Detective Controls in K8s Environments – Wrangling Security Data Out Of Your Clusters

As Kubernetes (K8s) usage becomes more common, Cloud Security teams are often tasked with securing K8s usage within their organization. K8s Clusters contain a variety of different logs and data sources. Feeding these data sources with appropriate detective controls can give Security teams deep insight into the activity of their clusters, and help identify both malicious activity and risky configurations. In this talk, we will explore: The different types of logs and data available within K8s environments What you should care about (and why) from a security perspective The differences between self-managed and CSP managed-K8s offerings, and how each affects detection Engineering aspects of plumbing these logs to a SIEM or Data Lake How to get started on generating your own detection cases, including real- world attack scenarios! Throughout the presentation, we will layer our guidance alongside input from industry frameworks like MITRE ATT&CK for Containers and real world experience.

SANS CloudSecNext Summit 2023
Detective Controls in K8s Environments – Wrangling Security Data Out Of Your Clusters
Speaker: Dakota Riley, Principal Security Engineer, Aquia, Inc.

View upcoming Summits: http://www.sans.org/u/DuS

Видео Detective Controls in K8s Environments – Wrangling Security Data Out Of Your Clusters канала SANS Cloud Security