Actu
Portshift Announces Extended Kubernetes Cluster Protection
May 2020 by Marc Jacob
Portshift announced Extended Kubernetes Cluster Protection. The new capability provides Kubernetes API calls/API server protection by detecting and mitigating runtime risks and malicious activities on worker nodes and all cluster resources. The extended protection oversees all RBAC permissions in a Kubernetes cluster, categorizes them according to risk level, and provides runtime visibility and enforcement of APIs toward the API server.
Portshift’s Extended Kubernetes Cluster Protection provides runtime visibility of all APIs invoked toward the API server and offers advanced filtering ability. In order to make changes to a Kubernetes cluster, an API call is made to the API server so that by protecting it, the clusters are defended against unauthorized changes. In addition to the protection of clusters, the administrator creates policy rules either by using the intelligent policy advisor or instituting policies manually to prevent unwanted API actions and high-risk configurations. The solution then automatically reviews and monitors all granted permissions and prevents impacts that defy policy.
With Extended Kubernetes Cluster Protection, existing pod permissions are tightened and unused permissions removed. The API Audit & Policy feature allows the DevSecOps professional to achieve full visibility and control over cluster resources and prevents suspicious activity such as adding malicious executables to their pods, creating crypto-mining cronjobs, remote code executions (RCE) in pods, the exposure of cluster secrets, the elevation of privileges, deleting Kubernetes log data and more.
