Kubernetes Security: Detecting Lateral Movement and Defending Against Attackers

Presented by

Garwood Pang, Tigera Threat Defense Researcher

About this talk

As Kubernetes matures, gone are the days when we can fully compromise a cluster by just taking over a pod and sending commands to the Kubernetes API service. RBAC and other Kubernetes security features force attackers to pivot at least once to find the right vulnerable pod/service account with the right privileges to take over a cluster. The attack surface grows as the cluster gets bigger and more third-party applications are deployed. By understanding the attacker’s workflow and gaining visibility into the relevant connections, we are able to identify our cluster’s weak points and limit the attacker’s reach. In this webinar, we will: * Examine some common techniques that an attacker can use to gain intel about your cluster’s setup once they are inside * Show a demo of an attacker gaining root access by impersonating a sample third-party application after exploiting a vulnerable API call * Visualize the attack using Calico Enterprise and review mitigation strategies

Related topics:

About this channel

Tigera
Upcoming talks (0)
On-demand talks (36)
Subscribers (3599)
Tigera provides zero-trust network security and continuous compliance for Kubernetes platforms that enables enterprises to secure containers and applications with a least privileges model and defense in depth. Tigera’s technology is recognized and trusted as the de facto standard for Kubernetes network security.