In this presentation, we will introduce a method for securing Kubernetes clusters by utilizing behavior analysis during continuous integration testing and generating native policies based on behavior. This approach replaces the arduous task of defining policies manually, which is time-consuming and prone to errors. We will also emphasize the significance of native policies, which enable the enforcement of security policies directly within Kubernetes, eliminating the need for third-party tools. We will provide practical guidance on how to implement this approach, including incorporating behavioral analysis into CI testing and utilizing native policies to enforce security policies. By the end of this presentation, attendees will gain a better understanding of how to take advantage of innovative security techniques in Kubernetes clusters. They will learn how to utilize behavior analysis and native policies to safeguard their environments against the latest threats.
In this talk we will apply behavioral analysis during CI/CD to infer essential insights by leveraging eBPF to generate dynamic, behavior-centric policies for runtime. eBPF's power resides in its ability to provide real-time, kernel-level observability. We will provide practical strategies to incorporate this method, specifically on how to integrate behavioral analysis into your CI/CD process and how to utilize eBPF for creating and applying dynamic policies that enhance the runtime of Kubernetes clusters. You will learn how to maintain consistent, real-time o11y within K8s leveraging eBPF, thereby enabling the implementation of refined security policies directly into the runtime without dependence on external tools. By the end of this session, you will have a comprehensive understanding of how to leverage observability in CI/CD pipelines to optimize runtime policies in Kubernetes clusters, utilizing behavioral analysis & eBPF to fortify systems against contemporary threats.
Ben is a veteran cybersecurity and DevOps professional, as well as computer science lecturer. Today, he is the co-founder at ARMO, with a vision of making end-to-end Kubernetes security simple for everyone, and a core maintainer of the open source Kubescape project. He teaches advanced information security academically in both undergrad and graduate courses. In his previous capacities, he has been a security researcher and architect, pen-tester and lead developer at Cisco, NDS and Siemens.