Zero Networks Tool Visually Maps Connections Within a Kubernetes Cluster
Zero Networks this week at the KubeCon + CloudNativeCon Europe conference revealed it can now provide a visual map of the services connected via a Kubernetes cluster that can be continuously updated in real time.
Company Field CTO Albert Estevez Polo said the Kubernetes Access Matrix makes use of telemetry data collected via the extended Berkeley Packet Filter (eBPF) embedded within the latest versions of Linux to collect telemetry data. Zero Networks then adds a daemon set to an instance of Helm running in the background on the Kubernetes cluster to collect that data.
That capability provides a graphical user interface (GUI) through which, for example, cybersecurity teams can easily see how various services are interconnected without having to navigate a massive number of YAML files or install any agent software, he added. The Kubernetes Access Matrix provides a real time understanding of how far a cyberattack could laterally move across a cluster, he added.
In the absence of that capability, the average Kubernetes cluster from the perspective of a cybersecurity team is little more than another black box on the network, said Estevez Polo.
Armed with those insights, cybersecurity and DevOps teams can then apply policies or wait 30 days for Zero Networks to automatically apply a set of pre-defined policies via the Container Network Interface (CNI) without having to configure them on their own.
It’s not clear how secure Kubernetes clusters are, but they do provide a rich target. Many of the applications deployed on these clusters are running the latest mission-critical applications that an organization has developed. As such, the number of cyberattacks aimed at Kubernetes clusters will steadily increase as the number of cloud-native applications continues to grow.
Unfortunately, most of the application developers building cloud-native applications have limited cybersecurity expertise, so many of the applications being deployed are fundamentally insecure. Many of the IT personnel that configure Kubernetes clusters simply don’t always have best cybersecurity practices in mind, noted Estevez Polo. Zero Networks is making a case for an approach to securing Kubernetes clusters using a microsegmentation platform that is more accessible to the average cybersecurity professional, he added.
Less clear is how much organizations are willing to invest in application security. A recent Futurum Group survey finds about 35% said they also plan to make some type of investment in application security.
Ideally, application developers need to be cognizant of the vulnerabilities and weaknesses they might be inadvertently adding to a code base. However, in the short term at least, it is more likely that there will be a security or compliance issue. The simple truth is all the investments made in DevOps tools and platforms to accelerate deployment can be easily negated if the quality of the code being generated only serves to increase an attack surface that can be more easily exploited.
Hopefully, there will come a day when application development and cybersecurity teams will be able to collaborate more effectively. In the meantime, organizations would do well to remember that things that can’t be seen are not usually managed very well.
