Security operations · 3 MIN READ · DAN WHALEN · FEB 15, 2023 · TAGS: Cloud security / MDR
The potential for Kubernetes is huge, and the challenges facing early adopters are, too. We announced the first-to-market MDR solution for Kubernetes environments on Monday, and we’d like to share some key considerations for your organization.
We recently detailed the rapid growth of Kubernetes and container environments and walked you through what our customers see as their biggest challenges.
Today let’s talk about how managed detection and response (MDR) for Kubernetes (k8s) makes the future a brighter place for organizations that rely on in-house application development.
For starters, MDR for Kubernetes environments helps orgs secure operations across every attack surface. It removes blind spots for the security team, arms the DevOps team to handle remediation, and lets developers do what they do best—build applications that propel the business.
It also provides insights across three core layers of Kubernetes applications:
- Configuration: More than half of organizations using Kubernetes found at least one misconfiguration in the past year, and failure to get ahead of the problem opens the door for attackers. MDR for Kubernetes identifies cluster misconfigurations and references the Center for Information Security (CIS) best practices benchmark to recommend enhancements, increasing your security team’s resilience.
- Control plane: No matter how far along you are on your journey, our solution translates Kubernetes complexity into clarity by:
○ Integrating with cloud k8s infrastructures, like Amazon Elastic Kubernetes Service (EKS) and Google Kubernetes Engine (GKE);
○ Analyzing audit logs; applying custom detection logic to alert on malicious or interesting activity; and
○ Providing clear remediation guidance. - Run-time security: Bring-your-own-tech models maximize return on investment (ROI). MDR for Kubernetes can integrate with a broad portfolio of run-time container security vendors to provide the answers you need for the tech you already use.
Our MDR solution also aligns to the MITRE ATT&CK framework, helping your SecOps team quickly remediate and build resilience for the future. Expel-authored detections learn and adapt based on activity in your environment, keeping you ahead of threats. You’ll develop your own insights and best practices to track k8s security posture over time, and you won’t be flying without a net: a security operations center (SOC) is on hand with 24×7 triage and support. Plus, Expel MDR generates deeper awareness across your cloud infrastructure and drives more remediation recommendations where it matters to your business the most.
Secure the business
MDR in Kubernetes environments helps orgs remove their security blind spots by cultivating insight across the entire cloud attack surface. Security teams get important detection and response capabilities without causing friction for developers, letting them focus on building apps that matter to the business.
Specifically, orgs can monitor and secure k8s across control plane, configuration, and container runtime security layers. Continuous monitoring of event logs, security alerts, and configuration details demystifies the complexity of Kubernetes, providing actionable security findings and recommendations to improve security posture over time.
Improve ROI
Any new technology investment must pass the ROI test. The great news here is that MDR for Kubernetes boosts return by working with your existing infrastructure. This means no matter where you are on your security journey in Kubernetes, Expel MDR can provide detection and response capabilities without requiring additional investment. And importantly, as you mature, its capabilities grow with you.
CISOs and their teams quickly discover that enhanced visibility into the Kubernetes environment improves security results. They gain complete coverage across cloud infrastructure—and with our new offering, it’s all in the Expel WorkbenchTM platform—and eliminate silos between
DevOps and security, accelerating the business.
Enable the business
Security is often viewed as an inhibitor to business performance—a cost center and point of friction. According to Red Hat, 55% of organizations have had to delay application deployment due to security concerns. With MDR for Kubernetes, organizations can continue to ship software with the added confidence that continuous security monitoring provides. Security teams get important visibility and insight, DevOps teams spend less time chasing noisy security alarms, and developers are enabled to do what they do best—build what the business needs.
Doing this at scale requires deep visibility, effective detection and response capabilities, and an ability to anticipate and address risks in Kubernetes before they result in business impact.
Stay tuned for more k8s insights and resources. In the meantime, have a look here (and see what one customer architect says about why his org is happy to be aboard).