Cloud needs constant cleaning. Although not a cockroach repellent per se – but perhaps it could be if we think about the virtual nasties lurking on the dark web and throughout the ransomware universe – Expel is a cloud security operations provider working at the developer level. The company has now announced the general availability of its Expel MDR for Kubernetes, or… in other words, Managed Detection & Response for Kubernetes.
This technology is all about building a world of cleaner container-carrying Kubernetes-orchestrated clouds.
Kubernetes has of course quickly become the de-facto standard for automating scaling, deploying and managing containerized applications i.e. cloud apps built from smaller composable elements of software code that can be assembled into many forms once correctly configured into the right order, sequence and structure. Claiming to be the first-to-market offering of its kind, the Expel product enables cloud developers and operations staff to secure a business across a Kubernetes environment.
Containers have officially become the new normal of computing, with nearly 80% of organizations now using them for production applications. Alongside, Kubernetes has effectively now emerged as the operating system of the cloud. This means organizations are implementing more advanced Kubernetes use cases such as security controls, service meshes, messaging systems and observability tools.
The need for fast, agile and lightweight application development has become a core competitive Kubernetes requirement, but without incorporating security from the start, risks increase. Expel MDR for Kubernetes enables teams to detect and respond to security risks in their Kubernetes environments without slowing down DevOps.
“Organizations are adopting Kubernetes as a way to help their developers move fast and scale. This is similar to the historical drive to cloud infrastructure and, just like that drive, it comes with a new set of opportunities and a new set of security challenges,” explains Matt Peters, chief product officer, Expel.
CNCF: a growing security focus
Hugely vocal on this whole topic is Priyanka Sharma in her role as executive director for the Cloud Native Computing Foundation (CNCF). One of the biggest emerging trends the organization saw from its 2022 CNCF Annual Survey was the rise of WebAssembly (also known as Wasm, a technology for creating high-performance application experiences in the browser, or in non-web environments) and a growing focus on security.
“It’s no secret that in the shift-left phenomenon necessitated by containers and microservices, security is an increasing concern,” notes CNCF director Sharma. “For organizations using containers for nearly all applications, 40% reported security as their top challenge. The cloud-native community is already making significant security advances. Kubernetes has adopted multi-vendor open source project Sigstore for distribution verification and almost 800 IT professionals and stakeholders recently joined the Cloud Native Computing Foundation for the inaugural CloudNativeSecurityCon in Seattle.”
Expel CPO Peters says that his firm developed Expel MDR for Kubernetes to enable organizations to take advantage of the Kubernetes ecosystem while still protecting what matters to them in today’s constantly shifting threat landscape. His firm’s offering provides insights across the three core layers of Kubernetes applications.
Kubernetes layers 1-2-3
In terms of Kubernetes layer-1, that’s configuration.
To help organizations stay ahead of pervasive misconfigurations, Expel MDR for Kubernetes identifies cluster misconfigurations and references the Center for Information Security (CIS) Kubernetes benchmark for best practices to recommend configuration improvements. This allows teams to proactively become more resilient against threats.
Kubernetes layer-2 is the computing control plane.
This offering integrates with Amazon Elastic Kubernetes Service (EKS) and Google Kubernetes Engine (GKE) infrastructure, analyzing Kubernetes audit logs, applying custom detection logic to alert on malicious or interesting activity and providing step-by-step remediation recommendations.
“As organizations rapidly adopt Kubernetes to scale their DevOps, a lack of in-house skills will undoubtedly challenge teams. Security operations teams need coverage of every app, endpoint, network (and more) and resource-constrained teams can’t become experts on every new vector overnight. Adding a customisable, integrated approach to securing Kubernetes that allows security operations teams to get up and running quickly is becoming a must-have capability for modern organizations,” said Craig Robinson, research vice president at analyst house IDC.
Bring-Your-Own-Tech
Expel uses a Bring-Your-Own-Tech (‘BYO-Tech’) approach, so customers can maximise return on investment (ROI) with the software solutions of their choice. Expel MDR for Kubernetes integrates with a portfolio of run-time container security vendors to get customers more value from the tech they already use.
Expel MDR for Kubernetes also aligns to the MITRE ATT&CK framework, enabling teams to remediate and create resilience for the future. Expel-written detections continuously learn and adapt based on activity in the environment, putting customers ahead of threats and equipping them with the answers and best-practices to track Kubernetes’ security posture over time.
CNCF leader Priyanka Sharma sums up a lot of what has been going on in this discussion and says that the knowledge of how to apply secure cloud native computing techniques – exemplified by containers, service meshes, microservices, immutable infrastructure, and declarative APIs – is lagging slightly behind the general adoption of containers.
While 79% of respondents to the CNCF survey use containers in production use cases, only 30% indicate their organizations have adopted cloud-native techniques across nearly all development and deployment activities. This suggests that late adopters are still relatively early in their cloud-native journey.
“There is still much room for cloud-native to grow,” said Sharma. “This is demonstrated by the percentage [62% in the organization’s study] of businesses that do not regularly use cloud-native techniques and have containers for pilot projects or limited production use cases. Our mission at CNCF is to make cloud-native computing ubiquitous by solving the most prominent challenges still standing in the way of using and deploying containers, including developer training and security.”
Déjà vu & schadenfreude?
There’s a bit of déjà vu and hopefully not too much schadenfreude going on here.
This is where we started with cloud. We pushed all the buttons, went into datacenter hosting, hung out the flags and invited everyone round for drinks, party cake and cloud computing. Then, about 18-months in, we all started to worry about cloud security a lot more as the IT industry had to field real world user concerns about the robust nature (or not) of public datacenters for public cloud. We then got the hybrid cloud religion bad (i.e. good) and things have been a lot calmer ever since.
Still, for the Kubernetes ‘klean-up’ cleanliness factor to be so prevalent now is kind of reminiscent of the recent past. At least we’re doing something about it. Purell hand-wipe anyone?