As more container deployments move into production there will be an increasing level of attacks on application containers and the orchestration tools to manage them. The success of Kubernetes has been a major enabler for the “service mesh” concept to become a reality, as a “sidecar” container is the ideal form-factor for service mesh functions to be placed together with the service itself. The important thing to remember is that, although a service mesh has security features, it is NOT a security solution. It is not designed to provide the type of network, endpoint and host security required for defense in depth.
In this Kubernetes Master Class, learn how to secure both the application workloads as well as the system infrastructure in a service mesh deployment. The NeuVector team will demo and discuss:
vectors and the attack surface for application containers and the infrastructure such as Kubernetes and Istio
to build security into the pipeline from build to ship to run
to visualize network connections and detect potential attacks on container networks