Expel announces MDR for Kubernetes with MITRE ATT&CK framework alignment

Security operations provider Expel has announced the general availability of Expel managed detection and response (MDR) for Kubernetes. The firm said the product enables customers to secure their business across their Kubernetes environment and adopt new technologies at scale without being hindered by security concerns. It has also been designed to align with the MITRE ATT&CK framework to help teams remediate threats and improve resilience, Expel added.

Kubernetes is an open-source orchestration system that relies on containers to automate the deployment, scaling, and management of applications, usually in a cloud environment. Over time, it has become the de facto operating system of the cloud, but can also pose significant security risks and challenges for businesses.

Expel MDR for Kubernetes addresses configuration, control panel, run-time security

Expel MDR for Kubernetes enables teams to quickly detect and respond to security risks in their Kubernetes environments without slowing down DevOps, enabling organizations to focus more on the priorities that matter most to the business, the company said in a press release. The offering provides insights across three core layers of Kubernetes applications: configuration, control panel, and run-time security. These include:

• Identification of cluster misconfigurations to help businesses stay ahead of pervasive misconfigurations, with reference to the Center for Information Security (CIS) Kubernetes benchmark for best practices to recommend configuration improvements
• Integration with Amazon Elastic Kubernetes Service (EKS) and Google Kubernetes Engine (GKE) infrastructure, analyzing Kubernetes audit logs, applying custom detection logic to malicious or interesting activity, and providing remediation recommendations
• Integration with a portfolio of run-time container security vendors to provide customers more value from the tech they already use

Expel MDR for Kubernetes also aligns to the MITRE ATT&CK framework, providing Expel-written detections that learn and adapt based on activity in the environment, helping customers address Kubernetes threats and apply best-practices to track Kubernetes security posture over time, Expel said. Expel MDR for Kubernetes is available now.

Organizations face significant Kubernetes security challenges

Redhat’s 2022 State of Kubernetes security report highlighted the biggest Kubernetes security threats and challenges impacting businesses, based on survey results from more than 300 DevOps, engineering, and security professionals. It discovered that 93% of respondents experienced at least one security incident in their Kubernetes environments in the previous 12 months, sometimes leading to revenue or customer loss. A combination of likely contributing factors was cited, including a lack of security knowledge about containers and Kubernetes, inadequate or unfit security tooling, and central security teams unable to keep up with fast-moving application development teams.

Detected misconfigurations was the top security incident cited (53%), followed by major vulnerabilities (38%), runtime incidents (30%), and audit fails (22%). The report also highlighted stark discrepancy over which operational roles primarily own Kubernetes security, with just 16% of respondents able to identify the central IT security team to hold responsibility for Kubernetes security.

In 2021, the US National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint document entitled Kubernetes Hardening Guidance to help organizations deal with security in a containerized environment, which is more complex than traditional, monolithic software platforms.