Security Architecture, Cloud Security, Cloud Security

NSA and CISA share Kubernetes security recommendations

New recommendations released by the National Security Agency and the Cybersecurity and Infrastructure Security Agency seek to help enterprises improve security in their Kubernetes systems, which have recently been a popular target of cybercriminals, according to BleepingComputer. The agencies' 52-page report titled "Kubernetes Hardening Guidance" identified supply-chain attacks, insider threats and malicious actors as the three primary threats to organizations' Kubernetes environments, which, while difficult to address simultaneously, can be protected against through mitigation measures and vigilance about common misconfigurations. In general, the agencies' recommendations are to scan for vulnerabilities and misconfigurations in containers and Pods, to run the containers and Pods with the lowest level of privileges unless otherwise necessary and implement security measures such as network separation, correctly configured firewalls, strong authentication measures and audit logs. The agencies also urged administrators to regularly check their Kubernetes settings to make sure benefits from the latest patches and updates are active.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.