Kubernetes audit logging and container security

Applications are increasingly being containerised and when that happens, they invariably find their way to a Kubernetes cluster. The security relationship between containers and Kubernetes is the same as that between VMs, the hyper visor and extended virtualisation infrastructure they run on. The point is, containerised apps are only as safe as the Kubernetes cluster in which they run. Your Kubernetes cluster is probably hosted in the cloud, but that shouldn’t matter when it comes to security monitoring. To ensure a secure environment, you need to know what’s happening inside that cluster: • Who is creating new pods and what container images are they based on? • When are RBAC permissions and role bindings changed? • Which IP addresses are making API requests to the cluster? • Who is messing with persistent storage volumes? • Are DevOps admins storing secrets in configmaps? • Who attached to that pod or node and ran arbitrary commands? In this real training for free session, we will introduce you to Kubernetes audit logging. You will learn about Kubernetes audit policy and how to audit backends. In addition, we'll build on security considerations, including: • Ensuring an approved container image is created • Ensuring the API isn’t open to the outside world (only a list of approved IPs should be calling the API) • Tracking traffic inbound and outbound from the cluster & pods • Monitoring and visualising container log data, and what’s happening within the application itself Register now for this upcoming training webinar from UWS & LogRhythm.