Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
StackRox / Kubernetes Security Platform / 15 Sep 2020
StackRox / Kubernetes Security Platform / 15 Sep 2020
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: Assessing your security risks in container and Kubernetes environments

Description

No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).

A

Let's get into the use case for risk profiling and in this example, stackrock stank ranks every single deployment according to risk under the wrist tab, and I'm going to go into the first example for my visa processor to show you how we calculate this risk index. The first thing we can see is that this deployment, which is the number one priority, is violating many of the default policies that are best practices that come out of the box.

A

This includes things like running a read, write route file system, running a privileged container and having existing vulnerabilities that are particularly dangerous. Additionally, we see a number of suspicious process executions taking place inside this deployment like netcap being installed in a reverse shell happening and within the process. Discovery stackrocks automatically creates an allow list of what's expected and also creates a deny list based on unexpected behavior, and this is where those suspicious processes come from.

A

In addition to this, we're also going to see other things like it's service configuration, so we see secrets being used in plain text. The ssh keys are actually readable. Capabilities like sysadmin are added to the container. A sidecar container is in privilege mode. My service reachability is wide port 2020 port 22 is exposed, port 8080 is exposed and I have no network policies. I have a number of components useful for attackers and on top of that, my service account has been granted cluster admin privileges.

A

So in this way, stackrocks is able to give you a very good idea of risk, not just from a container and an image perspective, but from a configuration in a kubernetes context. Using this information you could then notify the developers work on policies to notify or even enforce on some of these things. This has just been a quick example of how you would analyze a risk using stackrocks. Thank you.