Modal Title
Cloud Native Ecosystem Containers Edge Computing Microservices Networking Serverless Storage
Grab a Snapshot of Your Container Image with Checkpoint
Mar 11th 2023 6:00am, by Jack Wallen
How to Identify Your Wasteful Processes
Mar 6th 2023 7:00am, by Sean Scott
5 Things to Consider When Building a Kubernetes Platform
Mar 2nd 2023 10:00am, by Ram Iyengar
TrueNAS SCALE Network Attached Storage Meets High Demand
Mar 2nd 2023 7:13am, by Jack Wallen
How Do We Cultivate Community within Cloud Native Projects?
Feb 27th 2023 12:48pm, by Rynn Mancuso
Check for Container Image Vulnerabilities with Trivy
Mar 18th 2023 6:00am, by Jack Wallen
Grab a Snapshot of Your Container Image with Checkpoint
Mar 11th 2023 6:00am, by Jack Wallen
How to Work with Containers in TrueNAS
Mar 4th 2023 6:00am, by Jack Wallen
From a Fan: On the Ascendance of PostgreSQL
Mar 3rd 2023 7:12am, by Josh Long
Analyst Report: What CTOs Must Know about Kubernetes and Containers 
Feb 28th 2023 6:14am, by Jess Lulka
Rich Harris Talks SvelteKit and What’s Next for Svelte
Mar 20th 2023 3:00am, by Loraine Lawson
The Distance from Data to You in Edge Computing
Mar 19th 2023 6:00am, by Paul Scanlon
7 Hardware Devices for Edge Computing Projects in 2023
Mar 15th 2023 6:42am, by Charles Mahler
The Need for Speed: Why Eleventy Leaves Bundlers Behind
Mar 10th 2023 8:18am, by Loraine Lawson
What the Heck Is the Edge — and Why Should You Care?
Mar 8th 2023 10:00am, by Glauber Costa
What Is Microservices Architecture?
Feb 23rd 2023 4:22am, by Eric Schabell
Java's History Could Point the Way for WebAssembly
Jan 12th 2023 3:00am, by B. Cameron Gain
Limiting the Deployment Blast Radius
Nov 15th 2022 8:14am, by Steven Lohrenz
Do ... or Do Not: Why Yoda Never Used Microservices
Oct 25th 2022 6:00am, by Samar Abbas
The Gateway API Is in the Firing Line of the Service Mesh Wars 
Oct 17th 2022 7:00am, by B. Cameron Gain
JWTs: Connecting the Dots: Why, When and How
Mar 20th 2023 7:10am, by Michal Trojanowski
Palo Alto Networks Adds AI to Automate SASE Admin Operations
Mar 17th 2023 6:00am, by Chris J. Preimesberger
TrueNAS SCALE Network Attached Storage Meets High Demand
Mar 2nd 2023 7:13am, by Jack Wallen
How Secure Is Your API Gateway?
Feb 28th 2023 5:16am, by Andrew Stiefel
Bullet-Proofing Your 5G Security Plan
Feb 24th 2023 7:24am, by Anand Oswal
ScyllaDB’s Incremental Changes: Just the Tip of the Iceberg
Mar 20th 2023 9:29am, by George Anadiotis
TriggerMesh: Open Sourcing Event-Driven Applications
Mar 13th 2023 12:14pm, by Jessica Wachtel
Ably Touts Real-Time Starter Kits for Vercel and Netlify
Mar 8th 2023 10:56am, by Loraine Lawson
Going Serverless on AWS Lambda? Recognize Potential Risks 
Mar 6th 2023 5:00am, by Sarabjeet Chugh
Portainer Shows How to Manage Kubernetes at the Edge
Feb 13th 2023 12:32pm, by Loraine Lawson
ScyllaDB’s Incremental Changes: Just the Tip of the Iceberg
Mar 20th 2023 9:29am, by George Anadiotis
Historical Data and Streaming: Friends, Not Foes
Mar 20th 2023 4:00am, by Michael Drogalis
Bosch IoT and the Importance of Application-Driven Analytics
Mar 9th 2023 8:30am, by Jay Runkel
How to Work with Containers in TrueNAS
Mar 4th 2023 6:00am, by Jack Wallen
From a Fan: On the Ascendance of PostgreSQL
Mar 3rd 2023 7:12am, by Josh Long
Frontend Development Software Development Typescript WebAssembly Cloud Services Data Machine Learning Security
JavaScript Library Lets Devs Add AI Capabilities to Web
Mar 20th 2023 10:32am, by Loraine Lawson
Rich Harris Talks SvelteKit and What’s Next for Svelte
Mar 20th 2023 3:00am, by Loraine Lawson
The Distance from Data to You in Edge Computing
Mar 19th 2023 6:00am, by Paul Scanlon
Build Machine Learning Apps in Your Notebook with Tecton
Mar 15th 2023 6:00am, by Richard MacManus
Veteran C++ Developer Says Python Is Best Starter Language
Mar 13th 2023 10:58am, by Loraine Lawson
Build Software Supply Chain Trust with a DevSecOps Platform
Mar 21st 2023 8:23am, by Diego Lapiduz
Get More out of Machine Learning with Data Preprocessing
Mar 21st 2023 5:00am, by Alexander T. Williams
JavaScript Library Lets Devs Add AI Capabilities to Web
Mar 20th 2023 10:32am, by Loraine Lawson
JWTs: Connecting the Dots: Why, When and How
Mar 20th 2023 7:10am, by Michal Trojanowski
Rich Harris Talks SvelteKit and What’s Next for Svelte
Mar 20th 2023 3:00am, by Loraine Lawson
JavaScript or WebAssembly: Which Is More Energy Efficient and Faster?
Jan 30th 2023 9:51am, by Loraine Lawson
What TypeScript Brings to Node.js
Dec 26th 2022 3:00am, by Paul Ferrill
Improve your TypeScript Skills with Type Challenges
Nov 11th 2022 3:00am, by Danni White
TypeScript on Mars: How HubSpot Brought TypeScript to Its Product Engineers
Aug 19th 2022 10:00am, by George Kemp and Duncan Walter
PayPal Enhances JavaScript SDK with TypeScript Type Definitions
Aug 17th 2022 12:38pm, by Jessica Wachtel
MIT-Created Compiler Speeds up Python Code
Mar 14th 2023 11:38am, by Loraine Lawson
Can WebAssembly Solve Serverless's Problems?
Mar 3rd 2023 5:13am, by B. Cameron Gain
Figma Targets Developers While it Waits for Adobe Deal News
Feb 27th 2023 9:42am, by Richard MacManus
Is WebAssembly Really the Future? 
Feb 24th 2023 7:38am, by B. Cameron Gain
How WebAssembly Offers Secure Development through Sandboxing
Feb 10th 2023 8:51am, by Jeff Goldman
Getting the Most from Kubernetes Autoscaling
Mar 21st 2023 7:06am, by Brian Likosar
ScyllaDB Challenges DynamoDB on Latency and Pricing
Mar 20th 2023 9:00am, by Jessica Wachtel
Multiple Vendors Make Data and Analytics Ubiquitous
Mar 20th 2023 5:00am, by Andrew Brust
Let’s Talk about Cloud Threat Hunting 
Mar 16th 2023 7:33am, by Guilherme (Gui) Alvarenga
A Deep Dive into the Security of IAM in AWS 
Mar 14th 2023 8:44am, by Robert Kimani
Get More out of Machine Learning with Data Preprocessing
Mar 21st 2023 5:00am, by Alexander T. Williams
JavaScript Library Lets Devs Add AI Capabilities to Web
Mar 20th 2023 10:32am, by Loraine Lawson
ScyllaDB’s Incremental Changes: Just the Tip of the Iceberg
Mar 20th 2023 9:29am, by George Anadiotis
ScyllaDB Challenges DynamoDB on Latency and Pricing
Mar 20th 2023 9:00am, by Jessica Wachtel
Multiple Vendors Make Data and Analytics Ubiquitous
Mar 20th 2023 5:00am, by Andrew Brust
Get More out of Machine Learning with Data Preprocessing
Mar 21st 2023 5:00am, by Alexander T. Williams
Multiple Vendors Make Data and Analytics Ubiquitous
Mar 20th 2023 5:00am, by Andrew Brust
Apache Cassandra: The Data Foundation for Real-Time AI 
Mar 17th 2023 7:00am, by Matt Kennedy
Palo Alto Networks Adds AI to Automate SASE Admin Operations
Mar 17th 2023 6:00am, by Chris J. Preimesberger
OpenAI's GPT-4 Can Analyze Visual Images, Pass Bar Exam
Mar 16th 2023 9:31am, by Kimberley Mok
Build Software Supply Chain Trust with a DevSecOps Platform
Mar 21st 2023 8:23am, by Diego Lapiduz
JWTs: Connecting the Dots: Why, When and How
Mar 20th 2023 7:10am, by Michal Trojanowski
Check for Container Image Vulnerabilities with Trivy
Mar 18th 2023 6:00am, by Jack Wallen
Defining DORA-Like Metrics for Security Engineering
Mar 17th 2023 9:00am, by Daniel Koch
So You Want to Be an API Security Expert?
Mar 16th 2023 9:42am, by Byron McNaught
Platform Engineering Operations CI/CD Tech Life DevOps Kubernetes Observability Service Mesh
Build Software Supply Chain Trust with a DevSecOps Platform
Mar 21st 2023 8:23am, by Diego Lapiduz
Simplify CI/CD with a General-Purpose Software Catalog
Mar 14th 2023 6:24am, by Zohar Einy
Enabling DevOps Control for Those Who Need It Most — Developers
Mar 13th 2023 6:46am, by Venkat Thiruvengadam
Setting Kubernetes Standards with Platform Engineering
Mar 10th 2023 7:39am, by Zohar Einy
Which Features Does Your Platform Engineering Portal Need?
Mar 7th 2023 4:00am, by B. Cameron Gain
Is Your Incident Response Better Than an Energy Company’s?
Mar 21st 2023 9:04am, by Paige Cruz
Getting the Most from Kubernetes Autoscaling
Mar 21st 2023 7:06am, by Brian Likosar
Defining DORA-Like Metrics for Security Engineering
Mar 17th 2023 9:00am, by Daniel Koch
Palo Alto Networks Adds AI to Automate SASE Admin Operations
Mar 17th 2023 6:00am, by Chris J. Preimesberger
Why Audit Logs Are Important
Mar 16th 2023 8:34am, by James Walker
Simplify CI/CD with a General-Purpose Software Catalog
Mar 14th 2023 6:24am, by Zohar Einy
IBM Donates SBOM Code to OWASP
Mar 7th 2023 7:51am, by Steven J. Vaughan-Nichols
Slim.AI: Automating Vulnerability Remediation for a Shift-Left World
Feb 21st 2023 10:00am, by John Amaral
DevPod: Uber's MonoRepo-Based Remote Development Platform
Jan 26th 2023 3:00am, by Jessica Wachtel
Top 5 Considerations for Better Security in Your CI/CD Pipeline
Jan 20th 2023 8:52am, by Ali Bidabadi
Stephen Thaler Claims He's Built a Sentient AI
Mar 16th 2023 8:10am, by David Cassel
How Tech Leaders Are Managing Anxieties after SVB Failure
Mar 15th 2023 10:59am, by Heather Joslyn and Colleen Coll
Chatops: Where Automation, Collaboration and DevOps Culture Meet
Mar 15th 2023 8:19am, by Blair Rampling
What We Can Learn from Twitter's Outages
Mar 13th 2023 9:00am, by Jennifer Riggins
Congress and AI
Mar 13th 2023 6:00am, by Steven J. Vaughan-Nichols
Historical Data and Streaming: Friends, Not Foes
Mar 20th 2023 4:00am, by Michael Drogalis
Defining DORA-Like Metrics for Security Engineering
Mar 17th 2023 9:00am, by Daniel Koch
Chatops: Where Automation, Collaboration and DevOps Culture Meet
Mar 15th 2023 8:19am, by Blair Rampling
Build Machine Learning Apps in Your Notebook with Tecton
Mar 15th 2023 6:00am, by Richard MacManus
Is Cluster API Really the Future of Kubernetes Deployment?
Mar 14th 2023 10:00am, by Steve Francis
Getting the Most from Kubernetes Autoscaling
Mar 21st 2023 7:06am, by Brian Likosar
Is Cluster API Really the Future of Kubernetes Deployment?
Mar 14th 2023 10:00am, by Steve Francis
Can WebAssembly Solve Serverless's Problems?
Mar 3rd 2023 5:13am, by B. Cameron Gain
5 Things to Consider When Building a Kubernetes Platform
Mar 2nd 2023 10:00am, by Ram Iyengar
Developer Guardrails with Custom Kubernetes Resource Validators
Mar 2nd 2023 9:32am, by Wito Delnat
Is Your Incident Response Better Than an Energy Company’s?
Mar 21st 2023 9:04am, by Paige Cruz
Why Audit Logs Are Important
Mar 16th 2023 8:34am, by James Walker
5 Steps to Effective Cloud Detection and Response 
Mar 15th 2023 10:30am, by Faith Kilonzi
Know the Hidden Costs of DIY Prometheus
Mar 14th 2023 9:46am, by George Hamilton
Setting Kubernetes Standards with Platform Engineering
Mar 10th 2023 7:39am, by Zohar Einy
Ambient Mesh: Sidestepping the Sidecar
Mar 1st 2023 8:44am, by Jeff Goldman
Service Mesh Demand for Kubernetes Shifts to Security
Oct 27th 2022 11:04am, by B. Cameron Gain
AmeriSave Moved Its Microservices to the Cloud with Traefik's Dynamic Reverse Proxy
Sep 8th 2022 2:02pm, by Ann R. Thryft
Can You Now Safely Remove the Service Mesh Sidecar?
Sep 8th 2022 9:19am, by B. Cameron Gain
eBPF or Not, Sidecars are the Future of the Service Mesh
Aug 12th 2022 10:00am, by William Morgan
Cloud Native Ecosystem / Kubernetes / Security

Mitre ATT&CK Frameworks Get a Handle on Kubernetes Security Defense

MITRE ATT&CKs are globally accessible knowledge bases of adversary tactics and techniques based on observing real-world attacks.
May 14th, 2021 12:00pm by
Featued image for: Mitre ATT&CK Frameworks Get a Handle on Kubernetes Security Defense
Feature Image par Suhas Rawool de Pixabay

We all know securing Kubernetes is a pain. One of our problems is that while we know how to secure this or that component, getting our arms around the whole gamut of possible attacks on containers and Kubernetes is really hard. That’s why Mitre, the US government non-profit corporation dedicated to security, is working on an ATT&CK knowledge base for containers and Kubernetes.

Mitre ATT&CKs are globally accessible knowledge bases of adversary tactics and techniques based on observing real-world attacks. The ATT&CK knowledge base is a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.

Originally Mitre, and its partners, Citigroup, JPMorgan Chase, and Microsoft, were just going to tackle building an ATT&CK knowledge base for containers. They quickly realized however, they needed to cover orchestration-level (e.g. Kubernetes) and container-level (e.g. Docker) adversary behaviors in a single Containers platform in ATT&CK.

Along the way to creating this knowledge base, the security researchers discovered that while the vast majority of attacks on containers and Kubernetes clusters are all about crypto-mining. But, evidence shows that adversaries are also using containers for more “traditional” purposes, such as exfiltration and collection of sensitive data. Worse still these kinds of attacks are being underreported. So, if you see something odd going on in your clusters and you didn’t worry much about it because you didn’t see a crypto-mining attack such as Monero Cryptojacking Malware in your containers, think again. You may still be under an attack after all.

While building out the knowledge base, the Mitre team also added other kinds of attacks. These include adversaries exploiting software vulnerabilities to facilitate escaping to the underlying host; Cases where security tools related to container deployment are disabled by an attacker; and network security attacker scanning within a Kubernetes network.

As for malware, MITRE has placed container-specific malware programs — Kinsing, Doki, and Hildegard — into ATT&CK. They hope this will help sysadmins and security leaders to get a better idea of the abstraction level of techniques with the Containers matrix when compared to Linux and Infrastructure-as-a-Service (IaaS).

Thinking of abstractions, you may wonder what good does such a high-level abstraction of Kubernetes and containers security threats do Kubernetes developers and administrators in the field. Ariel Shuper, who works on new technology and cloud applications security at Cisco, explained that while “The common Kubernetes risk assessment framework was based on the popular CIS benchmarks for Kubernetes. This framework consists of a comprehensive set of tests covering all the Kubernetes elements’ configuration security best practices.”

That’s fine as far it goes, Shuper continued, but it doesn’t address “attack vectors which are not based on security misconfigurations.” After all, “Malicious attacks can start by multiple elements expanding beyond security misconfigurations. But there were additional operational elements that pushed for a new framework. The popular managed Kubernetes services, such as Amazon Web Services‘ EKS, Azure AKS, or Google’s GKE doesn’t provide access to the elements which are tested by the CIS benchmarks, making it hard to assess the security status of these services.”

So Shuper thinks the ATT&CK matrix works well as a new risk-assessment framework since it verifies all other attack methods, steps, and stages. In addition, the ATT&CK matrix is “based only on tactics and techniques which were used in real attacks, making it very concrete.”

In addition, as Shuper points out too correctly, “not all developers are even entirely aware that this is what they’re using! This all makes it hard to manage security for Kubernetes.” You think? I’ve seen far too many Kubernetes experts who are anything but.

Shuper concluded, “Understanding Kubernetes security starts with understanding how Kubernetes can be breached. Hence, security teams need a complete picture of every role involved in protecting the security of your organization’s Kubernetes clusters. And that’s where a high-level Mitre ATT&CK security knowledge base comes in.

Group Created with Sketch.
SHARE THIS STORY
RELATED STORIES
How Do We Cultivate Community within Cloud Native Projects? The Top 4 Threats to Securing Your Cloud Infrastructure Why Kubernetes Has Emerged as the 'OS' of the Cloud Docker Swarm, a User-Friendly Alternative to Kubernetes 4 Cloud Security Considerations for Financial Services Firms
TNS owner Insight Partners is an investor in: Docker.
RELATED STORIES
Grab a Snapshot of Your Container Image with Checkpoint Is WebAssembly Really the Future?  CloudNativeSecurityCon: Shifting Left into Security Trouble How to Build The Right Platform for Kubernetes How Do We Cultivate Community within Cloud Native Projects?
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.