Know Your Enemy - Mapping Security Risks Using Threat Matrix for Kubernetes
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Explore the Kubernetes security landscape through a comprehensive conference talk on the Threat Matrix for Kubernetes. Dive into the updated version of this knowledge base, which systematically covers security threats targeting Kubernetes environments. Learn how defenders and SecOps engineers can leverage the matrix to protect Kubernetes workloads, map real-world attacks to specific techniques, and measure organizational security coverage. Compare the Threat Matrix with MITRE's ATT&CK framework for containers, understanding the differences and benefits of each approach. Gain valuable insights into the Kubeflow Pipelines campaign, security coverage measurement, and practical applications of both matrices for enhanced visibility in Kubernetes environments. Equip yourself with key takeaways and useful resources to strengthen your Kubernetes security posture.
Syllabus
Intro
Where did we start?
Kubernetes threat landscape
Threat Matrix for Kubernetes
Examples
Kubeflow Pipelines campaign
Measuring the security coverage
MITRE ATT&CK for Containers
Which matrix should I use?
Key takeaways
Final words
Useful links
Taught by
CNCF [Cloud Native Computing Foundation]