Portshift has announced Extended Kubernetes Cluster Protection, thus providing Kubernetes API calls/API server protection by detecting and mitigating runtime risks and malicious activities on worker nodes and all cluster resources.
As the company puts it, the extended protection oversees all RBAC permissions in a Kubernetes cluster, categorizes them according to risk level, and provides runtime visibility and enforcement of APIs toward the API server.
“It’s a significant challenge for administrators to review all permissions granted and to understand the extent of their impact – Portshift does this automatically,” said Zohar Kaufman, VP of R&D, Portshift. “Using Extended Cluster Protection, the situation receives zero-day mitigation without waiting for Kubernetes updates.”
With Extended Kubernetes Cluster Protection, existing pod permissions are tightened and unused permissions removed.
The API Audit & Policy feature allows the DevSecOps professional to achieve full visibility and control over cluster resources and prevents suspicious activity such as adding malicious executables to their pods, creating crypto-mining cronjobs, the elevation of privileges, deleting Kubernetes log data and more.