fwd:cloudsec 2023

Nathan Case

Nathan Case is a successful executive and builder, pushing for change in security and the culture surrounding it. Leading strategic initiatives and the creation of new technologies in the healthcare, information technology and cloud industries, focusing on security. A passion for Incident Response, and operational security in all forms. Pushing the bounds of threat detection and response.


Swimming with the Sharks. IR Kubed.
Nathan Case, Alon Girmonsky

Kubernetes' (K8s) poses unique challenges during incident investigation, API debugging, threat hunting, and detection. In this talk attendees will see an immersive exploration of incident response inside Kubernetes focusing on three common indicators of compromise: increased API throughput, suspicious payloads on ingress, and known bad IPs communicating with pods. We’ll cover API logging, network monitoring, and best practices for preparing your pods for security incidents.

Network overlays and service meshes, like Istio, also introduce additional layers of complexity which makes it difficult to keep an accurate record of traffic inside of a K8s cluster. Just having VPC flow logs or traditional network monitoring is often not enough. We’ll take a look at the pros and cons of implementing overlays and how they can lead to observability blind spots that could leave you in the dark in the event of an incident.

Whether you're a seasoned K8s user or just starting out, don’t miss this opportunity to look at K8s configuration and operation from the perspective of a seasoned incident responder.

Infrastructure & superstructure
Salon C