Portshift is a Tel Aviv-based cybersecurity firm that provides a Kubernetes-native security solution – “a single source of truth for containers and cloud-native applications security.” It has raised over $5 million to date. Chief executive and co-founder Ran Ilany tells Red Herring about Google-designed Kubernetes’ security weaknesses, a new generation of bad actors and how COVID-19 has affected the market.
RH: Why did you focus specifically on Kubernetes?
Portshift has identified the security gap of organizations adopting Kubernetes since the early days when the company was established in 2018. Virtualization abstracted physical data centers, cloud abstracted operating systems and application infrastructures, giving developers and the business direct access to resources without the need to manage their infrastructure (e.g. databases, web servers, API gateways etc).
While security teams are expected to win the continuous cyber war against hackers, they remain stranded with minimal to no tools in the toolbox. The cloud causes traditional control planes to be obsolete, from firewalls and IPS’s to host-based security tools, current technologies cannot be implemented in an effective and constructive manner.
What are the primary security shortfalls associated with Kubernetes?
Unlike container platforms like Docker—which allow for the creation and running of containers on a single host—container orchestrators like Kubernetes delegate workloads across many container hosts and handle tasks such as networking, scaling, and redundancy.
Kubernetes is designed first and foremost for orchestration – not security. The main point of entry is the Kubernetes API. By default, it uses basic credential-based authentication, which provides an easy point of entry for both developers and attackers. In late 2018, a remote code execution vulnerability left nearly 1,500 Kubernetes publicly exposed to attacks.
To prevent this DevOps should start by blocking the API from public access and implementing stronger authentication strategies. In addition, DevOps using authorization techniques such as Role-Based Access Control (RBAC) will help to limit the actions available to each API user.
Portshift deeply integrates with Kubernetes to deliver rich context, declarative policy enforcement, improving risk profiling, vulnerability management, runtime detection and remediation. Portshift streamlines containerized applications security from code to runtime with Kubernetes-native architecture. Both DevOps and Security teams work off the same view and leverage the same controls.
What will be the biggest trends in Kubernetes-focused security tech in the next 12-24 months?
As more and more organizations continue to expand on their usage of containerized software, Kubernetes will increasingly become the de facto deployment and orchestration target moving forward. As the footprint of just about any system or platform increases, so does the target on its back.
As the adoption of Kubernetes and deployment of container-based applications in production accelerate to much higher volumes than we’ve seen to date, we can expect more security incidents to occur. It’s not that Kubernetes has inherent security issues, per se. In fact, there’s a visible commitment to security in the community. It simply comes with some new considerations and strategies for managing risks. Bad actors are getting better at spotting vulnerabilities.
How has the pandemic affected your ability to do business?
The pandemic has created an enormous challenge for businesses worldwide: to continue operating despite massive shutdowns of offices and other facilities. The surge in communications and the wholesale shift to operate businesses online have at the same time increased the risk of cyberattacks by an order of magnitude.
They have also introduced a wide range of new risks. Organizations’ perimeter security is at risk of being breached. They need always-on surveillance and real-time risk analysis for breaches at both physical and digital entry points.
Security and risk management leaders now must safeguard their companies on a massive scale, and quickly. They must ensure that their enterprises’ online services and digital platforms are resilient against cyberattacks. Enforcing enterprise security policies and controls on the remote workforce is a difficult task.