Boost Your Container Security with Kubernetes Cluster Awareness

Jan 29, 2021
4 minutes

Organizations typically run their applications on multiple Kubernetes clusters. Many times, different clusters are used to run the same application in different stages of the application lifecycle. In these instances, the container images are shared among different clusters, making the cluster itself an important consideration for security. Security teams need Kubernetes cluster awareness to keep track of runtime behavior and incidents, get visibility into the security posture of their deployed infrastructure and identify trusted images or manage vulnerabilities. 

To better facilitate these use cases, Prisma Cloud now allows customers to leverage Kubernetes-native constructs to map rules and policies, allowing them to view runtime audits more efficiently. This means customers can segment their Radar view to specific clusters, view image scan results by cluster, define trust groups and get reliable runtime protection. Continue reading to understand how Kubernetes cluster awareness improves visibility and runtime audits.

Ensuring Accurate Runtime Protection 

Prisma Cloud customers often rely on machine learning tools to detect and prevent any deviation from normal container behavior. But containers of the same application can behave differently in different stages of the application lifecycle. For example, containers run different processes in a development cluster compared to a production environment. This lack of "cluster awareness" can cause the machine learning protocols to generate false positives. Providing cluster awareness allows Prima Cloud to take this context into account. As a result, users get a more reliable, automated learning model of the runtime behavior based on the coupling of image, namespace and cluster. This significantly reduces false positives, resulting in more accurate runtime protection.


Using Radar to visualize container architecture
Using Radar to visualize container architecture

Furthermore, when security teams investigate different runtime events in Prisma Cloud, they get a more complete picture of the container including the details of the cluster.


Details from an audit of containers in runtime.
Details from an audit of containers in runtime


Delivering Enhanced Visibility Based on Clusters

Organizations often don't have enough visibility into the cloud infrastructure deployments supporting their applications. They lack the context on how and where the applications are running, which inhibits their ability to adequately understand their security posture. Prisma Cloud helps mitigate these blind spots by using Kubernetes native constructs to define environments and security policies. Customers can simply use the cluster pivot in Radar to build a clear map of their environment to get valuable stats as well as drill into each cluster to evaluate its attack surface, risk level and network connectivity.


Dashboard in Prisma Cloud showing a list of Kubernetes clusters
New Prisma Cloud dashboard surfacing all clusters in a user environment


Defining Trusted Images 

Defining trusted images is an important security control, and is often required by different security benchmarks. Trusted images allow DevOps or security teams to ensure images originate from a known, trustworthy source. 

In order to define a good security policy for a trusted image, security teams need to take into account the cluster context. Kubernetes cluster awareness allows you to scope the rules per clusters and/or define your trust groups by checking and approving the images running on these clusters  – and therefore alert or deny images that deviate from your defined trust groups 


Kubernetes Cluster Awareness Is The Name Of The Game 

It’s evident from these use cases and examples how Kubernetes cluster awareness can improve visibility into security posture and help define better security policies while delivering better runtime protection. This becomes even more critical as security teams grapple with rapid container adoption and a constantly evolving Kubernetes environment. For more details about our latest release, please visit our announcement blog.

Subscribe to Cloud Native Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.