Trend Micro Guide To Kubernetes Threat Modeling


Trend Micro has published a guide to Kubernetes threats, providing cloud administrators with recommendations on how to formulate a security strategy when using Kubernetes for container orchestration.

Kubernetes, one of the most used container orchestration systems in cloud environments, is an attractive target for cybercriminals and other threat actors. Cloud admins need to secure their deployments against three general areas, namely External attacks, Misconfiguration issues and Vulnerable applications, lest they introduce threats to their Kubernetes-driven containerization strategies.

While external attacks come from outside the organization, misconfiguration issues arise from unsecure configurations and vulnerable applications issues arise from vulnerabilities in software or applications.

“Cloud-specific security solutions such as Trend Micro Hybrid Cloud Security and Trend Micro Cloud One can streamline protection in these instances,” mentioned Brandon Niemczyk, Cloud Security Research Lead, Trend Micro.

Trend Micro also suggests how to protect clusters against external attacks. These include:

  • Using a firewall rule to ensure that only machines that need access to the API have access to it.
  • Not using insecure-bind-address option to open up the plain-text port on non-local host.
  • Using intrusion prevention systems (IPSs) with Secure Sockets Layer (SSL) decryption capabilities to allow monitoring of traffic to and from the API for zero-days and known vulnerabilities.