

Kubernetes naturally introduces new variables into the digital landscape, creating potential vulnerabilities and highlighting the need for security.
So what are the nuances of building a Kubernetes-based environment that is actually secure? Deepfence Inc. has been creating a unique solution.
“Kubernetes grows, it scales, it’s elastic, and the perimeter around a Kubernetes application is very, very porous — there are lots of entry points,” said Owen Garrett (pictured), head of products and community at Deepfence. “All of the security problems in Kubernetes with cloud-native applications, they’re amplified by scale — the size of the application, the number of nodes and the complexity of the application.”
Garrett spoke with theCUBE industry analyst Paul Gillin and guest analyst Keith Townsend in a conversation at last year’s KubeCon + CloudNativeCon Europe event, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed security issues around containers and Kubernetes and how Deepface has tackled this issue. (* Disclosure below.)
Security for Kubernetes applications is different than securing traditional monolithic legacy enterprise applications, according to Garrett.
“Securing a monolith is akin to securing a castle. You build a wall around it, you put guards on the gate, you control who comes in and out, and the job is more or less done,” he described. “Securing a cloud-native application — it’s like securing a city. People are roaming through the city without checks and balances. There are lots of services in the city that you’ve got to check and monitor.”
Many enterprises are having a hard time making this transition from thinking about applications as single components to microservices with multiple components, according to Garrett. This is why Deepfence has created innovative services like ThreatMapper, which provides security insights through sensors.
“We install … little lightweight sensors on each host that’s running your application,” Garrett explained. “Those sensors install little taps into the network using eBPF, and they monitor the workloads. It’s a little bit like having CCTV cameras throughout your city tracking what’s happening.”
Deepfence also looks at the entire network and gathers network signals, according to Garrett.
“We can see someone using a reconnaissance tool, roaming through your application, sending probe traffic to try and find weak points,” he stated. “We put those together, and we build a picture of the threats against each of the workloads in your cloud-native application.”
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the KubeCon + CloudNativeCon Europe event:
(* Disclosure: TheCUBE is a paid media partner for the KubeCon + CloudNativeCon Europe event. Red Hat Inc., the main sponsor for theCUBE’s event coverage, the Cloud Native Computing Foundation, or other sponsors do not have editorial control over content on theCUBE or SiliconANGLE.)
Support our open free content by sharing and engaging with our content and community.
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.