Kubescape (KSPM) Open Source

Kubernetes Security Posture Management shouldn’t be thought of as your CSPM but is typically a part of the scoring system depending on what type of security solutions you have in place.

Kubernetes Security Posture Management focus on your clusters deployed either in a on-prem scenario or cloud along with management of the nodes and containerized applications running.

So if you’re familiar with Microsoft 365 Secure Score which is a Security Posture Management tool you’ll likely fall into this learning at a more advanced level.

Enter kubescape by Armo we will run this on my local cluster to see what my results are in action.

Navigate to your account if you make one it should appear as this

curl -s https://raw.githubusercontent.com/armosec/kubescape/master/install.sh | /bin/bash 

You’re terminal will appear like this after installation

The second step is to start a scan with the account id on your account for security reasons this will be hidden.

This next command will set up our cluster to be scanned in real time and populate on this dashboard

After running the scan we can see the results in this format but lets see how this can be cleaned up in a UI

This is the summary in the CLI

Risk registered across NSA/MITRE/ArmoBest
Dashboard of KSPM in kubescape

As you can see this can expand to RBAC Visualizer (very vital on access controls) along with image scanning.

You’ll get further information by selecting the hyperlink this will lead to the finding and remediation similar to cloud security posture management tools.

The great thing about tools like these is the reference documentation if well maintained its very useful to pinpoint the security of your kubernetes cluster.

Additionally you can investigate to the framework that is more relevant to how you want to posture the powerful portion is the breakdown which is detailed and has references as well.

It would be also beneficial if you can just run to a single framework as shown in this screen

Set a schedule that works for your organization (this can be cost based depending on the solution but typically is included)

While one step some organizations offer this as a SaaS offering and some are full loaded Cloud Native Application Protection Platforms that cover the entire landscape of cloud native protections that are not normally addressed by other solutions.

It’s important to measure risk but also have awareness of where you’re standing at any given moment given the ability to procure resources in cloud is also the risk of misconfigurations/lack of policies/safe guards if not properly addressed by your cloud security team.

Reference

https://hub.armosec.io/