CAST AI Automates Kubernetes Security Posture Management to Block Runtime Threats
CAST AI boasts that its Kubernetes automation platform cuts AWS, Azure and Google Cloud Platform costs by more than 50%. The company’s founder now said its platform can dramatically reduce security threats.
Gil Laurent, CAST AI founder and chief product officer, explained to Security Boulevard the newly released Kubernetes Security Posture Management (KSPM) capabilities identify misconfigurations within clusters, image vulnerabilities and misconfigurations, as well as runtime security-related anomalies through scans in real-time. Laurent said the KSPM addition to their platform extends its native AI analysis to provide automated threat blocking and suggestions to remediate weaknesses that make systems susceptible to breach.
Adrien Carreira, head of infrastructure at machine learning tool provider Hugging Face, said in a statement that Hugging Face sought to increase the security of their Kubernetes applications, including detecting runtime threats. According to Carreura, the agentless tools they had tried fell short of detecting threats in runtime. They deployed CAST AI’s KSPM tool, and it identified and blocked 20 times more runtime threats than the other security tools they evaluated. Carreira said they use anomaly detection in full-blocking mode.
“CAST AI has created a flexible runtime engine that lets us selectively choose different rules. The solution was simple to implement; everything came right out of the box. Our team can now focus on creating value,” Carreira told Security Boulevard in an email exchange.
Laurent said the KSPM capabilities are immediately deployable and integrate with existing permissions.
The capabilities expected within KSPM tools include real-time monitoring and compliance checks, automated policy enforcement and integration with existing security tools such as SIEM products and other security platforms. While often combined with cloud security posture management (CSPM) tools, KSPM is tailored explicitly for Kubernetes and provides specialized policy frameworks for container orchestration and security. KSPM tools don’t look at broader perimeter defenses found in CSPM tools.
Ivan Gusev, principal cloud architect at supply-side advertising platform provider OpenX, told Security Boulevard that the integration capabilities with CAST AI’s KSPM changed how they managed and secured Kubernetes in their environment. “We now have a single platform that handles everything automatically, making our Kubernetes environment secure while reducing our cloud costs. Another advantage is that the platform frees up our team from the day-to-day worries of managing the environment, allowing us to focus on higher-value tasks,” Gusev said.
There has been considerable movement in the KSPM market recently. Dynatrace announced in May that it would add KSPM capabilities to its observability platform. The capabilities came from its earlier acquisition of Runecast technology. In April, Datadog also introduced KSPM capabilities to its Cloud Security Management product, providing 100 Kubernetes detection rules assessments against industry security standards such as CIS.
Laurent shared a story about one of the customers that sparked the idea of adding the KSPM capabilities to the CAST AI platform. They monitored a banking customer and identified bad actors running a crypto-mining operation within the environment. “This was a mobile banking app, and there were about 40 containers that were not doing banking functions. They were just doing crypto mining,” he recalled. One of the early KSPM users turned on the runtime security capabilities, and they identified 235 containers that were running crypto-mining processes. “We had other customers with systems behaving as a hacking tool. We found a lot of things,” Laurent said.
