Analyze Configurations of Containerized Data and Applications to Avoid Unintended Exposure

Containerized applications and Amazon Elastic Kubernetes Service (EKS) allow software developers to rapidly develop and deploy new capabilities, but require new types of security measures–implemented by development teams–that:  

  • Control communications between pods and clusters   
  • Manage services and user/group accounts access 
  • Define custom policies that are specific to the application deployment 

Given this additional responsibility for developers and overall complexity of deployment environments, misconfigured controls are too common. Gartner estimates that by 2023, 99% of cloud security failures are caused by misconfigurations from the customer.  

Define Your Security Posture and Prevent Misconfigurations

By analyzing all Kubernetes (EKS) configurations, security teams can answer these key questions: 

  • Are there overly permissive user and service accounts? 
  • Are there services exposed outside the cluster? 
  • Are there nodes exposed to the Internet? 
  • Is there unintended access between specific clusters? 
  • Is the proper RBAC access to the control plane in place? 

By collaborating with DevOps throughout the Software Development Lifecycle (SDL) security teams can learn the basics of containerized applications and define policies that ensure a stronger security posture. 

UNDERSTAND YOUR KUBERNETES RESOURCES

RedSeal Stratus’ EKS Inventory provides continuous monitoring of your Amazon Kubernetes resources, including filtering by type and detailed drill down of resources (namespace, pod, deployment, service), service accounts, user & group accounts, and services. 

By drilling down into service accounts and user/group accounts, specific roles are identified along with their types. This enables identification of overly permissive accounts that may allow unintended access across clusters or pods. 

Examination of services shows what specific types of services exist that may violate desired access methods (e.g. ClusterIP and Node Port which are often used by developers but are not desired after deployment), including the details of IP addresses and ports. 

Detailed analysis of all resources also identifies network security policies which may be in place for both ingress and egress, and whether these policies properly enforce the desired security posture. 

Through this detailed examination of the configurations of all EKS resources, RedSeal Stratus enables security teams to: 

  • Have up-to-date detailed knowledge of all EKS resources and their relationships with each other 
  • Identify overly permissive user and service accounts 
  • Pinpoint unintended exposure to the Internet from nodes, clusters, or pods 
  • Analyze communication channels/access between clusters that may create unintended Internet exposure 
  • Validate network policies that have been defined to ensure that no unintended exposure has been allowed   

GET A DEMO OF STRATUS

Stop unintended exposure and bring all your AWS network infrastructure and EKS inventory into single comprehensive visualization.

RedSeal Launches New Cloud Security Posture Management Solution to Empower Security Teams -Learn More
+
X