We are super excited and proud to announce the public availability of Mitigant’s Kubernetes Security Posture Management (KSPM). This addition further makes us a cloud-native security platform that provides our valued customers with unbeatable cyber security, cloud compliance, and cyber resilience. Kubernetes has taken the world by storm since its emergence in 2015. There are several reasons for its disruptive adoption: most importantly, Kubernetes provides a fault-tolerant, extensible, scalable platform for managing containerized and cloud-native applications. These properties have made Kubernetes the most widely used container orchestration platform; in fact, Gartner asserts that more than 70% of global organizations will run containerized applications in production by 2027.
However, security issues continue to pose challenges to Kubernetes adopters. According to the State of Kubernetes Security Report by RedHat, more than 50% of Kubernetes users are worried about misconfiguration and vulnerabilities of Kubernetes clusters. The report also showed that the consequences of not addressing these security and misconfiguration issues could be dire, such as a 40% possibility of becoming a victim of a ransomware attack. Furthermore, 67% of deployments are delayed due to Kubernetes security issues.
Mitigant Kubernetes Security Posture Management
At Mitigant, we aim to enable security, compliance, and cyber resilience for cloud-native infrastructure, and a KSPM product plays a critical role in achieving this objective. Hence, in the last months, we have been neck-deep working on this product, especially as several Mitigant customers have already expressed the painful process experienced while managing Kubernetes security. Here is a summary of the features included in this release:
Kubernetes Compliance Management
Several compliance and security benchmarks have been introduced for Kubernetes environments. These benchmarks provide important guidance and best practices for secure operating Kubernetes environments. Mitigant KSPM implements several of these compliance benchmarks, including the Centre for Internet Security (CIS) Kubernetes benchmark and its adaptation for various cloud platforms: AWS Elastic Kubernetes Service (EKS), Azure Kubernetes Service (AKS), and Google Kubernetes Engine (GKE)). Furthermore, enterprises can easily leverage the Mitigant KSPM to address the OWASP top 10 Kubernetes Risks.
Kubernetes Vulnerability Management
Managing vulnerabilities in the Kubernetes ecosystem could be very challenging for security teams. These include vulnerabilities in containerized open-source software, cloud-native applications, and custom enterprise applications. The Kubernetes vulnerability management feature performs deep scans of Kubernetes components to discover known vulnerabilities. Sufficient information about these vulnerabilities is provided, such as impact if compromised and references to downstream software vendor security advisories and CVE Naming Authorities.
Kubernetes Inventory Management
Management of Kubernetes assets is imperative for visibility, allowing for secure and resilient operations at scale. Hence, the Mitigant KSPM provides an inventory management feature to enhance Kubernetes clusters' visibility, including workloads, services, storage, configurations, and networking resources. The inventory maintains an updated state of Kubernetes clusters, thus allowing for quick identification of non-compliant or vulnerable resources so security teams can address risks promptly.
Support for Managed & On-Premises Kubernetes
Mitigant KSPM can be used for cloud-based/managed Kubernetes clusters, including Amazon EKS, AKS, GKE, and Open Telekom Cloud CCE(Cloud Container Engine). Support for on-premises infrastructure is also available, e.g., on-premises/private clouds and other kinds of data centers. The coverage of multi-cloud and hybrid clouds aims to provide exceptional support to enterprises with these kinds of setups by enhancing security and visibility across the entire cloud-native infrastructure.
This release includes features that facilitate productivity for security teams by providing effective communication and collaboration mechanisms. The Mitigant KSPM is integrated into the existing Mitigant Cloud Security platform, thus enabling a single pane of glass visibility and management. Security teams can work collaboratively using existing enterprise features, including Single Sign-On, ChatOps (Slack and Microsoft Teams), and Jira integration for ticket workflow management.
What’s Coming Next
Loads of features are planned to be released in the next months, including graph-based analytics to reduce alert/vulnerability fatigue and context-driven prioritization. On the roadmap is the integration of container registry scanning to allow for shift-left strategies; this would empower the implementation of security guardrails in the CI/CD pipeline.
How to Sign Up
You are invited to sign up for the Mitigant KSPM. Head over to the signup link - https://www.mitigant.io/sign-up. The signup procedure is seamless, and the onboarding process is straightforward and fast. Please feel free to reach out if you have any questions. You can easily use the chatting system or drop your questions on our contact page - https://www.mitigant.io/contact
Co-Founder & CTO, Mitigant. | Contributing Author - O'Reilly Security Chaos Engineering Book. | AWS Community Builder