Category: Tigera

[By Ratan Tipirneni, President and CEO, Tigera]

Cloud computing and the use of cloud-native architectures enable unmatched performance, flexibility, velocity, and innovation. But as enterprises and small businesses increasingly use containers and distributed applications, threat actors are becoming increasingly sophisticated. For example, new Distributed Denial-of-Service (DDoS) attack techniques have emerged that target cloud-native and Kubernetes-based applications. Recently disclosed security flaws discovered in Kubernetes could have been exploited to achieve remote code execution with elevated privileges on Windows endpoints within a cluster.

Doubling down on security has never been more critical as the threat landscape continues to worsen and evolve. Against this backdrop, Tigera polled more than 1,200 users of Calico Open Source, the most widely adopted container security and network solution, to gauge what capabilities IT professionals need for container security and networking.

Survey respondents, including those responsible for DevOps, architecture, or IT operation and infrastructure at their organizations, shared that they use Calico Open Source primarily for Kubernetes networking and security. The State of Calico Open Source: Usage & Adoption report revealed that the critical capabilities driving the adoption of container networking and security solutions include:

  • Scalable networking (35%)
  • Security policies (35%)
  • Interoperability across different environments (33%)
  • Encryption capabilities (30%)

Poor network visibility in Kubernetes clusters and workloads can cause misconfigurations, which can lead to catastrophic consequences like ransomware attacks, exposure of sensitive data, denial of service (DoS) attacks, and unauthorized lateral movement. Another recent industry report, Red Hat’s State of Kubernetes Security, revealed that almost half of respondents experienced one or more of these issues in the last year. This underscores the critical need for visibility at the workload level to identify and mitigate misconfigurations and threats that traditional perimeter-based security solutions cannot identify.

Network security policy creation and deployment is driven by the need for workload access control and secure egress access. In fact, the report revealed workload access policies that limit pod-to-pod communication as the most popular type of security policy Calico users deploy, followed by policies for secure egress access.

  • Workload access policies that limit pod-to-pod communication (61%)
  • Secure egress access policies (41%)
  • Microsegmentation policies (24%)
  • Compliance (8%)

The State of Calico Open Source: Usage & Adoption Report findings show that developers understand the importance of robust workload-centric network security for Kubernetes workloads. Eighty-five percent of users said they needed to achieve network segmentation and protect east-west traffic. IT leaders need enhanced security controls at the workload level to limit pod-to-pod communication, reducing the risk of lateral movement of threats and contributing to compliance efforts. What’s more, egress access controls allow users to adopt a default-deny posture that helps protect against data exfiltration threats.

Container security requires a multi-layered approach that includes security measures at different levels, including the network, host, and application layers. Network security reduces the attack surface, which is a key way to protect containers.

Vulnerability management, configuration management, and deploying a runtime security solution are critical. Security teams must ensure their runtime security tools can rapidly identify and mitigate any intrusion attempts, or risk serious consequences.

Overall, a defense-in-depth strategy is designed to offer more comprehensive protection against different types of attacks. The goal of this approach is to make it more challenging for attackers to penetrate an organization’s defenses and to limit the damage if an attack does occur. The report findings demonstrate that today’s technology professionals understand the importance of deploying solutions that help them achieve security in an increasingly challenging threat landscape.

Author Bio

Ratan Tipirneni is President & CEO at Tigera, where he is responsible for defining strategy, leading execution, and scaling revenues. Ratan is an entrepreneurial executive with extensive experience incubating, building, and scaling software businesses from early stage to hundreds of millions of dollars in revenue. He is a proven leader with a track record of building world-class teams.

The post Network Security Priorities For Containers, According To Today’s IT Pros appeared first on Cybersecurity Insiders.

By Giri Radhakrishnan, Technical Product Marketing Manager, Tigera

Distributed Denial-of-Service (DDoS) attack techniques are evolving, creating new risks and challenges for cloud-first enterprises.

In a DDoS attack, an application or service becomes unavailable to users due to resources exceeding its capacity and causing the app to either crash or become unresponsive. Threat actors are becoming increasingly sophisticated–new DDoS attack techniques have emerged that target cloud-native and Kubernetes-based applications. Cloud-native applications are designed to scale up resources automatically (pods, CPU cycles, memory, etc.) when inbound requests spike, resulting in higher usage bills. Cybercriminals have now exploited this, generating illegitimate requests that lead to scaling resources up and down without resulting in actual business revenue. This attack method, dubbed a “yo-yo attack”, leads to revenue loss and a host of other issues for impacted organizations.

While the intent of a DDoS attack is not directly stealing money, data, or installing ransomware, any type of application downtime indirectly translates into monetary loss. Troubleshooting and mitigation efforts also result in lost productivity for IT professionals when they are already burdened with multiple security alerts.

Deploying container security solutions is critical to detecting DDoS attacks and helping to stop them before they become devastating. When it comes to container security solution capabilities to prevent and address DDoS attacks, security leaders should:

  • Use a solution that can build a baseline behavior for nodes, pods, and services with respect to the amount of traffic that is normal at any given period of time. Deviation from the baseline behavior could inform the user about a potential DDoS attack.
  • Use a broad set of container security tools, especially at runtime, with anomaly detection. If there is any presence of malicious activity either on the network or the container, alerting capabilities give operators quick and detailed information on potential impending threats.
  • Put strong zero-trust workload access control policies in place to restrict lateral movement should attackers gain a foothold in the environment within the Kubernetes cluster.

Although detecting a DDoS attack itself is a huge task, the job is only half done until you have the best mitigating strategies. The earlier you are able to start detecting and blocking the attack traffic, the better protected you are against application downtime. When it comes to DDoS attacks in Kubernetes, it’s important to first confirm if a basic Kubernetes Network Policy can help with responding to an attack. Bear in mind that the default Kubernetes Network Policy does not have the ability to do a few things that are critical to stopping a DDoS attack in Kubernetes.

There are two critical requirements to stop a DDoS attack when it happens: Global Network Policy and Host EndPoint (HEP) for policy enforcement. When these two are combined with a capability to define entire IP ranges or CIDR blocks, and perform XDP offloading, you can effectively stop a DDoS attack before it results in an outage or causes monetary loss.

Attackers are becoming more sophisticated with DDoS techniques, and the political landscape in war-affected regions has created an uptick in these attacks. Since applications in Kubernetes pose an equal, if not greater, security risk of DDoS attacks, organizations need new ways to detect and mitigate threats. Against this backdrop, deploying robust, comprehensive container security solutions is key.

The post DDoS Attacks in a Kubernetes Environment: Detection and Mitigation appeared first on Cybersecurity Insiders.

By Ratan Tipirneni, President and CEO, Tigera  

While cloud-native technologies are relatively new to many businesses, Global 2,000 companies have run containers and distributed applications at scale for over a decade. Although these household-name companies are high-profile targets for hackers, they have avoided devastating security incidents. This is evidence of their holistic security strategies and advanced tactics.

Based on our work with them, here are a few lessons other businesses can apply to cloud-native application security.

Take a zero-trust approach 

First and foremost, these companies have adopted a zero-trust approach. Choosing zero trust as the foundational pillar is one way Fortune 100 companies keep their environments secure. In a zero-trust model, everything is denied access by default except the things that need to be able to communicate. Zero trust is crucial in securing distributed applications and containers, as it prevents threats from sneaking in as they are deployed and maintained. It is nearly impossible to secure these environments without a zero-trust foundation.

The concept of zero trust has existed for many years, long before it was named or widely adopted. Zero trust exemplifies the importance of returning to the basics and learning from successful companies rather than chasing after new solutions that often overpromise and underdeliver.

Address infrastructure and security holistically

In addition to a zero-trust approach, companies that have secured their cloud-native environments take a holistic approach to security. Hackers and bad actors do not always target the most obvious entry points and can find–and exploit–vulnerabilities in any open door or window. Therefore, it is crucial to secure all potential attack vectors. This requires a comprehensive approach to security rather than focusing on just a few key areas.

Treat security as code

Another key lesson from these leading companies is the importance of treating security as code. Unless security and IT leaders treat security as code, they initially configure security to secure all their doors and windows, but once they get into the day-to-day operations, it is only a matter of time before one of those points of entry flips open.

With a security-as-code approach, security is programmed in along with the software so that the security controls move wherever the software goes. Incorporating security into the development process and treating it as an integral part of the software makes it much easier to ensure that security controls are consistently applied. This is particularly important in cloud-native environments, where applications and infrastructure constantly evolve and change.

Strip down infrastructure and rebuild it 

We work with a customer who completely strips down their entire infrastructure and rebuilds it regularly. They clean their entire stack every three weeks and reinstall through automated scripts. Stripping down their infrastructure flushes out potential threats that may have infiltrated the application or infrastructure. However, doing this on a large scale requires a high degree of automation and underscores the need to treat everything as code. Without treating security as code, the highly advantageous ability to rebuild that stack on an ongoing basis would be infeasible.

Democratizing this level of security

Fortune 100 companies have been running cloud-native apps at scale for years; they started long before the current array of cloud-native security solutions was available. These companies had the monetary resources and talent pool to build their own solutions and processes. Now, cloud-native technology adoption has exploded, and smaller teams and companies are using cloud-native solutions for daily operations.

The same level of security the Fortune 100 has achieved should be available to companies across the globe. The next step in cloud-native security solution development should be taking what these leading companies have done, codifying it, packaging it into a repeatable solution, and rolling it out as a service so that smaller organizations can use it to secure their environments.

Security is an ongoing process

As the threat landscape changes and evolves, businesses must constantly re-evaluate and adapt their security measures to stay ahead of potential threats. Security is not a one-time effort; it’s an ongoing process that organizations of all sizes must prioritize. By learning from the successes of Fortune 100 companies, businesses can adopt best practices and build a secure foundation for their cloud-native environments.

Author Bio

Ratan Tipirneni is President & CEO at Tigera, where he is responsible for defining strategy, leading execution, and scaling revenues. Ratan is an entrepreneurial executive with extensive experience incubating, building, and scaling software businesses from early stage to hundreds of millions of dollars in revenue. He is a proven leader with a track record of building world-class teams.

The post Lessons From the Fortune 100 About Cloud-Native Application Security  appeared first on Cybersecurity Insiders.