Photo credit: venturebeat.com
Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More
In the past year, a staggering 89% of organizations encountered at least one security incident related to containers or Kubernetes, underscoring the urgent need for enhanced security protocols among DevOps and security teams.
Although some DevOps professionals regard Kubernetes as insecure, it still dominates the container landscape with 92% market share. According to Gartner, it is anticipated that by 2029, 95% of enterprises will deploy containerized applications in production environments, a significant rise from under 50% just a year prior.
With misconfigurations accounting for 40% of security incidents and 26% of organizations facing failed audits, the deeper vulnerabilities within Kubernetes security have yet to be adequately resolved. A significant challenge lies in navigating the overwhelming volume of alerts generated and discerning which represent genuine threats.
Kubernetes Attacks are Rising
The increasing number of misconfigurations and unresolved vulnerabilities makes Kubernetes environments appealing to attackers. Red Hat’s latest Kubernetes Security Report indicates that 45% of DevOps teams have faced security incidents during the runtime phase, where live vulnerabilities can be targeted effectively.
The Cloud Native Computing Foundation‘s Kubernetes report revealed that 28% of organizations operate with more than 90% of their workloads in insecure Kubernetes configurations. Alarmingly, over 71% of these workloads are managed with root access, significantly heightening vulnerability to system intrusions.
Conventional defense strategies are struggling to keep pace with the speed at which attackers operate. Once a misconfiguration or vulnerability is identified, attackers can infiltrate a container in mere minutes, while traditional security tools often take days to detect and resolve these critical issues.
With attackers continually enhancing their tactics and tools, organizations must acquire real-time data to combat Kubernetes-related threats effectively.
The Limitations of Alert-Based Systems
Nearly all organizations that incorporate Kubernetes into their DevOps processes utilize alert-based systems as their first defense against container threats. Companies such as Aqua Security, Twistlock (now under Palo Alto Networks), Sysdig, and StackRox (a part of Red Hat) provide a variety of security solutions aimed at threat detection and vulnerability scanning in Kubernetes environments.
These systems produce an overwhelming amount of alerts that often demand manual review, leading to inefficiencies for security operation center (SOC) teams. More than 50% of security professionals express feeling overwhelmed by the sheer volume of notifications, contributing to alert fatigue among security personnel.
As Laurent Gil, co-founder and chief product officer at CAST AI, pointed out, “Using traditional methods means dedicating time to respond to countless alerts, many of which are false positives. This method isn’t sustainable. Automation is critical—real-time detection paired with immediate remediation can make all the difference.”
Securing Kubernetes with Real-Time Threat Detection
Attackers aggressively target Kubernetes containers, which are particularly vulnerable during runtime. This phase allows exploitation of misconfigurations, privilege escalations, and unpatched vulnerabilities, making it enticing for activities such as unauthorized crypto-mining. One customer reported 42 attempts to initiate crypto-mining within their Kubernetes landscape, all of which were effectively blocked by their detection system, as noted by Gil.
Moreover, larger-scale breaches, including identity theft and data leaks, frequently initiate through unauthorized access attained during runtime, where sensitive data may be most vulnerable.
Based on the threats and breaches observed across their clientele, CAST AI recently launched its Kubernetes Security Posture Management (KSPM) solution. This innovative approach enables DevOps teams to identify and rectify security threats in real time. While competitors may offer solid visibility and detection capabilities, CAST AI’s approach prioritizes real-time remediation that addresses issues before they escalate.
Organizations like Hugging Face have faced considerable hurdles in maintaining security during runtime across their extensive Kubernetes environments. As stated by Adrien Carreira, head of infrastructure at Hugging Face, the KSPM product from CAST AI “detects and blocks 20 times more runtime threats than any other security tool we’ve used.”
Addressing the issue of compromised Kubernetes containers necessitates comprehensive scans of clusters for misconfigurations, image vulnerabilities, and runtime anomalies. In its KSPM design, CAST AI emphasizes automated remediation that functions independently of human action. Ivan Gusev, principal cloud architect at OpenX, expressed that “the product was incredibly intuitive, delivering security insights in a more actionable format than those from our previous provider. Continuous monitoring for runtime threats is now essential to our operations.”
The Critical Nature of Real-Time Threat Detection
The online nature of any KSPM solution is pivotal in combating Kubernetes threats, particularly during runtime. Jérémy Fridman, who heads information security at PlayPlay, highlighted, “Since we began utilizing CAST AI for Kubernetes management, our security framework has significantly improved. Their automation capabilities—focused on cost effectiveness and security—reflect the core principles of DevOps, making our operations more streamlined and secure.”
Another significant benefit of integrating real-time detection within a KSPM solution is the capacity to patch vulnerabilities instantly. “Automation ensures that your systems are consistently operating on the most recent, secure versions. We don’t merely alert you about threats; we remediate them proactively, often before your security team is even informed,” noted Gil.
Enhancing Kubernetes Security in 2025 is Imperative
The reality is that Kubernetes containers are increasingly targeted, particularly during runtime, posing significant threats to enterprises.
As the demand for cryptocurrency rises amidst global economic turmoil, the frequency of runtime incidents is swiftly escalating. Organizations employing Kubernetes containers must remain vigilant against illicit crypto mining. For instance, unauthorized crypto mining on platforms like AWS can lead to hefty penalties, as attackers leverage vulnerabilities to conduct extensive mining operations on EC2 instances, using considerable computing resources. This emphasizes the urgent need for real-time monitoring and robust security measures to avert such damaging incidents.
Source
venturebeat.com