fwd:cloudsec 2023

Swimming with the Sharks. IR Kubed.
06-13, 12:30–13:10 (US/Pacific), Salon C

Kubernetes' (K8s) poses unique challenges during incident investigation, API debugging, threat hunting, and detection. In this talk attendees will see an immersive exploration of incident response inside Kubernetes focusing on three common indicators of compromise: increased API throughput, suspicious payloads on ingress, and known bad IPs communicating with pods. We’ll cover API logging, network monitoring, and best practices for preparing your pods for security incidents.

Network overlays and service meshes, like Istio, also introduce additional layers of complexity which makes it difficult to keep an accurate record of traffic inside of a K8s cluster. Just having VPC flow logs or traditional network monitoring is often not enough. We’ll take a look at the pros and cons of implementing overlays and how they can lead to observability blind spots that could leave you in the dark in the event of an incident.

Whether you're a seasoned K8s user or just starting out, don’t miss this opportunity to look at K8s configuration and operation from the perspective of a seasoned incident responder.

Nathan Case is a successful executive and builder, pushing for change in security and the culture surrounding it. Leading strategic initiatives and the creation of new technologies in the healthcare, information technology and cloud industries, focusing on security. A passion for Incident Response, and operational security in all forms. Pushing the bounds of threat detection and response.

A repeat entrepreneur and an open-source enthusiast with a relentless passion for building dev-tools. Ex Founder and CEO of BlazeMeter, the performance and load testing company that was acquired by CA technologies in 2017, and now the co-creator of Kubeshark, the API traffic Analyzer for Kubernetes.