Analyze Configurations of Containerized Data and Applications to Avoid Unintended Exposure

Containerized applications and Amazon Elastic Kubernetes Service (EKS) allow software developers to rapidly develop and deploy new capabilities, but require new types of security measures–implemented by development teams–that:  

  • Control communications between pods and clusters   
  • Manage services and user/group accounts access 
  • Define custom policies that are specific to the application deployment 

Given this additional responsibility for developers and overall complexity of deployment environments, misconfigured controls are too common. Gartner estimates that by 2023, 99% of cloud security failures are caused by misconfigurations from the customer.  

Define Your Security Posture and Prevent Misconfigurations

By analyzing all Kubernetes (EKS) configurations, security teams can answer these key questions: 

  • Are there overly permissive user and service accounts? 
  • Are there services exposed outside the cluster? 
  • Are there nodes exposed to the Internet? 
  • Is there unintended access between specific clusters? 
  • Is the proper RBAC access to the control plane in place? 

By collaborating with DevOps throughout the Software Development Lifecycle (SDL) security teams can learn the basics of containerized applications and define policies that ensure a stronger security posture. 

RedSeal Stratus provides continuous monitoring of organization’s EKS inventory. By placing all cloud infrastructures in one comprehensive place, its easy to examine your containerized applications.

EKS Inventories can be monitored and examined for internet exposure with ease. RedSeal Stratus you can quickly identify and fix any vulnerabilities.


RedSeal Stratus’ EKS Inventory provides continuous monitoring of your Amazon Kubernetes resources, including filtering by type and detailed drill down of resources (namespace, pod, deployment, service), service accounts, user & group accounts, and services. 

By drilling down into service accounts and user/group accounts, specific roles are identified along with their types. This enables identification of overly permissive accounts that may allow unintended access across clusters or pods. 

RedSeal Stratus provides a deep visual of your organization’s cloud hierarchy. This tool helps identify exposure within your EKS inventory.

Examination of services shows what specific types of services exist that may violate desired access methods (e.g. ClusterIP and Node Port which are often used by developers but are not desired after deployment), including the details of IP addresses and ports. 

Detailed analysis of all resources also identifies network security policies which may be in place for both ingress and egress, and whether these policies properly enforce the desired security posture. 

Through this detailed examination of the configurations of all EKS resources, RedSeal Stratus enables security teams to: 

  • Have up-to-date detailed knowledge of all EKS resources and their relationships with each other 
  • Identify overly permissive user and service accounts 
  • Pinpoint unintended exposure to the Internet from nodes, clusters, or pods 
  • Analyze communication channels/access between clusters that may create unintended Internet exposure 
  • Validate network policies that have been defined to ensure that no unintended exposure has been allowed   


Stop unintended exposure and bring all your AWS network infrastructure and EKS inventory into single comprehensive visualization.

Test Drive RedSeal Stratus—the worlds's most accurate and actionable access and exposure CSPM tool -Sign Up