As we reflect on the transformative year of 2023, the resilience and success of KSOC is a testament to the unwavering commitment of our incredible customers and dedicated employees, even amidst challenging market conditions. Positioned strategically in the cloud-native security landscape, our company thrived due to the incredible support and collaboration of our valued customers, the tireless efforts of our talented employees and the market readiness for a modern approach to cloud native security. In the face of economic uncertainties, rising interest rates, and global conflicts, KSOC not only weathered the storm but expanded its footprint, thanks to the trust and partnership of our customers and the relentless dedication of our employees.
As we navigate the predictions for cloud-native security in 2024, we recognize that our success is a shared achievement, fueled by the collective efforts of our customers and employees who continue to inspire us with their resilience and commitment to innovation.
As we all strive to give 2024 a strong start, positive signs of economic stability and recovery are already evident. Against this backdrop, we share some commentary on the predictions for 2023 and bring forth new predictions for 2024. KSOC has never been more ready to tackle the challenges facing security teams in their cloud native infrastructure, and we look forward to what 2024 will hold!
In 2023, KSOC made it a priority to help Platform Engineering teams, Security, and CISOs cover their massive blind spots in Kubernetes risk visibility. To that end, we added capabilities to KSOC that are now protecting thousands of nodes across multiple Fortune 500 companies, as well as the top 10 of the Fortune Cloud 100.
The year got off to a great start with an alternative to the static, inoperable check-box approach to Kubernetes Security Posture Management from legacy container and cloud-focused CNAPP providers. KSOC launched event-based misconfigurations that change as fast as your Kubernetes workloads, avoiding the challenge of finding a workload that is no longer there, but was tied to a misconfiguration from a static, poll based scanner.
My co-founder, and KSOC’s CTO, Jimmy Mesta, said in the press release, “Anybody who operates Kubernetes knows how ephemeral workloads are; they come and they go in the space of 5 minutes. There is no way to secure Kubernetes without taking this into account, and yet that is what the industry has been trying to force-feed platform teams and cloud security teams. It hasn’t worked; nobody is using those solutions. KSOC is here to change all that and give teams a solution so they can finally operationalize security at the speed of Kubernetes.”
To reduce noise and get better signal around vulnerabilities in cloud native infrastructure, we introduced attack paths that take a Kubernetes-first view in order to tell infrastructure security engineers their clear, top priority issue across RBAC, image CVEs, Kubernetes misconfigurations, public cloud, network and runtime. Threat vectors, with the background of real-time KSPM, make KSOC the first and only enterprise-first company to secure ephemeral environments without complete blind spots around cloud native infrastructure.
Despite the large third party ecosystem of tools for Kubernetes, Kubernetes has been largely ignored when it comes to compliance regulations for the software supply chain. The Kubernetes Bill of Materials (KBOM) is an open source project that easily provides a quick view of the scope of your Kubernetes cluster, including:
KSOC launched an answer to the failure of CSPM and open source RBAC tools in identifying malicious activity versus lists of over permissions. The AI-powered, cloud native identity threat detection platform creates:
AI-powered auto-remediation
To speed up the time to remediation for the misconfigurations in your environment, we announced a new AI-powered remediation capability that provides the actual, suggested changes in your manifest code. See it in action here:
Searchable SBOM
In response to the ingress-nginx vulnerability, we released a searchable SBOM feature for customers, allowing them to quickly find any new zero day vulnerabilities across their environments.
Every event KSOC sponsored in 2023 dedicated swag budget to local communities. Across the year, we sponsored Hak4Kids in Chicago, Washingtons’ National Park Fund, Ukraine friends, and more.
In case you missed it, our community of followers found these articles to be some of the most helpful educational content:
Kubernetes version 1.29 overview
Kubernetes Ingress-nginx vulnerability
The Impossible Job of the Infrastructure Security Engineer
Download the Impossible Job of the Infra Security Engineer Whitepaper
Each of the predictions we made in 2023 have evolved and taken on new life. As a reflection exercise, it's important to check in on the continued validity, and evolution, of these concepts.
In 2023, we noted the proliferation of eBPF in cloud native tooling, and stated that:
Over the course of 2023, runtime protection became more and more of a concern, to the point that it is driving security teams into the fray of cloud native security. eBPF is the defacto standard for runtime behavior, BUT teams are still finding eBPF too intrusive, too difficult and taking up too much CPU (per point #3 above).
It was clear, even in the beginning of 2023, that SBOMs were the closest that the Biden administration, or any other software supply chain security requirements, were to a hard software supply chain security requirement. We posed a few solutions to the unresolved question about how to use those SBOMs. You could use them to:
In 2023, there was significant frustration on the part of buyers in the SBOM space, with little guidance about how SBOMs would practically fit into simple day to day activity. And there was more activity around the application of the concept of a BOM to other areas of the application development lifecycle, like Kubernetes, as shown in the KBOM feature KSOC announced above.
Looking ahead, we believe that 2024 will be a year where teams try to improve efficiency, while at the same time covering any blind spots across new and evolving cloud native environments. Let’s get started!
According to the recent cost of the breach data from IBM, malicious insiders are the single most costly initial attack vector, followed by stolen or compromised credentials. And breaches initiated with stolen or compromised creds, typically by malicious insiders, took the longest to resolve, compared to phishing or exploitation of zero day vulnerabilities.
The Okta breach, as well as the usage of credential stuffing in the 23andme breach, both demonstrate that zero trust paradigms have to cover the environment, and even zero trust tools themselves, to be effective. This includes Kubernetes.
In a live poll at Kubecon 2023, engineers and SREs often said that, while they wished the responsibility for securing Kubernetes would lie with security teams, the engineering teams were the ones with the most detailed knowledge of Kubernetes itself. And the security teams they enjoyed the most, or had the most success with, were those that were less high level and more in the weeds of the technical details.
While this makes sense from an engineering perspective, on the side of the security teams, the reduction in their team sizes and budgets makes Kubernetes expertise a challenge. The answer?
Even before teams and resources started to shrink in 2023, security teams were not as efficient as they wanted to be, due to new expanding environments in the cloud and cloud native development. But software supply chain security and cloud infrastructure requirements are pressing, with public breaches associated with each that have made headlines.
Runtime security has finally reached a critical level of adoption, as security teams find their customers and compliance requirements demanding incident detection and response controls for cloud native environments. As this continues, the inefficiencies of legacy vendors will be exposed and a new set of agents and flexible runtime agents will become available, without the downfalls of legacy agents, and without the ‘no agent’ compromise of agentless solutions.
The frustration amongst security teams for vendors touting the latest and greatest SBOM was palpable in 2023, based on a perceived lack of practical use and benefit. In 2024, we expect to see security and engineering teams require software supply chain security solutions to become more efficient. This new set of tools will allow smaller, more nimble security teams to search for certain packages, or quickly understand their exposure.
Tesla holds the crown for the most well-known Kubernetes Security breach, back in 2018. Since then, we have seen many Kubernetes attacks, and 2024 will be no different, except that this time we expect a public breach to make major news. Based on the volume of Kubernetes CVEs that have been coming out in 2023, and the dearth of controls that adequately protect growing and changing Kubernetes environments, we expect to see a significant, public breach with Kubernetes at the center.
2024 will be a ‘year of adaptability’ where teams change their methods to focus more on tools that help them operationalize cloud native security while covering blind spots. Senior security leaders will further their careers by helping the company save resources and recover from the economic downturn, driving true innovation and protecting blind spots. For all of us here at KSOC, we can help make cloud native security accessible and part of the solution. Contact us today to see how KSOC can kick 2024 off right (think contextual risk, vendor consolidation and zero trust)!