Tigera Looks to Secure Kubernetes Runtime Environments

Tigera today added a Calico Runtime Threat Defense platform for securing Kubernetes runtimes using a combination of signature and behavior-based techniques.

Utpal Bhatt, chief marketing officer for Tigera, says this latest addition to the Tigera portfolio continuously monitors and analyzes network and container behavior for indicators of attack using the MITRE framework without requiring IT teams to write their own set of complex rules that then need to be maintained.

The Calico Runtime Threat Defense makes use of the extended Berkeley Packet Filter (eBPF) in Linux to monitor processes, file systems activity and system calls. It is based on open source Calico networking software originally developed by Tigera. As such, this latest offering is integrated with the global threat intelligence feed that is already integrated with Calico. Those feeds are then used to surface policy recommendations such as quarantining an infected pod in addition to creating a set of pre-programmed detectors created by Tigera’s Threat Research team to detect threats. New detectors are continually added by Tigera to stay ahead of emerging zero-day threats, noted Bhatt.

The platform also includes a web application firewall to monitor HTTP communication to detect attacks, maintains a database of malware file hashes as part of its threat intelligence library to actively block known malware, deploys decoys or honeypots to monitor and detect suspicious activity within a Kubernetes cluster and makes use of open source SNORT software to provide deep packet inspection (DPI).

Finally, Calico Runtime Threat Defense also uses network traffic logs to baseline the behavior of cluster nodes, pods and services and uses machine learning algorithms to determine indicators of port scans, IP sweeps and domain generation algorithms (DGA).

Many organizations are just now coming to terms with what is required to secure Kubernetes clusters as more cloud-native applications deployed on this platform find their way into production environments. Given the inherent complexity of the Kubernetes platform, Tigera is making a case for the convergence of security and network management at a higher level of abstraction that aggregates the components needed to create a defense-in-depth strategy that is accessible to a wider number of IT teams, notes Bhatt.

Kubernetes presents IT teams with an opportunity to unify networking and security management which have been challenging to accomplish in legacy IT environments. The challenge is making it simple enough for the average IT administrator to take on that task without necessarily requiring the programming expertise of a DevOps team or the need to continuously write and update security rules every time a vulnerability is discovered.

Regardless of approach, as more applications are deployed on Kubernetes clusters, there will be a lot more cybercriminals testing the defenses of the platforms these applications run on. Unfortunately, cybersecurity has been a bit of an afterthought within the open source Kubernetes community, so organizations are going to need to look to other platforms to provide the appropriate level of defense.

Mike Vizard

Mike Vizard is a veteran IT journalist with more than 25 years of experience covering the technology industry, having previously served as Editor-in-Chief of both CRN and InfoWorld and as editorial director for Ziff-Davis Enterprise, where he oversaw titles including eWEEK, CIO Insight and Baseline. Over his career he has also edited or contributed to a wide range of enterprise technology publications, including IT Business Edge, Channel Insider, ComputerWorld, TMCNet and Digital Review, and he later led editorial for CTOEdge.com. His reporting and analysis span software development, cloud computing, cybersecurity, IT channel strategy and, more recently, artificial intelligence and DevOps practices. A recognized voice in enterprise IT journalism, Vizard is known for tracking emerging technology trends as they move from early adoption into mainstream enterprise use. He now serves as Chief Content Officer for Techstrong Group, where he oversees editorial strategy across the full network — DevOps.com, Security Boulevard, Cloud Native Now, Digital CxO, Techstrong.ai, TechStrong.IT, Techstrong Semi and PlatformEngineering.com — in addition to writing and hosting content for Techstrong TV and the Techstrong Gang podcast.

    Mike Vizard has 1813 posts and counting. See all posts by Mike Vizard