Know Your Enemy: Mapping Security Risks Using Threat Matrix for Kubernetes - Yossi Weizman & Ram Pliskin, Microsoft
Abstract
In April, Microsoft released an updated version of the Threat Matrix for Kubernetes which was originally released in 2020. The Threat Matrix is a knowledge base for security threats that target Kubernetes. This matrix was the first attempt to systematically cover the attack landscape of Kubernetes. In this session, we will explain how defenders and SecOps engineers can use the matrix to protect their Kubernetes workloads. We will demonstrate how a real-world attack is mapped to the techniques in the matrix and how organizations can measure their coverage to the attack using the matrix. Inspired by the Threat Matrix for Kubernetes, MITRE expanded their ATT&CK framework to include also containers. In the session, we will examine the differences between the Threat Matrix and MITRE ATT&CK and explain how users can leverage both matrices to gain a better security visibility for their environments.