Adding Powerful Security to the Kubernetes API
Extended Kubernetes Cluster Protection Analyzes All Cluster Events, Mitigating Potential Risks in Cluster Resources and Worker Nodes
Portshift announced Extended Kubernetes Cluster Protection. The new capability provides Kubernetes API calls/API server protection by detecting and mitigating runtime risks and malicious activities on worker nodes and all cluster resources. The extended protection oversees all RBAC permissions in a Kubernetes cluster, categorizes them according to risk level, and provides runtime visibility and enforcement of APIs toward the API server.
Portshift’s Extended Kubernetes Cluster Protection provides runtime visibility of all APIs invoked toward the API server and offers advanced filtering ability. In order to make changes to a Kubernetes cluster, an API call is made to the API server so that by protecting it, the clusters are defended against unauthorized changes. In addition to the protection of clusters, the administrator creates policy rules either by using the intelligent policy advisor or instituting policies manually to prevent unwanted API actions and high-risk configurations. The solution then automatically reviews and monitors all granted permissions and prevents impacts that defy policy.
With Extended Kubernetes Cluster Protection, existing pod permissions are tightened and unused permissions removed. The API Audit & Policy feature allows the DevSecOps professional to achieve full visibility and control over cluster resources and prevents suspicious activity such as adding malicious executables to their pods, creating crypto-mining cronjobs, remote code executions (RCE) in pods, the exposure of cluster secrets, the elevation of privileges, deleting Kubernetes log data and more.
“Portshift’s extended Kubernetes Cluster Protection offers a new approach to providing fine-grained policy control over potentially sensitive cluster resources,” said Brad Geesaman, Co-founder at Darkbit.io. “It is uniquely positioned to both detect and prevent activities inside the Kubernetes cluster that an attacker might use to gain access to secrets, run malicious workloads, or even escalate their privileges.”
“It’s a significant challenge for administrators to review all permissions granted and to understand the extent of their impact – Portshift does this automatically,” said Zohar Kaufman, VP of R&D, Portshift. “Using Extended Cluster Protection, the situation receives zero-day mitigation without waiting for Kubernetes updates.”