Chapter 3. Observable State
Itâs impossible to secure what cannot be seen. Anyone who has ever worked in a security operations center (SOC) can tell you that their everyday work entails using lots of log analysis software, alerting SOC analysts to any anomaly that appears. Effective defensive security requires logging as many devices and applications in the network as possible, keeping an eye on those logs, and staying informed about performance metrics. If an event isnât logged, it will be missed by security monitoring software and the human professionals using it. Zero trust architecture (ZTA) is something a secure Kubernetes deployment must have, but it doesnât come with Kubernetes software out of the box. Establishing an observable state means that all the events and metrics within your application are visible to security controls and the human beings who manage them.
Sounds simple, doesnât it? Especially since intrusion detection systems and intrusion prevention systems (IDSs and IPSs), endpoint detection and response (EDR) systems, firewalls, and security information and event management (SIEM) systems can be configured to automate most of the log analysis and anomaly detection processes in enterprise networks. A typical enterprise network logs hundreds or thousands of events every minute, so automating as much as possible is an absolute necessity.
Cloud-driven application networks are integral to most enterprises these days. But itâs important to recognize that ...
Get Zero Trust Architecture in Kubernetes now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
