fwd:cloudsec Europe 2025

Ever wondered how many organisations (securely) use NetworkPolicy in Kubernetes to protect and monitor their Tier 0 assets? Are these policies applied holistically? Do they use Calico, Cilium or any other add-on?
What is the potential impact if an attacker lands in a compromised Pod? This talk presents some insights to the above questions highlighting the weaknesses organizations tend to have related to data exfiltration, lateral movement in cloud-native/K8s environments. Misconfigurations discussed in the talk are taken from real-world K8s security assessments conducted as part of several assumed breach scenarios against large-scale production clusters used by enterprises and banks.

Securing Cloud K8s environments is not straightforward since they tend to have complex architectures and using various custom networking components such as a Hub, Route Tables, NSGs among many others. Additionally, one needs to monitor for various protocols (HTTP, DNS, SMB). There is almost always a tradeoff between usability and security in such environments. Is this due to technical debt or due to the complex nature of cloud environments? This talk also explores a pragmatic approach to applying network-related policies in the Cloud.

You will leave with some insights on an attacker's perspective on weak networking controls, practical steps to harden your cloud infrastructure, along with a set of tools. This session includes a release of an open-source tool and vulnerable labs designed to help you understand and replicate these misconfigurations. This talk is tailored for cloud security engineers, platform teams, and anyone responsible for securing containerized workloads across public or hybrid environments.