CNCF Live Webinar - Thinking like a threat actor in your Kubernetes environments
Abstract
Threat actors only need to find one gap in your Kubernetes and container infrastructure to access your crown jewels. Understanding suspicious activity is critical for better security–but Kubernetes is a new realm for many enterprises, and it’s always been the case that you don’t know what you don’t know. In this talk, we will dive deep into how a threat actor thinks when it comes to attacking every aspect of your Kubernetes supply chain, and how they can move from code, to cluster, to container, to cloud. We will also give recommendations on how to remediate and act on these types of threats including covering examples of detections such as container escapes, port scan enumerations, and more found in open frameworks such as Kubernetes GOAT. You’ll walk away with a greater understanding of how threat actors attack so that you can prioritize what to protect, and be more proactive in responding to threats in real time.
Rewanth Tammana
Senior Security Architect
Rewanth Tammana is a security ninja, open-source contributor, and an independent consultant. Previously, Senior Security Architect at Emirates NBD (National Bank of Dubai). He is passionate about DevSecOps, Cloud, and Container Security. He added 17,000+ lines of code to Nmap (famous as Swiss Army knife of network utilities). Holds industry certifications like CKS (Certified Kubernetes Security Specialist), CKA (Certified Kubernetes Administrator), etc. Rewanth speaks and delivers training at multiple international security conferences around the world including Black Hat, Defcon, Hack In The Box (Dubai and Amsterdam), CRESTCon UK, PHDays, Nullcon, Bsides, CISO Platform, null chapters and multiple others. He was recognized as one of the MVP researchers on Bugcrowd (2018) and identified vulnerabilities in several organizations. He also published an IEEE research paper on an offensive attack in Machine Learning and Security. He was also a part of the renowned Google Summer of Code program.