernetes systems is ASTOUNDING. We learned this from analyzing the telemetry data from the open source tool Kubescape, that has scanned more than 10K+ unique Kubernetes clusters, and we have learned a great deal about the state of Kubernetes risk, compliance, and security vulnerabilities.In this talk we'll shed light on the most common misconfigurations across Kubernetes deployments (managed and self-managed) according to multiple frameworks (such as the NSA-CISA, MITRE ATT&CK®, and the OWASP Kubernetes Top 10), alongside known software vulnerabilities, and RBAC (role-based-access-control) violations at early stages of the CI/CD pipeline. We will demonstrate how you can instantly calculate your own risk score, and you'll walk away able to discover and manage your own risks, over time, through constantly changing security trends.We'll also provide interesting insights on why and where Kubernetes deployments mostly commonly fail and statistics on which controls fail most, as well as the weak spots and gotchas to pay attention to. Stick around though, as we'll wrap up with some simple measures your can take immediately to work towards eliminating these risks and improving your overall cloud native security posture.