<img src="https://ws.zoominfo.com/pixel/JHVDdRXH2uangmUMQBZd" width="1" height="1" style="display: none;">
Magalix Logo
Login
Request a Demo
github icon github icon azuremarketplace icon azuremarketplace icon
Magalix Press Release MITRE ATTACK

NEW! MITRE ATT&CK Matrix Policies for Kubernetes

backback
Magalix Press Release MITRE ATTACK
Read Time 3 mins read
Magalix
Magalix
08. 19. 2021
Find me on:
LinkedIn
NEW! MITRE ATT&CK Matrix Policies for Kubernetes

Overview

In the digital-first world and cloud-computing environments, Kubernetes adoption is on the rise. According to recent findings by Kubernetes Adoption Survey, 68% of IT professionals increased their use of Kubernetes as a result of the pandemic. The primary drivers of the increased K8s adoption are faster deployments of new applications, increased automation, and cost reductions among many others.

While the use of K8s has many benefits, and despite advances in many areas, the K8s stack has many challenges.  The complexity with each layer of the stack - cloud, clusters, containers, and code - have raised the stakes, security-wise.

At Magalix, we are committed to addressing security risks in cloud-native environments and as such we present you with the MITRE ATT&CK Matrix for Enterprise policy pack.

What is MITRE ATT&CK Matrix?

It’s a framework and comprehensive knowledge base of adversary tactics and techniques that are involved in cyberattacks. The knowledge base can be used by the private sector, government, and in the cybersecurity product and service community as a foundation for the development of specific threat models and methodologies.

The matrices of MITRE ATT&CK include tactics and techniques. The tactics are the various stages that are involved in cyberattacks while the techniques are the known methods in each one of the tactics.

The matrix shown in Figure 1 displays the attack tactics (shown across the top) and the individual techniques (listed down each column). At least one technique per tactic would be involved in an attack sequence with a completed attack be built moving from left (Initial Access) to right (Impact).

MITRE ATT&CK Matrix Policies for Kubernetes

Figure: Threat Matrix for Kubernetes

How Organizations Can Benefit from MITRE ATT&CK?

The MITRE ATT&CK can benefit organizations in various ways. The framework can be used to create adversary emulation scenarios to test and verify in-place cybersecurity controls against common adversary techniques. Organizations can also construct and test behavioural analytics, to assess their infrastructure and tools, and create mitigation strategies for existing defenses.

By using these matrices, organizations can better understand their environment's attack surface and make sure they have adequate detection, mitigation, and remediation in place to avoid these risks.

Magalix Introduces MITRE ATT&CK Policies

The MITRE ATT&CK Framework is a great guideline to use when establishing a security baseline. Magalix has mapped each ATT&CK technique to a Policy so you can validate your security posture against a predefined set of policies out of the box. By organizing our Policies by various standards such as the MITRE ATT&CK Framework, immediately know how your clusters stand against industry regarded best practices without any additional configuration. 

With Magalix MITRE ATT&CK Policies, enterprises can:

  • Instantly enforce policy guardrails with MITRE ATT&CK framework.
  • Confidently de-risk deployments and ship code faster with the enforced security checks.
  • Continuously monitor all CI/CD pipelines to ensure no violations take place.
  • Get immediately notified of any violations that puts the infrastructure at risk.

MITRE ATT&CK Reporting

One of the challenges with implementing a security framework is ensuring that each control is covered with an appropriate, and scalable policy. A goal at Magalix is to simplify the understanding of your current security posture. Our Reports feature achieves this by providing a predefined report ready to help you understand a cluster’s state regarding the MITRE ATT&CK Framework.

MITRE ATT&CK Matrix Policies for Kubernetes

Our Report allows you to view each control and the state of each one. By drilling down, discover how many policies cover a control, and how many entities are violating that control. Each Policy can then be expanded for further insights into the Policy’s state and any violating entities.

Conclusion

Magalix Policy Enforcement Platform has 100s out-of-the-box policies and templates - PCI DSS, Application-Based Policies, and MITRE ATT&CK - enabling companies to hit the ground running. Start a 30-day commitment-free trial and explore them all!

Explore Magalix Policy Library with a 30-day free trial

Comments and Responses

Latest Articles

Policy as Code GitOps
09. 24. 2021
Gitops Tools: FluxCD vs ArgoCD

An in-depth comparison between two GitOps continuous delivery tools: FluxCD vs ArgoCD.

Read More
Read Time 6 mins read
Cloud Security Posture Management
09. 20. 2021
What Is Cloud Security Posture Management (CSPM)?

What is Cloud Security Posture Management? Why is it Important?

Read More
Read Time 5 mins read
09. 17. 2021
Prevent Kubernetes NetworkPolicy Misconfigurations with Policy as Code

Prevent Kubernetes NetworkPolicy misconfigurations by enforcing policy as code

Read More
Read Time 5 mins read

Start Your 30-day Free Trial Today!

Implement the proper governance and operational excellence in your Kubernetes clusters.

Request a Demo

“We are on a mission to add intelligence to applications and infrastructure so you can focus on what truly requires human intelligence.”

g
m
Product
Company
Resources
Questions?

Subscribe to the SaC Newsletter

Stay up to date with Security as Code (SaC) Bi-weekly Magalix newsletter.
© 2021 Magalix Corporation. All Rights Reserved.