Unraveling the State of Kubernetes Security in 2023

ARMO addresses 76% of key concerns highlighted in the Red Hat 2023 Report.

We analyzed one of our favorite annual reports – the Red Hat State of Kubernetes security report 2023. It’s chock full of really interesting data on one of our favorite topics: Kubernetes security! (Who knew?!)

In this post we’re going to unpack some of the most compelling data points, and compare them to previous years. We’ll also share some of our own insights and perspective on how this impacts you as a Kubernetes user.

State of Kubernetes security – TL;DR

If we had to summarize the report in the few short bullets that should matter to you, these are probably the primary takeaways from the data:

• Concern about misconfigurations has decreased from the previous two years. It has now evolved into more practical worry about how this translates to actual attacks and failing compliance––a concern which is rising.  
• The good news is that incidents and issues related to misconfiguration are down. This demonstrates that the industry has evolved quite a bit with regards to securing configurations. 
• Specific concern for vulnerability counts is consistent with previous years (does this mean we’re in CVE Shock?).
• However, runtime incidents & vulnerabilities are on the rise. This has resulted in more delayed deployments due to security, much more so than in the past
• Finally, there is a consensus that the responsibility for Kubernetes security is widely spread throughout organizations. This suggests that dedicated security teams are becoming more involved now. This is done mostly in an advisory capacity, to the many teams that need to attend to their piece of security.

Quick snapshot of the data across the years

Let’s take a closer look at this last question from the table above.

Kubernetes security and ARMO

ARMO invests a lot of effort to address the real security concerns of organizations deploying Kubernetes to production. This is highlighted by the fact that ARMO covers 76% of the concerns highlighted in the report.  

• 30% most concerned about Vulnerabilities – The team at ARMO realizes that identifying, tracking and assessing vulnerabilities is extremely time-consuming. As such ARMO Platform offers an easy and automated way to assess and prioritize them. Kubescape (the OSS engine that powers ARMO Platform) excelles in head-to-head benchmarking with other commercial and OSS Kubernetes security tools. See this excellent post by the Jit Security Research team that benchmarked Kubescape vs. other popular benchmark tools for coverage and accuracy. In addition, ARMO recently rolled out a Relevancy feature that adds another layer of focus to CVE prioritization. It helps identify those that need to be fixed first, in order to make the greatest impact on organizations’ Kubernetes security posture.

• 28% most worried about Misconfigurations – This one is next on the list of risks that respondents are most concerned about. Kubescape is constantly being updated with security controls that catch and remediate common misconfigurations encountered in the wild.

• 18% most troubled by Compliance – The concern for compliance doubled (!!) since last year (9%). Kubescape helps companies stay compliant with the most common Kubernetes security best practices by embedding industry-standard frameworks like CIS Kubernetes Benchmark, NSA, and MITRE ATT&CK in its security scanning. Using ARMO Platform teams can assess compliance and drift over time.

This means that THREE of the top risks that concern developers and security practitioners today with regards to Kubernetes security can be managed with a single pane of glass, and a holistic view.

It’s interesting to note that while the majority of companies with security misconfiguration concerns have indicated that they are constantly taking steps to address them (page 11). Yet, this is still not easily solved. The source of friction concentrated on aspects of remediation.  That is why ARMO has focused a lot of attention on deeply embedding remediation capabilities that run the gamut of integrations with common DevOps tooling. This, in addition to assisted remediation, and auto-remediation capabilities directly in GitHub through fix PRs with a practical solution.

The extensive vulnerability and misconfiguration coverage is made possible through the number of controls available out of the box, with more than 200+ controls (the most available on the market today), that are based on the industry standards noted above. This is also the backbone for ARMO Platform’s continuous compliance capabilities, that are rooted in all of the above. 

Security practitioners can monitor Kubernetes clusters with confidence using dashboards that indicate drift, provide immediate notifications of misconfigurations and new vulnerabilities. This comprehensive solution includes contextual security data, offering both informative and actionable insights. Best of all, it eliminates the need for extensive manual efforts or building from scratch.

Conclusion

The Red Hat State of Kubernetes Security report 2023 highlights the evolving landscape of Kubernetes security. While concerns have shifted towards actual attacks and compliance failures, concerns related to misconfigurations have decreased. Vulnerability counts remain a consistent concern, and runtime incidents and vulnerabilities are on the rise, leading to more delayed deployments. 

ARMO Platform is a comprehensive solution that covers 76% of the concerns raised in the report. It offers automated vulnerability assessment and remediation of misconfigurations. It provides dashboards, immediate notifications, and contextual security data for holistic monitoring of Kubernetes clusters. With this Kubernetes security tool, organizations can navigate Kubernetes security with confidence, ensuring hardened and compliant infrastructure.

Unifying AppSec, CloudSec and DevSec

The only runtime-driven, open-source first, cloud security platform:

Continuously minimizes cloud attack surface

Secures your registries, clusters and images

Protects your on-prem and cloud workloads

Powered by Kubescape & eBPF

See ARMO in Action