Get Your Security Priorities Straight! How to Identify Workloads Under Real Threat with Context - Ben Hirschberg, ARMO & Arie Haenel, Intel
Abstract
Is a privileged container a security threat? Should you spend time defining a pod so it can run with a read-only filesystem? These and similar questions are raised constantly by multiple authors and projects. In most cases, there is a good reason behind these questions. However, the difference between a potential threat and a real one is far from self-explanatory and highly depends on the circumstances to differentiate between real threats. This is where the answer lies and we are presenting a security prioritization system for Kubernetes workloads that is based on the MITRE framework and its categorization. This system is built upon data aggregated from a high volume of security controls, that cover multiple projects, structured in a way that makes it easy to find contextual information about different problems. We are going to present the algorithm behind the prioritization engine which is able to calculate the security exposures score for a diversity of Kubernetes workloads. We will then review the results based on real production clusters, and how they fair against real security analysis, enabling anyone to differentiate between actual threats that should be mitigated quickly and those we can be less concerned about.