Threat actors only need to find one gap in your Kubernetes and container infrastructure to access your crown jewels. Understanding suspicious activity is critical for better security–but Kubernetes is a new realm for many enterprises, and it’s always been the case that you don’t know what you don’t know. In this talk, we will dive deep into how a threat actor thinks when it comes to attacking every aspect of your Kubernetes supply chain, and how they can move from code, to cluster, to container, to cloud. We will also give recommendations on how to remediate and act on these types of threats including covering examples of detections such as container escapes, port scan enumerations, and more found in open frameworks such as Kubernetes GOAT. You’ll walk away with a greater understanding of how threat actors attack so that you can prioritize what to protect, and be more proactive in responding to threats in real time.