By their very nature, the environment is highly complex and ever-changing, creating significant security challenges. These can include incorrect settings, special functions and defects in parts. This cannot happen in production areas, otherwise the business may soon become toast.
To manage and mitigate this risk, testing the configurations and configurations of the units on a trusted platform before deployment is necessary. The problem is, this usually requires a lot of time/cost to start up and research that nobody wants to do because it’s not about innovation or business development.
In the decade-long existence of containers as essential components in modern IT systems, this murky but important task has been called upon by an efficient, self-contained tool. That’s what Orca Security set out to build, and as of today, it’s available.
Orca Research Pod has created KTE, an open source Kubernetes Testing Environment for AWS (EKS), Microsoft Azure (AKS), and Google Cloud (GKE), to help organizations improve Kubernetes security by providing a safe and controlled to identify and deal with potential defects before they affect production processes.
Orca’s security research team discovers and analyzes cloud risks and vulnerabilities to strengthen the Orca platform and promote cloud security best practices. The Orca Research Pod, made up of about a dozen cybersecurity experts, says it discovered more than 20 vulnerabilities in public cloud platforms that were eventually fixed. The team constantly analyzes the security of public cloud assets monitored by the Orca platform, while monitoring the tactics and strategies of attackers in the country.
KTE is Available Under the Apache 2.0 License
Starting August 27, Orca will release KTE to the open source community under the Apache License 2.0 in Orca’s main GitHub repository. KTE creates a free and agnostic KSPM (Kubernetes Security Posture Management) using a list of open source offerings.
Orca says it will continue to maintain KTE to support the K8s security community and assist in their efforts to better identify and assess security threats. Users are encouraged to replace the helmet chart with one of their own in order to use this project to test the operating environment.
This is the first K8s test project of its kind, Roi Nisimi, security researcher at Orca, told The New Stack.
“Currently there are no similar projects with one long-term goal in mind: to be a one-stop shop for all Kubernetes security issues, with one click, regardless of choice of cloud provider and open to the public. These are the strengths of KTE,” said Nisimi.
What does KTE involve?
By using the GitHub repository, developers are able to test several security products in their K8s environment. Whether it’s a management system in AWS, GCP or Azure, participants can use KTE to manage and monitor their teams. Most importantly, they are given a clean look at their scan results through web-based dashboards, Nisimi said.
Are there any noticeable translation differences between GCP, Azure and AWS?
“The main goal was to provide tools for any type of Kubernetes user – whether they use GCP, Azure or AWS,” said Nisimi. “In terms of security findings, the open source tools currently available offer native Kubernetes information with a few variations, but we expect to see the introduction of more vendor-specific tools in the future. “
KTE has the potential to become a standard DevSecOps tool. What can it replace?
“The project gives developers the opportunity to test their Kubernetes infrastructure against a wide range of security offerings, thereby achieving a strong security posture. It probably won’t replace home-built solutions but it really helps to design them, which allows to evaluate and combine quality and different security data,” said Nisimi.
Orca has created and will continue to maintain KTE to support the K8s security community and assist in their efforts to better identify and assess security threats – not just with one tool. not, but many open offerings, with the goal of including everything, said Nisimi. This will ensure a robust and robust method of identifying K8s misconfigurations and security vulnerabilities, Nisimi said.
YOUTUBE.COM/THENEWSTACK
Technology is moving fast, don’t miss an episode. Subscribe to our YouTube channel to stream all our podcasts, interviews, demos, and more.
SUBSCRIBE
#Orca #Security #K8s #Inspection #Staging #Environment