Kubernetes is the popular container orchestration platform developed by Google to manage large-scale containerized applications. Kubernetes manages microservices applications over a distributed cluster of nodes. It is very resilient and supports scaling, rollback, zero downtime, and self-healing containers.

The primary aim of Kubernetes is to mask the complexity of overseeing a large fleet of containers. It can run on bare metal machines in an on premise data center as well as on private or public cloud platforms such as Azure, OpenShift, and AWS.

Kubernetes security is a complex undertaking, and organizations everywhere are scrambling to secure their containerized workloads. One very specific and critical aspect of Kubernetes security is Kubernetes incident response. This includes:

  • What to do when your Kubernetes cluster is attacked.
  • How to coordinate efforts in your organization to deal with an attack.
  • How to ensure you have an effective process as well as the necessary tools and data to investigate and recover from any security incident.

Kubernetes Incident Response Components

Incident response is a structured process that an organization uses to detect, manage, and recover from a cybersecurity event. The ultimate aim is to manage the incident successfully so that recovery costs, downtime, and collateral damage (including business losses and brand debasement) are minimal.

To enable an efficient incident response, it is essential to involve individuals from all areas within an organization. Depending on the escalation path, inclusion can reach beyond the obvious technical and security teams to include Client Support, Human Resources, Legal, Compliance, and Senior executives.

Since many guides do not specifically include Kubernetes, an organization should consider the following organizational elements that need to participate in a Kubernetes incident response process.

DevOps

Responding to a Kubernetes security incident almost always requires a deployment, a rollback, a change to cluster configuration, or some combination (Read more...)