Kubernetes Security Operations Center (KSOC) has announced the availability of the first zero trust policy generator for Kubernetes role-based access control (RBAC). To-date, security and engineering teams have been unable to incorporate Kubernetes RBAC in their zero trust initiatives, as current Kubernetes or Cloud Identity and Entitlements Management (KIEM/CIEM) tools either ignore RBAC or make right-sizing guidance in absence of the identity’s behavior. As part of its Identity Threat Detection and Response (ITDR) platform, KSOC’s new RBAC zero trust policy generator automates least privilege recommendations alongside insights into malicious identities.

“Passive lists of over permissions are inadequate for the Kubernetes RBAC gap faced by IT teams in their zero trust initiatives today,” says Jimmy Mesta, CTO and Co-Founder at KSOC. “For any least privilege policy recommendation to have practical value, a baseline understanding of the identity’s actual behavior is required; to that end, KSOC’s customers get broad context with ITDR to understand how best to cover their gaps with the RBAC zero trust policy generator.”

The primary goal of KSOC’s right-sizing engine is to lower the scope of permissions to least privilege. The right-sizing function is available as part of KSOC’s cloud native ITDR solution, which allows customers to:

Clearly prioritize identity versus other risks in the environment using:

• Attack paths between Cloud IAM and Kubernetes RBAC
• Threat vectors that map the relationship between runtime events, network, cloud, Kubernetes misconfigurations, image CVEs, and more
• A clear view of the riskiest identities based on identity usage, presence in a broader threat vector, aspects of the identity itself, and more
• An identity inventory showing relative risks, and their relationships to the rest of the environment

Detect anomalies in usage and investigate the riskiest identities with:

• An identity inventory, including audit logs and deep dives into roles, service accounts, rolebindings, and other connections between identities and workloads
• AccessIQ: actual usage based on AI queries of Kubernetes API audit logs to find malicious insiders and other attacks utilizing valid or overly permissive credentials
• A baseline of ‘normal’ RBAC behavior to detect anomalies in cloud metadata, RBAC configurations and Kubernetes API audit logs

KSOC has also added the following features to its real-time cloud native security platform, allowing customers to move from CSPM-centric, legacy security to a more efficient, accurate approach to securing ephemeral cloud native environments:

• Support for Kubernetes Custom Resources: Now you can include your custom resources in KSOC’s real-time KSPM features and threat vectors for complete security coverage. Take advantage of KSOC’s admission control capabilities by writing custom policies against these custom resources.
• Github app: Now you can configure and enforce a CI workflow for KSOC across all repos at the organization level, to enforce and measure compliance to standards with less friction, as well as ensure that workloads are scanned for CVEs before entering the deployment pipeline.
• Chainguard integration: Within KSOC’s container insights, track the usage of Chainguard’s CVE-free images across all your clusters over time, to ensure progress on the road to inbox zero for vulnerabilities and FedRAMP compliance.