Uptycs Enhances Kubernetes RBAC Security With Identity Risk Capabilities

Blog Author
Jeremy Colvin

Uptycs is announcing new capabilities that simplify, monitor, and secure role-based access control (RBAC) for Kubernetes deployments today at Kubecon EU. Uptycs seamlessly plugs into your Kubernetes control plane to capture and normalize real-time data for threat hunting, vulnerability management, compliance enforcement, asset inventory, and now RBAC telemetry as well.

 

Uptycs’ RBAC security solution for Kubernetes brings clarity and risk analysis to the ever-growing mesh of users and roles at the foundation of your container deployments. Visualize relationships with the RBAC relationship graph, home in on overly privileged user or service accounts with out of the box analysis (e.g., users with exec privileges or access to shared secrets), and investigate configurations to ensure the right users have the right access.

 

Join Uptycs’ Sudarsan Kannan (director of product management) and Siban Mishra (senior product manager) on our Uptycs Live webinar covering RBAC security for Kubernetes.

 

Resolving Relationships for Kubernetes 

The k8s control plane is the orchestrator for your running clusters, nodes, and containers. If a threat actor compromises your control plane or a privileged account, they can steal secrets, create privileged pods, hop around your infrastructure, and worse.

 

Kubernetes can be an intimidating layer of API calls supporting your infrastructure. Thankfully, among those objects exists well-supported calls for RBAC policy implementation and control. While k8s makes it easy to apply RBAC policies to users, quality-of-life features stop once roles are applied. As environments scale up, k8s container deployments become a web of access roles layered on top of users, with extreme difficulty to parse who truly has access to what. This creates risky configurations with users having overprivileged access to delete resources, exec into pods, or access shared secrets.

 

This is problematic. In runtime, teams struggle to gain visibility into the real-time relationship of users to roles and what they are able to access.

 

Next we walk through two use cases to understand these relationships and gain easy-to-digest visibility. 

 

Spot the Needle - Parsing k8s RBAC Relationships

Visibility Into User & Role Relationships

Key issue: Security administrators need complete visibility into those activities a user/group/service account can perform on runtime k8s resources.

 

Challenge: Access management and RBAC often requires a highly manual workflow to initiate access, monitor permission creep, and hunt for overprivileged accounts. Dynamic layering of users and roles makes it difficult to see the forest for the trees and zero in on specific roles or users.  

 

Solution: Uptycs correlates relationships, making it easy to see which user accounts have access to a specific pod or set of clusters. Visualize this using the RBAC relationship graph, mapping specific container resources to cluster admin roles, service accounts, and user actions. 

 

Risk Hunting Across Runtime Roles

Key Issue: Security admins need to easily discover RBAC risks across their Kubernetes deployment. Left unaddressed, they might allow attackers to gain privilege and perform nefarious activities.

 

Challenge: Parsing who has access to what becomes increasingly difficult as operations scale up. Manually hunting for potential risky users, roles, and resources is impractical. Security teams need a solution that provides clear direction on accounts having all privileges for specific nodes, access to secrets, or kubectl exec privileges.

 

Solution: Uptycs offers mapping of risky configurations out of the box. Correlating these findings makes it easy to quickly understand what’s going on and act. With a few seconds you can find and investigate:

 

  • Subjects having privileges on all resources
  • Subjects having all privileges on a single resource
  • Who can exec into pods
  • Who can access secrets
  • Who can delete k8s events

Uptycs + Kubecon EU

Want to learn more about these new RBAC features and get a hands-on walkthrough?

 

Come see Uptycs in booth #G18 at Kubecon EU. Ask us about threat detection and how we’re supporting your developers with security across the cloud native application lifecycle.

 

And on April 18th, Director of Product Management Sudarsan Kannan will be joining us on Uptycs Live to share his decades of experience in identity management and the future of cloud native security. Register here for our “RBAC Security for Kubernetes: How to Keep Your Clusters Safe” webinar.