Kubernetes Risk Assessment: Time to Go One Level Deeper

At present, the common Kubernetes risk assessment framework is based on the popular CIS benchmarks for Kubernetes. This framework consists of a comprehensive set of tests covering all the Kubernetes elements' configuration. But the framework doesn't go deeper than the security configurations of the various elements. Real attacks can start by multiple elements expanding beyond security misconfigurations. Moreover, in the popular managed Kubernetes services (e.g., EKS, AKS or GKE), running these tests can be challenging. Hence, there's a need for an additional risk-assessment framework that can go deeper than the Kubernetes configurations, verifying that all other attack methods, steps, and stages are covered. This talk will show a new industry-driven framework led by MITRE crafting an ATT&CK matrix for containers/Kubernetes, which consist of tactics and techniques used in real attacks

Ariel Shuper

Principal Product Manager at Cisco.


Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top