Chapter 11. Threat Defense and Intrusion Detection

In this chapter we will explore how you can implement threat defense for your Kubernetes cluster. We have covered the stages of your Kubernetes deployment (build, deploy, runtime) in earlier chapters. This chapter focuses on threat defense, which is security for the runtime stage. We will cover the following concepts to help you understand threat defense in a Kubernetes cluster and why you need it.

Threat defense for a Kubernetes cluster, including why you need it and how it differs from traditional security
Intrusion detection for Kubernetes
Advanced threat defense techniques

Let’s explore each of these in detail. We start with threat defense and why it is important.

Threat Defense for Kubernetes (Stages of an Attack)

To understand threat defense, a great place to start is to review the cybersecurity kill chain, which breaks down an attack into several stages. This is then used to build a strategy to defend against the attack. The cyber kill chain has the following stages:

Reconnaissance: Adversaries probe the target and gather information.
Weaponization: The adversary creates a method to attack, which could be a new vulnerability, a variant of an existing vulnerability, or a simple exploit of an insecure configuration.
Delivery: The adversary creates a method to deliver the vulnerability or exploit to the target or a location that can be used to attack the target.
Exploitation: The adversary implements methods to trigger ...

Get Kubernetes Security and Observability now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Kubernetes Security and Observability by Brendan Creane, Amit Gupta

Chapter 11. Threat Defense and Intrusion Detection

Threat Defense for Kubernetes (Stages of an Attack)

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly