Swimming with the Sharks. IR Kubed. - Nathan Case, Alon Girmonsky

Abstract: Kubernetes’ (K8s) poses unique challenges during incident investigation, API debugging, threat hunting, and detection. In this talk attendees will see an immersive exploration of incident response inside Kubernetes focusing on three common indicators of compromise: increased API throughput, suspicious payloads on ingress, and known bad IPs communicating with pods. We’ll cover API logging, network monitoring, and best practices for preparing your pods for security incidents.

Network overlays and service meshes, like Istio, also introduce additional layers of complexity which …

api bad case challenges compromise debugging detection hunting immersive incident incident response indicators of compromise investigation ips k8s kubernetes response threat threat hunting