Search

FAQs

We've compiled a list of common questions about our cloud security platform with clear and helpful answers to address your concerns.
Table of Contents
Related articles
This is another article on the site
This is also a heading
This is a heading

Kubernetes Security Posture Management (KSPM)

What Kubernetes environments does Mitigant KSPM support?

Mitigant KSPM works with all Kubernetes distributions:

Managed Kubernetes:

  • Amazon EKS (Elastic Kubernetes Service)
  • Azure AKS (Azure Kubernetes Service)
  • Google GKE (Google Kubernetes Engine)

Self-Hosted Kubernetes:

  • Vanilla Kubernetes clusters
  • OpenShift
  • Rancher
  • K3s
  • MicroK8s

Hybrid Environments:

  • Mix of managed and self-hosted
  • Multi-cluster deployments
  • Edge Kubernetes installations

Architecture Support:

  • Single clusters
  • Multi-cluster federation
  • Multiple clusters across clouds

How does Mitigant KSPM detect misconfigurations in Kubernetes?

Mitigant KSPM uses agentless monitoring of Kubernetes clusters:

What it monitors:

  • Pod security configurations (privileged containers, host namespaces, etc.)
  • RBAC policies and service account permissions
  • Network policies and ingress/egress rules
  • Secrets management and storage
  • Resource limits and quotas
  • Image configurations and vulnerabilities
  • API server settings
  • etcd security
  • Node configurations

How it works:

  • Connects to Kubernetes API (read-only access)
  • Continuous assessment of cluster state
  • Compares configurations against security best practices
  • Maps findings to Kubernetes-specific benchmarks

No performance impact:

  • No agents or DaemonSets to deploy
  • No resource consumption on nodes
  • No network overhead
  • Works with existing cluster permissions

Can Mitigant KSPM prioritize vulnerabilities by exploitability?

Yes. Mitigant KSPM includes vulnerability prioritization:

How prioritization works:

  • Scans container images for known CVEs
  • Assesses runtime context (is the container actually running?)
  • Evaluates network exposure (is it internet-facing?)
  • Considers privileges (does it run as root?)
  • Checks for active exploits in the wild

Prioritization factors:

  • Severity: CVSS score
  • Exploitability: Is there a public exploit?
  • Exposure: Is the workload accessible?
  • Context: What privileges does the container have?
  • Validation: Can CAE prove it's exploitable?

Integration with CAE:

  • KSPM finds container vulnerabilities
  • CAE validates whether they're exploitable in your specific environment
  • Reduces noise by focusing on validated risks

This approach dramatically reduces the vulnerability backlog by focusing on what actually matters.

How does Mitigant KSPM handle multi-cluster environments?

Mitigant KSPM provides centralized visibility across all clusters:

Multi-Cluster Features:

  • Single dashboard showing all clusters
  • Unified policy enforcement
  • Consistent compliance monitoring
  • Cross-cluster comparison and benchmarking
  • Aggregated reporting

Cluster Organization:

  • Group clusters by environment (dev/staging/prod)
  • Tag clusters by team or business unit
  • Filter by cloud provider or region
  • Create custom cluster hierarchies

Use Cases:

  • Monitor security posture across 10s or 100s of clusters
  • Ensure consistent security policies
  • Identify configuration drift between clusters
  • Centralized compliance reporting
  • Track security metrics across the entire K8s estate

Join The Cloud Security Revolution Today!

Take control of your cloud security in minutes. No credit card required.
Get Demo Environment
Start 30-day Free Trial