We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
What We've Learned from Scanning 10K+ Kubernetes Clusters by Rotem Refael
Discover the shocking security findings from scanning 10,000+ Kubernetes clusters, including misconfigurations, vulnerabilities, and risk levels. Learn how to improve posture management and runtime protection in this enlightening talk.
- Kubernetes clusters have at least one misconfiguration, and 100% of the scanned clusters had at least one misconfiguration.
- 96% of clusters used Kubernetes orchestration, and 91% of ungraduated projects used it.
- 40% of scans had more than 14 failed controls, indicating a significant security risk.
- 50% of clusters had at least one vulnerability.
- The top 5 CVEs found in the general population were found in ArgoCD, Prometheus, ArgoExit, Redis, and Bitnami.
- 90% of graduated projects failed on the “non-root container control” control.
- 28% of clusters were at risk, with an average risk level of 28%.
- 40 million Kubernetes objects were scanned, and 6000 clusters were checked.
- The importance of posture management and runtime protection was emphasized.
- Kubernetes is a rising trend in cloud native environment, with scaling being a major motivator.
- 99% of cloud breaches are caused by customer misconfiguration or mistakes.
- 84% of clusters failed on the “immutable root file system” control.
- The top 3 most common images scanned were: Docker, Red Hat, and AWS.
- 30% of vulnerable clusters were at risk, with over 30% vulnerable.
- The importance of focusing on vulnerabilities and misconfigurations in Kubernetes clusters was emphasized.
- Attacker focus on exploiting what is new, unsecured, or most vulnerable.
- 40% of scans had more than 14 failed controls, indicating a significant security risk.
- Many clusters were vulnerable to attacks because of misconfigurations.
- Kubernetes has become the new operating system or cloud operating system.