KSOC Introduces AI-Powered Cloud-Native Identity Threat Detection Platform

Compromised credentials and malicious insiders represent the most costly and common attack vectors of a breach, and played a key role in three of the four Kubernetes targeted attacks in 2023. With cloud native identity threat detection, security and engineering teams now have insight into the actual usage of over permissions, versus lists of over permissions that don’t indicate malicious usage.

By Monika Chauhan November 9, 2023100 views

Kubernetes Security Operations Center (KSOC) released the first threat detection capabilities spanning from Kubernetes role-based access control (RBAC) to cloud IAM, using AI to quickly spot anomalous patterns in large amounts of audit logs and cloud metadata.

“When it comes to identity in Kubernetes and the cloud, the legacy approach is to create noisy lists of misconfigurations and over permissions and call it ‘good enough.’ But security and engineering teams are now too overwhelmed, and identity has proven too critical and challenging to manage at scale, for this approach to remain practical. With this feature, customers are able to take advantage of AI’s strength in finding patterns in large datasets to efficiently identify identity-based attacks in their cloud native environments,” says Jimmy Mesta, CTO and Co-Founder of KSOC.

KSOC’s new cloud-native identity threat detection platform includes the following capabilities:

Attack paths between Cloud IAM and Kubernetes RBAC: find risks in the interaction of Cloud IAM and Kubernetes RBAC
Cloud native identity anomaly detection: AccessIQ shows actual usage based on AI queries of Kubernetes API audit logs to find malicious insiders and other attacks utilizing valid or overly permissive credentials, plus baselines ‘normal’ RBAC behavior and detects anomalies using AI to query cloud metadata, RBAC configurations and Kubernetes API audit logs
Top priority RBAC and IAM misconfigurations: prioritize the most critical configurations based on the connections between RBAC permissions, Kubernetes misconfigurations, network exposure, runtime alerts and image CVEs on the same workload

You may also like

Telmai Leverages AI To Simplify And Accelerate Data Observability Adoption | Mona Rakibe

Starburst Galaxy Helps Customers Simplify Development On Data Lake

Rafay Cloud Automation Platform Combines Kubernetes And Environment Management Offerings Into A Single Platform

Release’s Environment-as-a-Service (EaaS) Helps Increase Developer Productivity | Tommy McClung

Sumo Logic Strengthens Its Cloud-Native SaaS Log Analytics Platform

Self-Driving Software Company, Oxa, Aims To Revolutionize Autonomous Transportation | Ryan Smith