Keep Hackers Out of Your Cluster with These 5 Simple Tricks - Christophe Tafani-Dereeper & Frederic Baguelin, Datadog

less than 1 minute read

Abstract

Many options are available to increase the security posture of a Kubernetes cluster. But which ones to prioritize, and why? In this talk, we take a data-based and threat-informed approach to prioritizing security investments. We start by describing the attacks we’ve seen over the past year on a network of Docker and Kubernetes honeypots we’ve deployed publicly-facing on the internet, mimicking the Docker API, Kubernetes API server, and Kubelet API to catch what attackers are doing in the wild. Then, we review several high-profile container escape vulnerabilities and how they’ve been exploited in the wild. Based on this, we list the most common ways attackers attempt to deploy malicious workloads, backdoor a cluster, or escape containers—and what are the most effective and “bang for your buck” security mechanisms that you can implement in your own cluster.

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

Keep Hackers Out of Your Cluster with These 5 Simple Tricks - Christophe Tafani-Dereeper & Frederic Baguelin, Datadog

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google