NEW! MITRE ATT&CK Matrix Policies for Kubernetes

Overview

In the digital-first world and cloud-computing environments, Kubernetes adoption is on the rise. According to recent findings by Kubernetes Adoption Survey, 68% of IT professionals increased their use of Kubernetes as a result of the pandemic. The primary drivers of the increased K8s adoption are faster deployments of new applications, increased automation, and cost reductions among many others.

While the use of K8s has many benefits, and despite advances in many areas, the K8s stack has many challenges.  The complexity with each layer of the stack - cloud, clusters, containers, and code - have raised the stakes, security-wise.

At Magalix, we are committed to addressing security risks in cloud-native environments and as such we present you with the MITRE ATT&CK Matrix for Enterprise policy pack.

What is MITRE ATT&CK Matrix?

It’s a framework and comprehensive knowledge base of adversary tactics and techniques that are involved in cyberattacks. The knowledge base can be used by the private sector, government, and in the cybersecurity product and service community as a foundation for the development of specific threat models and methodologies.

The matrices of MITRE ATT&CK include tactics and techniques. The tactics are the various stages that are involved in cyberattacks while the techniques are the known methods in each one of the tactics.

The matrix shown in Figure 1 displays the attack tactics (shown across the top) and the individual techniques (listed down each column). At least one technique per tactic would be involved in an attack sequence with a completed attack be built moving from left (Initial Access) to right (Impact).

Figure: Threat Matrix for Kubernetes

How Organizations Can Benefit from MITRE ATT&CK?

The MITRE ATT&CK can benefit organizations in various ways. The framework can be used to create adversary emulation scenarios to test and verify in-place cybersecurity controls against common adversary techniques. Organizations can also construct and test behavioural analytics, to assess their infrastructure and tools, and create mitigation strategies for existing defenses.

By using these matrices, organizations can better understand their environment's attack surface and make sure they have adequate detection, mitigation, and remediation in place to avoid these risks.

Magalix Introduces MITRE ATT&CK Policies

The MITRE ATT&CK Framework is a great guideline to use when establishing a security baseline. Magalix has mapped each ATT&CK technique to a Policy so you can validate your security posture against a predefined set of policies out of the box. By organizing our Policies by various standards such as the MITRE ATT&CK Framework, immediately know how your clusters stand against industry regarded best practices without any additional configuration. 

With Magalix MITRE ATT&CK Policies, enterprises can:

• Instantly enforce policy guardrails with MITRE ATT&CK framework.
• Confidently de-risk deployments and ship code faster with the enforced security checks.
• Continuously monitor all CI/CD pipelines to ensure no violations take place.
• Get immediately notified of any violations that puts the infrastructure at risk.

MITRE ATT&CK Reporting

One of the challenges with implementing a security framework is ensuring that each control is covered with an appropriate, and scalable policy. A goal at Magalix is to simplify the understanding of your current security posture. Our Reports feature achieves this by providing a predefined report ready to help you understand a cluster’s state regarding the MITRE ATT&CK Framework.

Our Report allows you to view each control and the state of each one. By drilling down, discover how many policies cover a control, and how many entities are violating that control. Each Policy can then be expanded for further insights into the Policy’s state and any violating entities.

Conclusion

Magalix Policy Enforcement Platform has 100s out-of-the-box policies and templates - PCI DSS, Application-Based Policies, and MITRE ATT&CK - enabling companies to hit the ground running. Start a 30-day commitment-free trial and explore them all!