Kubernetes audit logging and container security

Presented by

Randy Franklin Smith, Ultimate Windows Security and Rich Bakos and Kyle Senescu, LogRhythm

About this talk

Applications are increasingly being containerised and when that happens, they invariably find their way to a Kubernetes cluster. The security relationship between containers and Kubernetes is the same as that between VMs, the hyper visor and extended virtualisation infrastructure they run on. The point is, containerised apps are only as safe as the Kubernetes cluster in which they run. Your Kubernetes cluster is probably hosted in the cloud, but that shouldn’t matter when it comes to security monitoring. To ensure a secure environment, you need to know what’s happening inside that cluster: • Who is creating new pods and what container images are they based on? • When are RBAC permissions and role bindings changed? • Which IP addresses are making API requests to the cluster? • Who is messing with persistent storage volumes? • Are DevOps admins storing secrets in configmaps? • Who attached to that pod or node and ran arbitrary commands? In this real training for free session, we will introduce you to Kubernetes audit logging. You will learn about Kubernetes audit policy and how to audit backends. In addition, we'll build on security considerations, including: • Ensuring an approved container image is created • Ensuring the API isn’t open to the outside world (only a list of approved IPs should be calling the API) • Tracking traffic inbound and outbound from the cluster & pods • Monitoring and visualising container log data, and what’s happening within the application itself Register now for this upcoming training webinar from UWS & LogRhythm.

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (87)
Subscribers (19062)
We know your job isn’t easy. That’s why we combine log management, machine learning, SOAR, UEBA, and NDR to give you broad visibility across your environment so you can quickly uncover threats and minimise risk. But a mature SOC doesn’t just stop threats. With LogRhythm, you’ll easily baseline your security operations program and track your gains — so you can easily report your successes to your board. Hear best practices, see technology demos, listen to speaker panels on our European BrightTALK channel. Visit our website for more information: http://www.logrhythm.com/