Over the last year 89% of organizations experienced at least one container or Kubernetes security incident, making security a high priority for DevOps and security teams.
Despite many DevOps teams’ opinions of Kubernetes not being secure, it commands 92% of the container market. Gartner predicts that 95% of enterprises will be running containerized applications in production by 2029, a significant jump from less than 50% last year.
While misconfigurations are responsible for 40% of incidents and 26% reported their organizations failed audits, the underlying weaknesses of Kubernetes security haven’t yet been fully addressed. One of the most urgent issues is deciphering the massive number of alerts produced and finding the ones that reflect a credible threat.
Kubernetes attacks are growing
Attackers are finding Kubernetes environments to be an easy target due to the growing number of misconfigurations and vulnerabilities enterprises using them are not resolving quickly – if at all. Red Hat’s latest state of Kubernetes security report found that 45% of DevOps teams are experiencing security incidents during the runtime phase, where attackers exploit live vulnerabilities.
The Cloud Native Computing Foundations’ Kubernetes report found that 28% of organizations have over 90% of workloads running in insecure Kubernetes configurations. More than 71% of workloads are running with root access, increasing the probability of system compromises.
Traditional approaches to defending against attacks are failing to keep up. Attackers know they can move faster than organizations once a misconfiguration, vulnerability or exposed service is discovered. Known for taking minutes from initial intrusion to taking control of a container, attackers exploit weaknesses and gaps in Kubernetes security in minutes. Traditional security tools and platforms can take days to detect, remediate and close critical gaps.
As attackers sharpen their tradecraft and arsenal of tools, organizations need more real-time data to stand a chance against Kubernetes attacks.
Why alert-based systems aren’t enough
Nearly all organizations that have standardized Kubernetes as part of their DevOps process rely on alert-based systems as their first line of defense against container attacks. Aqua Security, Twistlock (now part of Palo Alto Networks), Sysdig, and StackRox (Red Hat) offer Kubernetes solutions that provide threat detection, visibility and vulnerability scanning. Each offers container security solutions and has either announced or is shipping AI-based automation and analytics tools to enhance threat detection and improve response times in complex cloud-native environments.
Each generates an exceptionally high volume of alerts that often require manual intervention, which wastes valuable time for security operations center (SOC) analysts. It usually leads to alert fatigue for security teams, as more than 50% of security professionals report being overwhelmed by the flood of notifications from such systems.
As Laurent Gil, co-founder and chief product officer at CAST AI, told VentureBeat: “If you’re using traditional methods, you are spending time reacting to hundreds of alerts, many of which might be false positives. It’s not scalable. Automation is key—real-time detection and immediate remediation make the difference.”
Read full Source: VentureBeat
By Louis Columbus