What We've Learned from Scanning 10K+ Kubernetes Clusters by Rotem Refael
The number of misconfigurations, unpatched vulnerabilities, and overly-privileged users in Kubernetes systems is ASTOUNDING. We learned this from analyzing the telemetry data from the open source tool Kubescape, that has scanned more than 10K+ unique Kubernetes clusters, and we have learned a great deal about the state of Kubernetes risk, compliance, and security vulnerabilities.
In this talk we'll shed light on the most common misconfigurations across Kubernetes deployments (managed and self-managed) according to multiple frameworks (such as the NSA-CISA, MITRE ATT&CK®), alongside known software vulnerabilities, and RBAC (role-based-access-control) violations at early stages of the CI/CD pipeline. We will demonstrate how you can instantly calculate your own risk score, and you'll walk away able to discover and manage your own risks, over time, through constantly changing security trends.
We'll also provide interesting insights on why and where Kubernetes deployments mostly commonly fail and statistics on which controls fail most, as well as the weak spots and gotchas to pay attention to. Stick around though, as we'll wrap up with some simple measures your can take immediately to work towards eliminating these risks and improving your overall cloud native security posture.
Watch video What We've Learned from Scanning 10K+ Kubernetes Clusters by Rotem Refael online without registration, duration hours minute second in high quality. This video was added by user Devoxx 27 March 2023, don't forget to share it with your friends and acquaintances, it has been viewed on our site 3,209 once and liked it 45 people.