Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CVE-2020-8554 is a vulnerability that allows Kubernetes Services to intercept cluster traffic to any IP address. Users who can manage services can exploit the vulnerability to carry out man-in-the-middle (MITM) attacks against pods and nodes in the cluster. All Kubernetes versions including the latest release (v1.20) are vulnerable to this attack. If your cluster is multi-tenant, or allows unprivileged users to create and update services, you are impacted.

Spinning up an AKS cluster is a great way to get started with Kubernetes on Azure. But if you are doing more than just playing, you'll want to understand the multiple networking options AKS provides for you to choose from, and how each option can impact security and scalability.

In this talk, we will explore how to meet common enterprise security control needs when running Kubernetes. We will look at how you can meet these common security control needs with standard Kubernetes primitives and open source projects such as Calico, or take it a step further using Calico Enterprise.

By default, pods are not isolated. This means that malicious actors once inside may wander freely throughout your kubernetes cluster. During this session we'll discuss the different attack vectors and how to mitigate.

As an increasing number of organizations are leveraging Managed Kubernetes Services such as EKS, AKS, or GKE for application development and production environment, DevOps, SREs would like to have security and observability built into their applications. Instead of managing a platform for Kubernetes security and observability, they would like to consume it too along with managed Kubernetes services. In this process, picking the right SaaS platform to address the Kubernetes security challenges is most important.

Windows containers provide a modern way to encapsulate processes and package dependencies, making it easier to apply DevOps practices for Windows applications. Windows container workloads are increasingly being orchestrated with Kubernetes. DevOps and SRE teams running applications in Windows Kubernetes environments are recognizing the need for greater security and observability as these workloads move into production. Many of these teams also need a unified Kubernetes-native solution that works across both Windows and Linux workloads.

In this talk, we will explore how to meet common enterprise security control needs when running Kubernetes. We will look at a range of common enterprise security needs and how you can meet these with standard Kubernetes primitives and open source projects such as Calico, or take it a step further with the additional features of Calico Enterprise.

With production workloads moving into the cloud, the adoption of the microservices architecture provides a solid and scalable communication method between workloads. Since most communication is via HTTP based APIs we can leverage existing web application firewalls technologies to provide HTTP protocol level detection. In this talk, we will show how you can leverage Calico Enterprise's integration with Fortinet's Fortiweb to provide WAF capabilities in a Kubernetes cluster.

As an increasing number of organizations are leveraging Managed Kubernetes Services such as EKS, AKS, or GKE for application development and production environment, DevOps, SREs would like to have security and observability built into their applications. Instead of managing a platform for Kubernetes security and observability, they would like to consume it too along with managed Kubernetes services. In this process, picking the right SaaS platform to address the Kubernetes security challenges is most important.

Managing multiple Kubernetes clusters can become time consuming and complex. Calico Enterprise can help with built in multi-cluster management capabilities to simplify deployment and ongoing operations, including securing interactions between the clusters, and providing cross-cluster service discovery.