Kubernetes® Security Posture Management (KSPM)
Note
Kubernetes® Security Posture Management (KSPM) is at the Preview stage and provided upon request. Also, it requires access to Security Deck workspaces.
To get access, contact support or your account manager.
If you want to use an AI assistant to work with alerts, request access to it as well.
Warning
To make sure KSPM works correctly:
- Use Kubernetes version 1.28 or higher.
- Check these is no admission control based on Kyverno in the Kubernetes cluster. If you deployed Kyverno earlier, delete it along with all CustomResourceDefinition resources it has created.
Kubernetes Security Posture Management (KSPM) ensures the security of containerized applications and images they use.
The KSPM module automatically identifies all Kubernetes clusters and containers in the specified workspace, and deploys security components in them as defined in the configuration. New clusters automatically get security coverage, without requiring manual search or installation of any components.
The module continuously assesses workloads for misconfigurations and provides runtime security monitoring through sensors that detect attacks targeting nodes and containers.
The KSPM configuration is set when you create a workspace and may include checking clusters for compliance with the following standards:
-
Kubernetes Pod Security Standards (Restricted): This standard contains security controls based on the Kubernetes Pod Security Standards (PSS) Restricted profile. A restricted profile is the most secure and provides the highest detection efficiency for container-based attacks. It applies strict security policies that may require modifying applications to ensure compliance. A restricted profile is recommended for security-critical applications and environments where maximum security is required. -
Kubernetes Pod Security Standards (Baseline): This standard contains security controls based on the Kubernetes Pod Security Standards (PSS) Baseline profile. A baseline profile is designed for easy implementation and provides common best practices for container security. It prevents the most common security issues in containers while maintaining compatibility with most applications. The baseline profile is a good starting point for organizations just getting started with container security. -
Microsoft Threat Matrix for Kubernetes: This standard contains security controls based on the Microsoft Threat Matrix for Kubernetes, which is a framework that helps security teams understand and fend off threats specific to Kubernetes environments. It provides a comprehensive approach to attack methods and defensive strategies tailored for container orchestration platforms.
The KSPM module allows you to flexibly select and customize security rules to meet your organization's specific requirements, as well as create rule exceptions.
For each security rule violation, an alert is created with a detailed description of the violation, severity, detection time, list of affected resources and troubleshooting recommendations.
You can manage troubleshooting for each specific alert:
- Assign persons responsible for troubleshooting.
- Manage the alert status.
- Leave comments.
- Keep track of troubleshooting progress.
- Request analysis from the AI assistant.
For more information, see Activating KSPM.