Tel Aviv-based security startup KTrust is introducing a proactive approach to Kubernetes security, diverging from conventional methods. Instead of solely scanning Kubernetes clusters for known vulnerabilities, KTrust employs an automated system to simulate real-world hacking attempts.
What is Kubernetes security?
Kubernetes security encompasses the comprehensive measures and strategies implemented to protect Kubernetes clusters, the applications running on them and the sensitive data they manage.
As a powerful container orchestration platform used extensively in cloud-native environments, Kubernetes introduces unique security challenges that require careful consideration and mitigation.
At its core, Kubernetes security involves safeguarding against various threats, including unauthorised access, data breaches, malicious code injection and service disruptions.
This entails implementing robust authentication and authorisation mechanisms to control access to Kubernetes resources, encrypting sensitive data both at rest and in transit, and enforcing network policies to restrict communication between pods and external entities.
Furthermore, Kubernetes security includes the proactive identification and remediation of vulnerabilities within the cluster infrastructure and deployed applications. This involves regular vulnerability assessments, scanning for known vulnerabilities in container images and applying patches and updates promptly to address any security gaps.
In addition to securing the infrastructure and applications, Kubernetes security also entails monitoring and logging activities within the cluster to detect suspicious behaviour and potential security incidents.
By implementing logging and auditing mechanisms, organisations can gain visibility into cluster activities, track user actions and investigate security events for timely response and remediation.
Moreover, Kubernetes security extends beyond technical measures to include best practices in configuration management, resource isolation and compliance adherence. This involves following Kubernetes security best practices, such as minimising the attack surface by reducing unnecessary privileges, implementing least privilege access controls and adhering to security benchmarks and industry standards.
This approach enables security teams to concentrate on genuine attack paths rather than wading through extensive lists of potential vulnerabilities. Known as "continuous threat exposure management" (CTEM), KTrust is emerging from stealth mode today, announcing a successful $5.4 million seed funding round led by Awz Ventures.
Led by CEO Nadav Toledo, a former colonel in the Israeli Defense Forces' 8200 intelligence unit, KTrust's leadership team brings substantial experience to the table. Alongside Toledo are CTO Nadav Aharon-Nov, previously of R-MOR, COO Sigalit Shavit, former global CIO of CyberArk and CBO Snir Maizlik, a seasoned business leader.
KTrust identified the challenges faced by organisations grappling with Kubernetes complexity, with DevOps teams and CISOs struggling to balance operational efficiency with robust security measures.
Traditional passive scanner approaches often inundate teams with alerts, necessitating manual prioritisation and intervention. In response, KTrust developed an automated red team algorithm that actively probes attack paths within Kubernetes-based systems.
"Kubernetes is very complex and it's very dynamic. We went to organisations and talked to the DevOps teams and CISOs... We saw the DevOps teams were struggling — and we also saw the DevSecOps teams struggling because they want them to also be Kubernetes experts — configuring Kubernetes — and on the other hand, be security experts," Toledo told TechCrunch.
This dynamic algorithm, unlike passive scanners, mimics real attackers to uncover genuine vulnerabilities. By replicating a customer's Kubernetes infrastructure settings in a secure sandbox environment, KTrust's algorithm identifies and validates potential exploits, significantly reducing false positives. In one instance, KTrust's agent-based system assisted a client in narrowing down over 500 vulnerabilities to just a dozen actionable attack paths.
"By doing this, we find actual attack paths to exploit and you don't get a list of hundreds of items that are not connected. We show the DevSecOps the validated exploits — and it's true validation because it was a real attack," Toledo explained.
Furthermore, KTrust empowers security teams with detailed insights into the attack process, facilitating manual mitigation efforts and offering automation where feasible. The company maintains a dedicated team of security specialists focused on uncovering novel attack vectors, resulting in the submission of several CVEs for Kubernetes and Argo CD.
Yaron Ashkenazi, managing partner at Awz Ventures, expressed confidence in KTrust's unique Kubernetes security solution, highlighting its ability to meet critical market demands and empower DevSecOps teams globally.
"Our investment in KTrust signifies our confidence in their distinctive Kubernetes security solution, meeting a critical market demand. With this investment KTrust will scale to empower DevSecOps globally in ensuring the secure deployment of their Kubernetes-based applications," said Yaron Ashkenazi, managing partner at Awz Ventures.
With this investment, KTrust is poised to scale its operations and bolster the secure deployment of Kubernetes-based applications, reaffirming its commitment to innovation and excellence in cybersecurity.