In this blog, we outline scenarios where the lack of auditing in Kubernetes could be leveraged for abuse and how to defend against it. Lacework Labs is constantly looking to understand the ever increasing complexities of cloud environments and associated services that may be abused for malicious purposes. ) greatly influences how you’ll obtain the logs and react to them. However, the platform your organization has deployed Kubernetes on ( bare metal, cloud provider, managed service, etc. Whether handling a service outage, debugging a misbehaving application, or responding to a security incident, the Kubernetes Audit log can provide a wealth of information for your team. “Kubernetes auditing allows administrators to answer “ what happened? When did it happen? Who initiated it? On what did it happen? Where was it observed? From where was it initiated? To where was it going? ”. As noted in the official Kubernetes documentation: However, a critical component to the Kubernetes monitoring and logging ecosystem is the Kuberenetes Audit log. When it comes to Kubernetes logging, multiple books could be written on all the possible ways to collect, enrich, and send data from a cluster to a SIEM. Kubernetes API endpoints create a novel C2 channel that may be difficult to audit or detect within organizations.Kubernetes Annotations allow for arbitrary storage and can be abused for malicious activity.Kubernetes Audit Policies are critical for cluster-level visibility.Cloud Security Researcher – Lacework Labs Key Points:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |