The take-up of Kubernetes, a tool for managing containerized workloads, is only expected to increase as demand for cloud-native architectures and containerization continues. In terms of security, this can mean a boon or a major blind spot for them, according to Kubernetes Security Operation Center (KSOC), a Bay Area startup — a boon, in that using Kubernetes can limit an attacker’s blast radius, and a major blind spot because a vulnerable web app in an exposed Kubernetes cluster can give attackers unlimited access and a chance to take complete control.
KSOC co-founder and CEO Brooke Motta says this is why the startup is tackling cloud-native security in a way that is Kubernetes-first. The company, which is part of TechCrunch Disrupt’s 2023 Startup Battlefield 200, does this through automated risk triage that looks for potential security issues within a company’s infrastructure. Among other things, the company’s system analyzes a business’s role-based access control (RBAC) settings, misconfigurations, runtime events, image vulnerabilities, network exposure and public cloud context to identify high-priority risks.
“A threat vector is a way to reduce the noise of security findings from any one part of Kubernetes to identify high-priority risk. We combine the relationships between these elements (different Kubernetes risks) to see where they exist together, which immediately increases the risk factor and shows top priority,” said Motta. Before co-founding KSOC, she was the chief revenue officer at cybersecurity platform Bugcrowd and next-gen web application firewall service Wallarm.
Security concerns continue to delay or slow down the implementation of cloud-native technologies like Kubernetes, according to the latest edition of Red Hat’s State of Kubernetes Security report. The report says 67% of the companies interviewed reported delaying or slowing down deployments due to security concerns, as 37% experienced revenue or customer loss due to a breach. KSOC says it is eliminating this headache for companies.
KSOC, which raised $6 million in seed funding last year backed by 406 Ventures, with participation from Vertex Ventures US and Gula Tech Adventures, also polls for Kubernetes misconfigurations in real time, a major improvement over the common practice of doing checks in intervals of hours or even days. Misconfigurations are the top security concern for companies adopting Kubernetes, and come with serious consequences such as potential exposure to ransomware and data loss. KSOC’s platform is also able to show who has access to what RBAC (role-based access control) permissions.
“We connect runtime events to threat vectors so you can see not just your top risk, but where those risks are actually being exploited today, in real time. While others can show runtime events we connect them to the Kubernetes context, so you can detect attacks targeting Kubernetes specifically,” said Motta, who co-founded the startup with Jimmy Mesta (CTO), who is also a veteran security engineer.
She added that KSOC gives teams great visibility of their environment. “Every security team is dealing with staff shortages, especially around Kubernetes and cloud native, so this gives them a practical option for managing Kubernetes security with the team they have,” she said.