Lacework on Wednesday announced new features to its Polygraph Data Platform that promise enhanced visibility and protection in Kubernetes environments.
The company said through Kubernetes audit log monitoring, integration with the Kubernetes admission controller, and Infrastructure as Code (IaC) security, Lacework customers can now further minimize risks in build time and automate the discovery of unusual behavior that could point out cloud account or container compromises.
The industry has seen rapid adoption of Kubernetes to manage containerized workloads, but the sheer size and complexity of Kubernetes environments means organizations will struggle with detecting threats, ensuring compliance, and efficiently capturing relevant security events, said James Brown, senior director of product at Lacework.
Brown said existing security tools and manual procedures aren’t built to secure the Kubernetes attack surface. He said security issues can slow down deployment, defeating the purpose of using containers for agile development. Research from Red Hat suggests that more than half of respondents delayed deploying Kubernetes applications into production due to security concerns.
“With this release, we’ve modernized the approach to container security by adding Kubernetes audit log monitoring, integration with the Kubernetes admission controller, and (IaC) security,” Brown said. “These features minimize risks in build time and automate discovery of unusual behavior simply, efficiently, and quickly, at a scale built for the complexity of the Kubernetes attack surface.”
Organizations are moving to cloud-native development leveraging containers and Kubernetes to quickly and efficiently develop and release software, explained Melinda Marks, a senior analyst at the Enterprise Strategy Group. Marks said security teams have had a difficult time keeping up as development scales. It’s been challenging for them to gain visibility of what developers are doing, or if and how they are taking steps to secure their code before they deploy it, and then monitor the applications and workloads in runtime to identify security issues needing attention.
“By integrating Kubernetes features into its Polygraph Data Platform, Lacework is helping security get the visibility they need to identify security issues so they can more efficiently remediate them and manage security risk as development scales,” Marks said.
Ratan Tipirneni, president and CEO at Tigera, added that migration from a traditional on-premises environment to a cloud or multi-cloud environment presents a perilous journey, requiring organizations to fundamentally rethink their approach to security applications and environments. Tipirneni said automated CI/CD pipelines that deploy distributed, dynamic and ephemeral components create a substantially larger attack surface.
"To combat this, automation and machine learning is critical to rapidly identify the anomalies,” Tipirneni said. “However, threat detection alone is not sufficient since the supply of security experts who can mitigate threats is limited. Organizations must adopt the principles of zero-trust to actively reduce the attack surface, and if compromised, automatically apply mitigating controls to buy more time for the security team to mitigate issues.”
