SlideShare ist ein Scribd-Unternehmen logo

Evaluating container security with ATT&CK Framework

Als PPTX, PDF herunterladen
S
Sandeep Jayashankar

Containers have been crucial in helping organizations orchestrate their infrastructure requirements. The scalability and reproducibility aspects of containerized environments have enabled applications and web components to be deployed seamlessly in the cloud. While containers have multiple benefits, they also come with distinct security issues, resulting in attackers gaining access to the container, the host, and eventually the data. The first step towards implementing Container Runtime Security is to understand the current threat scenarios and adversary trends affecting the cloud containers. To aptly evaluate the container threat landscape in any environment, an attack matrix should be formulated to ensure that relevant techniques and tactic are identified for every attack stage. The ATT&CK framework from MITRE has been a go-to framework to formulate a threat matrix, identify an adversary’s tactics and methods/techniques used to attain their end game of privilege escalation or data exfiltration. This presentation is targeted towards: Today’s container runtime security landscape Apply ATT&CK methodology on the container runtime environment Provide a practical approach towards attack surface, scenarios, and attack trends Validations and Security Best Practices

Technologie
1 von 12
EVALUATING CONTAINER SECURITY WITH ATT&CK FRAMEWORK • Sandeep Jayashankar • Nov 2020
EVALUATIN G CONTAINER SECURITY WITH ATT&CK FRAMEWOR K Containers •Current Tech Landscape •Vuln Timeline •Most Recent Vulnerabilities •Misconfiguration Attacks Container Runtime Challenges ATT&CK for Containers •Introduction •Use Cases •Threat Matrix Practical approach to ATT&CK Conclusion
CONTAINERS – CURRENT TECH LANDSCAPE
CONTAINERS – VULN TIMELINES
CONTAINERS – MOST RECENT VULNERABILITIES CVE-2020- 2121 Jenkins Kubernetes Engine plugin Remote Code Execution with arbitrary installs https://www.tigera.io/blog/kubernetes-q3-2020-threats-exploits-and-ttps/ https://sysdig.com/blog/falco-cve-2020-8566-ceph/ https://sysdig.com/blog/cve-2020-8563-vsphere-credentials-cloud-controller- manager/ CVE-2020- 14386 Linux Kernel Privilege Escalation due to packet socket memory corruption CVE-2020- 8563 CVE-2020- 8558 kube-controller- manager vSphere credential leak Ceph cluster adminSecrets exposed when logLevel >=4
CONTAINERS – MISCONFIG ATTACKS https://jarv.is/notes/shodan-search-queries/ Exposed Containers Including Public Containers Using Privileged Containers https://containerjournal.com/topics/container-security/why-running-a-privileged-container-is-not-a-good
CONTAINER RUNTIME CHALLENGES Monitoring • Containers are ephemeral, lightweight. • Deployed in large numbers • Monitoring containers different from VM hosts Isolation • Share same underlying operating system, volumes, and disks • Container breakout exploits at large (running with privileged flags) • More containers, more data and network traffic, more access controls Orchestration • Confusion in setting configurations • Data Leaks in Log files • Vulnerabilities in other orchestration components Response • Taking down compromised and bringing up brand new image • What if CI/CD limitations to push from Dev-Prod? • What if image compromised? ttps://capsule8.com/blog/security-challenges-for-containers-in-runtime/ Source: Forrester Research Report
ATT&CK FOR CONTAINERS - INTRODUCTION • Adversarial Tactics, Techniques, And Common Knowledge • Understand Adversary Behavior using Threat Matrix • Defines Tactics, Techniques, and Procedures (TTPs) © 2020 PAYPAL INC. CONFIDENTIAL AND PROPRIETARY. Cloud Matrix: https://attack.mitre.org/matrices/enterprise/cloud/gcp/ Advanced Persistent Threat Group
ATT&CK FOR CONTAINERS – USE CASES https://attack.mitre.org/docs/training-cti/CTI%20Workshop%20Full%20Slides.pdf
ATT&CK FOR CONTAINERS – THREAT MAP Initial Access : Adversary exploits an application vulnerability and gains initial access to a container. Execution: Adversary gets SSH credentials and connects to the service. Privilege Escalation: Adversary utilizes privileged container misconfiguration to gain total control of container. Defense Evasion: Adversary deletes container logs to hide their footprints. Credential Access: Adversary finds application credentials in configuration or log files. Lateral Movement: Adversary mounts writeable volumes of the host Impact: Adversary utilizes the host to mine cryptocurrencies https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/ Adversary Emulation
CONCLUSION Identify adversary behavior Translate behavior into TTPs Map data in a visualized manner Plan mitigations based mapped data Common Knowledge helps educate developers, security personnel and system administrators
QUESTIONS

Empfohlen

Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the CloudJohn Kinsella
 
Why should developers care about container security?
Why should developers care about container security?Why should developers care about container security?
Why should developers care about container security?Eric Smalling
 
Runtime Analysis on Mobile Applications (February 2017)
Runtime Analysis on Mobile Applications (February 2017)Runtime Analysis on Mobile Applications (February 2017)
Runtime Analysis on Mobile Applications (February 2017)Sandeep Jayashankar
 
Securing Serverless - By Breaking In
Securing Serverless - By Breaking InSecuring Serverless - By Breaking In
Securing Serverless - By Breaking InGuy Podjarny
 
AWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWSAWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWSEric Smalling
 
Security Patterns for Microservice Architectures - London Java Community 2020
Security Patterns for Microservice Architectures - London Java Community 2020Security Patterns for Microservice Architectures - London Java Community 2020
Security Patterns for Microservice Architectures - London Java Community 2020Matt Raible
 
Fortify dev ops (002)
Fortify dev ops (002)Fortify dev ops (002)
Fortify dev ops (002)Madhavan Marimuthu
 
Equifax cyber attack contained by containers
Equifax cyber attack contained by containersEquifax cyber attack contained by containers
Equifax cyber attack contained by containersAqua Security
 

Empfohlen

Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the CloudJohn Kinsella
 
Why should developers care about container security?
Why should developers care about container security?Why should developers care about container security?
Why should developers care about container security?Eric Smalling
 
Runtime Analysis on Mobile Applications (February 2017)
Runtime Analysis on Mobile Applications (February 2017)Runtime Analysis on Mobile Applications (February 2017)
Runtime Analysis on Mobile Applications (February 2017)Sandeep Jayashankar
 
Securing Serverless - By Breaking In
Securing Serverless - By Breaking InSecuring Serverless - By Breaking In
Securing Serverless - By Breaking InGuy Podjarny
 
AWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWSAWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWSEric Smalling
 
Security Patterns for Microservice Architectures - London Java Community 2020
Security Patterns for Microservice Architectures - London Java Community 2020Security Patterns for Microservice Architectures - London Java Community 2020
Security Patterns for Microservice Architectures - London Java Community 2020Matt Raible
 
Fortify dev ops (002)
Fortify dev ops (002)Fortify dev ops (002)
Fortify dev ops (002)Madhavan Marimuthu
 
Equifax cyber attack contained by containers
Equifax cyber attack contained by containersEquifax cyber attack contained by containers
Equifax cyber attack contained by containersAqua Security
 
Outpost24 webinar mastering container security in modern day dev ops
Outpost24 webinar mastering container security in modern day dev opsOutpost24 webinar mastering container security in modern day dev ops
Outpost24 webinar mastering container security in modern day dev opsOutpost24
 
Serverless Security: What's Left To Protect
Serverless Security: What's Left To ProtectServerless Security: What's Left To Protect
Serverless Security: What's Left To ProtectGuy Podjarny
 
Better Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryBetter Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryGene Gotimer
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliveryBlack Duck by Synopsys
 
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementTim Mackey
 
Monitoring & Securing Microservices in Kubernetes
Monitoring & Securing Microservices in KubernetesMonitoring & Securing Microservices in Kubernetes
Monitoring & Securing Microservices in KubernetesMichael Ducy
 
DevSecOps | DevOps Sec
DevSecOps | DevOps SecDevSecOps | DevOps Sec
DevSecOps | DevOps SecRubal Jain
 
Principles of Monitoring Microservices
Principles of Monitoring MicroservicesPrinciples of Monitoring Microservices
Principles of Monitoring MicroservicesMichael Ducy
 
Contain your risk: Deploy secure containers with trust and confidence
Contain your risk: Deploy secure containers with trust and confidenceContain your risk: Deploy secure containers with trust and confidence
Contain your risk: Deploy secure containers with trust and confidenceBlack Duck by Synopsys
 
Humla workshop on Android Security Testing - null Singapore
Humla workshop on Android Security Testing - null SingaporeHumla workshop on Android Security Testing - null Singapore
Humla workshop on Android Security Testing - null Singaporen|u - The Open Security Community
 
Web & Cloud Security in the real world
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real worldMadhu Akula
 
Aleksei Dremin - Application Security Pipeline - phdays9
Aleksei Dremin - Application Security Pipeline - phdays9Aleksei Dremin - Application Security Pipeline - phdays9
Aleksei Dremin - Application Security Pipeline - phdays9Alexey Dremin
 
Securing Apache Web Servers
Securing Apache Web ServersSecuring Apache Web Servers
Securing Apache Web ServersInformation Technology
 
Secure Node Code (workshop, O'Reilly Security)
Secure Node Code (workshop, O'Reilly Security)Secure Node Code (workshop, O'Reilly Security)
Secure Node Code (workshop, O'Reilly Security)Guy Podjarny
 
[OWASP Poland Day] A study of Electron security
[OWASP Poland Day] A study of Electron security[OWASP Poland Day] A study of Electron security
[OWASP Poland Day] A study of Electron securityOWASP
 
V brownbag sept-14-2016
V brownbag sept-14-2016V brownbag sept-14-2016
V brownbag sept-14-2016Anthony Chow
 
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...Christian Schneider
 
Hacking IoT with EXPLIoT Framework
Hacking IoT with EXPLIoT FrameworkHacking IoT with EXPLIoT Framework
Hacking IoT with EXPLIoT FrameworkPriyanka Aash
 
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, CheaperTesting in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, CheaperGene Gotimer
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliveryTim Mackey
 
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17Mario-Leander Reimer
 
A hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stackA hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stackQAware GmbH
 

Weitere ähnliche Inhalte

Was ist angesagt?

Outpost24 webinar mastering container security in modern day dev ops
Outpost24 webinar mastering container security in modern day dev opsOutpost24 webinar mastering container security in modern day dev ops
Outpost24 webinar mastering container security in modern day dev opsOutpost24
 
Serverless Security: What's Left To Protect
Serverless Security: What's Left To ProtectServerless Security: What's Left To Protect
Serverless Security: What's Left To ProtectGuy Podjarny
 
Better Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryBetter Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryGene Gotimer
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliveryBlack Duck by Synopsys
 
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementTim Mackey
 
Monitoring & Securing Microservices in Kubernetes
Monitoring & Securing Microservices in KubernetesMonitoring & Securing Microservices in Kubernetes
Monitoring & Securing Microservices in KubernetesMichael Ducy
 
DevSecOps | DevOps Sec
DevSecOps | DevOps SecDevSecOps | DevOps Sec
DevSecOps | DevOps SecRubal Jain
 
Principles of Monitoring Microservices
Principles of Monitoring MicroservicesPrinciples of Monitoring Microservices
Principles of Monitoring MicroservicesMichael Ducy
 
Contain your risk: Deploy secure containers with trust and confidence
Contain your risk: Deploy secure containers with trust and confidenceContain your risk: Deploy secure containers with trust and confidence
Contain your risk: Deploy secure containers with trust and confidenceBlack Duck by Synopsys
 
Web & Cloud Security in the real world
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real worldMadhu Akula
 
Aleksei Dremin - Application Security Pipeline - phdays9
Aleksei Dremin - Application Security Pipeline - phdays9Aleksei Dremin - Application Security Pipeline - phdays9
Aleksei Dremin - Application Security Pipeline - phdays9Alexey Dremin
 
Secure Node Code (workshop, O'Reilly Security)
Secure Node Code (workshop, O'Reilly Security)Secure Node Code (workshop, O'Reilly Security)
Secure Node Code (workshop, O'Reilly Security)Guy Podjarny
 
[OWASP Poland Day] A study of Electron security
[OWASP Poland Day] A study of Electron security[OWASP Poland Day] A study of Electron security
[OWASP Poland Day] A study of Electron securityOWASP
 
V brownbag sept-14-2016
V brownbag sept-14-2016V brownbag sept-14-2016
V brownbag sept-14-2016Anthony Chow
 
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...Christian Schneider
 
Hacking IoT with EXPLIoT Framework
Hacking IoT with EXPLIoT FrameworkHacking IoT with EXPLIoT Framework
Hacking IoT with EXPLIoT FrameworkPriyanka Aash
 
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, CheaperTesting in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, CheaperGene Gotimer
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliveryTim Mackey
 

Was ist angesagt? (20)

Outpost24 webinar mastering container security in modern day dev ops
Outpost24 webinar mastering container security in modern day dev opsOutpost24 webinar mastering container security in modern day dev ops
Outpost24 webinar mastering container security in modern day dev ops
 
Serverless Security: What's Left To Protect
Serverless Security: What's Left To ProtectServerless Security: What's Left To Protect
Serverless Security: What's Left To Protect
 
Better Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryBetter Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous Delivery
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
 
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability Management
 
Monitoring & Securing Microservices in Kubernetes
Monitoring & Securing Microservices in KubernetesMonitoring & Securing Microservices in Kubernetes
Monitoring & Securing Microservices in Kubernetes
 
DevSecOps | DevOps Sec
DevSecOps | DevOps SecDevSecOps | DevOps Sec
DevSecOps | DevOps Sec
 
Principles of Monitoring Microservices
Principles of Monitoring MicroservicesPrinciples of Monitoring Microservices
Principles of Monitoring Microservices
 
Contain your risk: Deploy secure containers with trust and confidence
Contain your risk: Deploy secure containers with trust and confidenceContain your risk: Deploy secure containers with trust and confidence
Contain your risk: Deploy secure containers with trust and confidence
 
Humla workshop on Android Security Testing - null Singapore
Humla workshop on Android Security Testing - null SingaporeHumla workshop on Android Security Testing - null Singapore
Humla workshop on Android Security Testing - null Singapore
 
Web & Cloud Security in the real world
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real world
 
Aleksei Dremin - Application Security Pipeline - phdays9
Aleksei Dremin - Application Security Pipeline - phdays9Aleksei Dremin - Application Security Pipeline - phdays9
Aleksei Dremin - Application Security Pipeline - phdays9
 
Securing Apache Web Servers
Securing Apache Web ServersSecuring Apache Web Servers
Securing Apache Web Servers
 
Secure Node Code (workshop, O'Reilly Security)
Secure Node Code (workshop, O'Reilly Security)Secure Node Code (workshop, O'Reilly Security)
Secure Node Code (workshop, O'Reilly Security)
 
[OWASP Poland Day] A study of Electron security
[OWASP Poland Day] A study of Electron security[OWASP Poland Day] A study of Electron security
[OWASP Poland Day] A study of Electron security
 
V brownbag sept-14-2016
V brownbag sept-14-2016V brownbag sept-14-2016
V brownbag sept-14-2016
 
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
 
Hacking IoT with EXPLIoT Framework
Hacking IoT with EXPLIoT FrameworkHacking IoT with EXPLIoT Framework
Hacking IoT with EXPLIoT Framework
 
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, CheaperTesting in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
 

Ähnlich wie Evaluating container security with ATT&CK Framework

A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17Mario-Leander Reimer
 
A hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stackA hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stackQAware GmbH
 
How to Prepare for Linux Foundation CKS Exam?
How to Prepare for Linux Foundation CKS Exam?How to Prepare for Linux Foundation CKS Exam?
How to Prepare for Linux Foundation CKS Exam?AdinaCoyle
 
Behind the Code 'September 2022 // by Exness
Behind the Code 'September 2022 // by ExnessBehind the Code 'September 2022 // by Exness
Behind the Code 'September 2022 // by ExnessMaxim Gaponov
 
Open source security tools for Kubernetes.
Open source security tools for Kubernetes.Open source security tools for Kubernetes.
Open source security tools for Kubernetes.Michael Ducy
 
12 Ways Not to get 'Hacked' your Kubernetes Cluster
12 Ways Not to get 'Hacked' your Kubernetes Cluster12 Ways Not to get 'Hacked' your Kubernetes Cluster
12 Ways Not to get 'Hacked' your Kubernetes ClusterSuman Chakraborty
 
Embacing service-level-objectives of your microservices in your Cl/CD
Embacing service-level-objectives of your microservices in your Cl/CDEmbacing service-level-objectives of your microservices in your Cl/CD
Embacing service-level-objectives of your microservices in your Cl/CDNebulaworks
 
DevSecCon Lightning 2021- Container defaults are a hackers best friend
DevSecCon Lightning 2021- Container defaults are a hackers best friendDevSecCon Lightning 2021- Container defaults are a hackers best friend
DevSecCon Lightning 2021- Container defaults are a hackers best friendEric Smalling
 
Using ATT&CK® for Containers to Level Up your Cloud Defenses - Jen Burns, fwd...
Using ATT&CK® for Containers to Level Up your Cloud Defenses - Jen Burns, fwd...Using ATT&CK® for Containers to Level Up your Cloud Defenses - Jen Burns, fwd...
Using ATT&CK® for Containers to Level Up your Cloud Defenses - Jen Burns, fwd...Jennifer Burns
 
Containerising bootiful microservices javaeeconf
Containerising bootiful microservices javaeeconfContainerising bootiful microservices javaeeconf
Containerising bootiful microservices javaeeconfIvan Vasyliev
 
Nutanix NCP-MCI Exam | How to Prepare
Nutanix NCP-MCI Exam | How to PrepareNutanix NCP-MCI Exam | How to Prepare
Nutanix NCP-MCI Exam | How to PrepareAdinaCoyle
 
How to think like a threat actor for Kubernetes.pptx
How to think like a threat actor for Kubernetes.pptxHow to think like a threat actor for Kubernetes.pptx
How to think like a threat actor for Kubernetes.pptxLibbySchulze1
 
Kubernetes: Beyond Baby Steps
Kubernetes: Beyond Baby StepsKubernetes: Beyond Baby Steps
Kubernetes: Beyond Baby StepsDigitalOcean
 
kubectl apply -f cloud-Infrastructure.yaml mit Crossplane et al. @ CNN Munich
kubectl apply -f cloud-Infrastructure.yaml mit Crossplane et al. @ CNN Munichkubectl apply -f cloud-Infrastructure.yaml mit Crossplane et al. @ CNN Munich
kubectl apply -f cloud-Infrastructure.yaml mit Crossplane et al. @ CNN MunichQAware GmbH
 
Hardening Kubernetes by Securing Pods
Hardening Kubernetes by Securing PodsHardening Kubernetes by Securing Pods
Hardening Kubernetes by Securing PodsSuraj Deshmukh
 
CA Spectrum® Just Keeps Getting Better and Better
CA Spectrum® Just Keeps Getting Better and BetterCA Spectrum® Just Keeps Getting Better and Better
CA Spectrum® Just Keeps Getting Better and BetterCA Technologies
 
Under-reported Security Defects in Kubernetes Manifests
Under-reported Security Defects in Kubernetes ManifestsUnder-reported Security Defects in Kubernetes Manifests
Under-reported Security Defects in Kubernetes ManifestsAkond Rahman
 
Cloud-native .NET Microservices mit Kubernetes
Cloud-native .NET Microservices mit KubernetesCloud-native .NET Microservices mit Kubernetes
Cloud-native .NET Microservices mit KubernetesQAware GmbH
 
Protecting Pipeline DevOps and IaC
Protecting Pipeline DevOps and IaCProtecting Pipeline DevOps and IaC
Protecting Pipeline DevOps and IaCFernando Cardoso
 

Ähnlich wie Evaluating container security with ATT&CK Framework (20)

A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
 
A hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stackA hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stack
 
How to Prepare for Linux Foundation CKS Exam?
How to Prepare for Linux Foundation CKS Exam?How to Prepare for Linux Foundation CKS Exam?
How to Prepare for Linux Foundation CKS Exam?
 
Kubernetes 101 for_penetration_testers_-_null_mumbai
Kubernetes 101 for_penetration_testers_-_null_mumbaiKubernetes 101 for_penetration_testers_-_null_mumbai
Kubernetes 101 for_penetration_testers_-_null_mumbai
 
Behind the Code 'September 2022 // by Exness
Behind the Code 'September 2022 // by ExnessBehind the Code 'September 2022 // by Exness
Behind the Code 'September 2022 // by Exness
 
Open source security tools for Kubernetes.
Open source security tools for Kubernetes.Open source security tools for Kubernetes.
Open source security tools for Kubernetes.
 
12 Ways Not to get 'Hacked' your Kubernetes Cluster
12 Ways Not to get 'Hacked' your Kubernetes Cluster12 Ways Not to get 'Hacked' your Kubernetes Cluster
12 Ways Not to get 'Hacked' your Kubernetes Cluster
 
Embacing service-level-objectives of your microservices in your Cl/CD
Embacing service-level-objectives of your microservices in your Cl/CDEmbacing service-level-objectives of your microservices in your Cl/CD
Embacing service-level-objectives of your microservices in your Cl/CD
 
DevSecCon Lightning 2021- Container defaults are a hackers best friend
DevSecCon Lightning 2021- Container defaults are a hackers best friendDevSecCon Lightning 2021- Container defaults are a hackers best friend
DevSecCon Lightning 2021- Container defaults are a hackers best friend
 
Using ATT&CK® for Containers to Level Up your Cloud Defenses - Jen Burns, fwd...
Using ATT&CK® for Containers to Level Up your Cloud Defenses - Jen Burns, fwd...Using ATT&CK® for Containers to Level Up your Cloud Defenses - Jen Burns, fwd...
Using ATT&CK® for Containers to Level Up your Cloud Defenses - Jen Burns, fwd...
 
Containerising bootiful microservices javaeeconf
Containerising bootiful microservices javaeeconfContainerising bootiful microservices javaeeconf
Containerising bootiful microservices javaeeconf
 
Nutanix NCP-MCI Exam | How to Prepare
Nutanix NCP-MCI Exam | How to PrepareNutanix NCP-MCI Exam | How to Prepare
Nutanix NCP-MCI Exam | How to Prepare
 
How to think like a threat actor for Kubernetes.pptx
How to think like a threat actor for Kubernetes.pptxHow to think like a threat actor for Kubernetes.pptx
How to think like a threat actor for Kubernetes.pptx
 
Kubernetes: Beyond Baby Steps
Kubernetes: Beyond Baby StepsKubernetes: Beyond Baby Steps
Kubernetes: Beyond Baby Steps
 
kubectl apply -f cloud-Infrastructure.yaml mit Crossplane et al. @ CNN Munich
kubectl apply -f cloud-Infrastructure.yaml mit Crossplane et al. @ CNN Munichkubectl apply -f cloud-Infrastructure.yaml mit Crossplane et al. @ CNN Munich
kubectl apply -f cloud-Infrastructure.yaml mit Crossplane et al. @ CNN Munich
 
Hardening Kubernetes by Securing Pods
Hardening Kubernetes by Securing PodsHardening Kubernetes by Securing Pods
Hardening Kubernetes by Securing Pods
 
CA Spectrum® Just Keeps Getting Better and Better
CA Spectrum® Just Keeps Getting Better and BetterCA Spectrum® Just Keeps Getting Better and Better
CA Spectrum® Just Keeps Getting Better and Better
 
Under-reported Security Defects in Kubernetes Manifests
Under-reported Security Defects in Kubernetes ManifestsUnder-reported Security Defects in Kubernetes Manifests
Under-reported Security Defects in Kubernetes Manifests
 
Cloud-native .NET Microservices mit Kubernetes
Cloud-native .NET Microservices mit KubernetesCloud-native .NET Microservices mit Kubernetes
Cloud-native .NET Microservices mit Kubernetes
 
Protecting Pipeline DevOps and IaC
Protecting Pipeline DevOps and IaCProtecting Pipeline DevOps and IaC
Protecting Pipeline DevOps and IaC
 

Kürzlich hochgeladen

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 

Kürzlich hochgeladen (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

Evaluating container security with ATT&CK Framework

  • 1. EVALUATING CONTAINER SECURITY WITH ATT&CK FRAMEWORK • Sandeep Jayashankar • Nov 2020
  • 2. EVALUATIN G CONTAINER SECURITY WITH ATT&CK FRAMEWOR K Containers •Current Tech Landscape •Vuln Timeline •Most Recent Vulnerabilities •Misconfiguration Attacks Container Runtime Challenges ATT&CK for Containers •Introduction •Use Cases •Threat Matrix Practical approach to ATT&CK Conclusion
  • 3. CONTAINERS – CURRENT TECH LANDSCAPE
  • 5. CONTAINERS – MOST RECENT VULNERABILITIES CVE-2020- 2121 Jenkins Kubernetes Engine plugin Remote Code Execution with arbitrary installs https://www.tigera.io/blog/kubernetes-q3-2020-threats-exploits-and-ttps/ https://sysdig.com/blog/falco-cve-2020-8566-ceph/ https://sysdig.com/blog/cve-2020-8563-vsphere-credentials-cloud-controller- manager/ CVE-2020- 14386 Linux Kernel Privilege Escalation due to packet socket memory corruption CVE-2020- 8563 CVE-2020- 8558 kube-controller- manager vSphere credential leak Ceph cluster adminSecrets exposed when logLevel >=4
  • 6. CONTAINERS – MISCONFIG ATTACKS https://jarv.is/notes/shodan-search-queries/ Exposed Containers Including Public Containers Using Privileged Containers https://containerjournal.com/topics/container-security/why-running-a-privileged-container-is-not-a-good
  • 7. CONTAINER RUNTIME CHALLENGES Monitoring • Containers are ephemeral, lightweight. • Deployed in large numbers • Monitoring containers different from VM hosts Isolation • Share same underlying operating system, volumes, and disks • Container breakout exploits at large (running with privileged flags) • More containers, more data and network traffic, more access controls Orchestration • Confusion in setting configurations • Data Leaks in Log files • Vulnerabilities in other orchestration components Response • Taking down compromised and bringing up brand new image • What if CI/CD limitations to push from Dev-Prod? • What if image compromised? ttps://capsule8.com/blog/security-challenges-for-containers-in-runtime/ Source: Forrester Research Report
  • 8. ATT&CK FOR CONTAINERS - INTRODUCTION • Adversarial Tactics, Techniques, And Common Knowledge • Understand Adversary Behavior using Threat Matrix • Defines Tactics, Techniques, and Procedures (TTPs) © 2020 PAYPAL INC. CONFIDENTIAL AND PROPRIETARY. Cloud Matrix: https://attack.mitre.org/matrices/enterprise/cloud/gcp/ Advanced Persistent Threat Group
  • 9. ATT&CK FOR CONTAINERS – USE CASES https://attack.mitre.org/docs/training-cti/CTI%20Workshop%20Full%20Slides.pdf
  • 10. ATT&CK FOR CONTAINERS – THREAT MAP Initial Access : Adversary exploits an application vulnerability and gains initial access to a container. Execution: Adversary gets SSH credentials and connects to the service. Privilege Escalation: Adversary utilizes privileged container misconfiguration to gain total control of container. Defense Evasion: Adversary deletes container logs to hide their footprints. Credential Access: Adversary finds application credentials in configuration or log files. Lateral Movement: Adversary mounts writeable volumes of the host Impact: Adversary utilizes the host to mine cryptocurrencies https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/ Adversary Emulation
  • 11. CONCLUSION Identify adversary behavior Translate behavior into TTPs Map data in a visualized manner Plan mitigations based mapped data Common Knowledge helps educate developers, security personnel and system administrators

Hinweis der Redaktion

  1. Infrastructure: Container Runtime components Orchestration components Automation CI/CD tooling Service Mesh Messaging Container OS Platforms