Suche

FAQs

We've compiled a list of common questions about our cloud security platform with clear and helpful answers to address your concerns.
Table of Contents
Related articles
This is another article on the site
This is also a heading
This is a heading

Kubernetes Security Posture Management (KSPM)

What Kubernetes environments does Mitigant KSPM support?

‍

Mitigant KSPM works with all Kubernetes distributions:

‍

Managed Kubernetes:

  • Amazon EKS (Elastic Kubernetes Service)
  • Azure AKS (Azure Kubernetes Service)
  • Google GKE (Google Kubernetes Engine)

‍

Self-Hosted Kubernetes:

  • Vanilla Kubernetes clusters
  • OpenShift
  • Rancher
  • K3s
  • MicroK8s

‍

Hybrid Environments:

  • Mix of managed and self-hosted
  • Multi-cluster deployments
  • Edge Kubernetes installations

‍

Architecture Support:

  • Single clusters
  • Multi-cluster federation
  • Multiple clusters across clouds

‍

‍

How does Mitigant KSPM detect misconfigurations in Kubernetes?

‍

Mitigant KSPM uses agentless monitoring of Kubernetes clusters:

‍

What it monitors:

  • Pod security configurations (privileged containers, host namespaces, etc.)
  • RBAC policies and service account permissions
  • Network policies and ingress/egress rules
  • Secrets management and storage
  • Resource limits and quotas
  • Image configurations and vulnerabilities
  • API server settings
  • etcd security
  • Node configurations

‍

How it works:

  • Connects to Kubernetes API (read-only access)
  • Continuous assessment of cluster state
  • Compares configurations against security best practices
  • Maps findings to Kubernetes-specific benchmarks

‍

No performance impact:

  • No agents or DaemonSets to deploy
  • No resource consumption on nodes
  • No network overhead
  • Works with existing cluster permissions

‍

‍

Can Mitigant KSPM prioritize vulnerabilities by exploitability?

‍

Yes. Mitigant KSPM includes vulnerability prioritization:

‍

How prioritization works:

  • Scans container images for known CVEs
  • Assesses runtime context (is the container actually running?)
  • Evaluates network exposure (is it internet-facing?)
  • Considers privileges (does it run as root?)
  • Checks for active exploits in the wild

‍

Prioritization factors:

  • Severity: CVSS score
  • Exploitability: Is there a public exploit?
  • Exposure: Is the workload accessible?
  • Context: What privileges does the container have?
  • Validation: Can CAE prove it's exploitable?

‍

Integration with CAE:

  • KSPM finds container vulnerabilities
  • CAE validates whether they're exploitable in your specific environment
  • Reduces noise by focusing on validated risks

‍

This approach dramatically reduces the vulnerability backlog by focusing on what actually matters.

‍

‍

How does Mitigant KSPM handle multi-cluster environments?

‍

Mitigant KSPM provides centralized visibility across all clusters:

‍

Multi-Cluster Features:

  • Single dashboard showing all clusters
  • Unified policy enforcement
  • Consistent compliance monitoring
  • Cross-cluster comparison and benchmarking
  • Aggregated reporting

‍

Cluster Organization:

  • Group clusters by environment (dev/staging/prod)
  • Tag clusters by team or business unit
  • Filter by cloud provider or region
  • Create custom cluster hierarchies

‍

Use Cases:

  • Monitor security posture across 10s or 100s of clusters
  • Ensure consistent security policies
  • Identify configuration drift between clusters
  • Centralized compliance reporting
  • Track security metrics across the entire K8s estate

Übernehmen Sie die Kontrolle ĂŒber Ihre Cloud-Sicherheitslage

Übernehmen Sie in wenigen Minuten die Kontrolle ĂŒber Ihre Cloud-Sicherheit. Keine Kreditkarte erforderlich.
Holen Sie sich die Demo-Umgebung
30-Tage kostenlos testen