Analyze Configurations of Containerized Data and Applications to Avoid Unintended Exposure

Containerized applications, Amazon Elastic Kubernetes Service (EKS), Microsoft Azure Kubernetes Services (AKS) and Google Kubernetes Engine (GKE) allow software developers to rapidly develop and deploy new capabilities, but require new types of security measures–such as: 

  • Understanding your Kubernetes Inventory footprint 
  • Identifying if namespaces have adequate security controls 
  • Determining if services and user/group accounts access have excessive privileges
  • Seeing if access to clusters/namespaces meets organizational mandates

RedSeal Cloud Case Studies

EXPOSURE

Identify Critical Resources Inadvertently Exposed to the Internet

Accurately visualize your entire infrastructure

Easily remediate incidents via seamless ticketing integration

Display cloud security posture over time and see where you are most exposed

INVENTORY

Visualize Your Multi-Cloud Inventory and Connectivity with Maps

Proactively map all of your Azure subscriptions and AWS accounts

Map your gateways, subnets, VPCs, VNets, and security groups

Quickly identify any environment changes with automated reports

COMPLIANCE

Achieve Continuous Compliance in Your Multi-Cloud

Simplify and ensure continuous 24/7 compliance

Provide extensive reporting on compliance status

Enable customized compliance policies appropriate for your organization

Define Your Security Posture and Prevent Misconfigurations

By analyzing all EKS, AKS and GKE configurations, security teams can answer these key questions: 

  • Are there overly permissive user and service accounts? 
  • Are there services exposed outside the cluster? 
  • Are there nodes exposed to the Internet? 
  • Is there unintended access between specific clusters? 
  • Is the proper RBAC access to the control plane in place? 

By collaborating with DevOps throughout the Software Development Lifecycle (SDL) security teams can learn the basics of containerized applications and define policies that ensure a stronger security posture. 

EKS Inventories can be monitored and examined for internet exposure with ease. RedSeal Stratus you can quickly identify and fix any vulnerabilities.

UNDERSTAND YOUR KUBERNETES RESOURCES

RedSeal Cloud Kubernetes Inventory provides continuous compliance monitoring of your EKS, AKS and GKE resources, including filtering by type and detailed drill down of resources (namespace, pod, deployment, service), service accounts, user & group accounts, and services.

By drilling down into service accounts and user/group accounts, specific roles are identified along with their types. This enables identification of overly permissive accounts that may allow unintended access across clusters or pods. 

RedSeal Stratus provides a deep visual of your organization’s cloud hierarchy. This tool helps identify exposure within your EKS inventory.

Examination of services shows what specific types of services exist that may violate desired access methods (e.g. ClusterIP and Node Port which are often used by developers but are not desired after deployment), including the details of IP addresses and ports. 

Detailed analysis of all resources also identifies network security policies which may be in place for both ingress and egress, and whether these policies properly enforce the desired security posture. 

Through this detailed examination of the configurations of all EKS, AKS and GKE resources, RedSeal Cloud enables security teams to: 

  • Have up-to-date detailed knowledge of all EKS, AKS and GKE resources and their relationships with each other 
  • Identify overly permissive user and service accounts 
  • Pinpoint unintended exposure to the Internet from nodes, clusters, or pods 
  • Analyze communication channels/access between clusters that may create unintended Internet exposure 
  • Validate network policies that have been defined to ensure that no unintended exposure has been allowed   
Eliminate unintended risk exposures with RedSeal Stratus. All network infrastructures and cloud inventories are mapped into a single pane of glass to help identify vulnerability pathways to secure your ransomware attack against sophisticated cybercriminals.

GET A DEMO

Stop unintended exposure and bring all your AWS and Azure network infrastructure and EKS, AKS and GKE inventory into a single comprehensive visualization.

X