Auditing and Security Monitoring

No system is 100% secure, and we should always plan for the eventuality that our systems will be breached. When breaches happen, it’s vital we can do at least two things:

1. Recognize that a breach has occurred.

2. Build a detailed timeline of events that cannot be repudiated.

Auditing is critical to both of these, and the ability to build a reliable timeline helps answer the following post-event questions:

• What happened?

• How did it happen?

• When did it happen?

• Who did it?

This information can be used in court in extreme circumstances. Good auditing and monitoring solutions also help identify vulnerabilities in our security systems. With these points in mind, we should ensure robust auditing and monitoring are high on our list of priorities, and we shouldn’t go live in production without them.

Baseline best practices

Various tools and checks can help us ensure we provision our Kubernetes environment according to best practices and company policies. The Center for Information Security (CIS) publishes an industry-standard benchmark for Kubernetes security, and Aqua Security has written an easy-to-use tool called kube-bench to run the CIS tests against our cluster and generate reports. Unfortunately, kube-bench ...