Try UnderDefense MAXI now Book a Demo Get pricing
Book a Demo Try Now Free

Protecting Kubernetes on AWS from Exploits

UnderDefense MAXI MDR Demo: Protecting Kubernetes on AWS from Exploits

The award-winning MDR team uses the UnderDefend MAXI platform as to detect, investigate, and respond quickly and effectively to an attack on the cloud in real time.

Watch Attack
Security in the Cloud is hard. Why?
Flexibility creates vulnerability
Multi-tasking or too-much.
Wearing too many hats can lead to failure in critical roles.
Security and DevOps are unique functions.
DevOps != SecOps. Automation of security configurations is absolutely crucial to avoiding gaps.
Detection is not enough.
Readiness to respond and knowing what to do when it happens matters.
Preparedness means real-world scenario simulation.
Planning, modeling, and becoming multi-cloud if needed.
Size matters.
The larger your environment - the higher the risk and the wider the gaps between parts of your organization.
You can’t be up 24x7.
The need for constant vigilance often exceeds the capabilities of in-house teams.
Attack scenario on AWS Cloud
An attacker exploits a vulnerable PHP application hosted on EKS (Elastic Kubernetes Service) to inject a web-shell script into the Web Directory and gain initial access to the AWS Environment. 
UnderDefense's MDR team detects compromises in file integrity and exfiltration of instance credentials through UnderDefense MAXI Integrations. generic alerts coming from various integrations (Security Hub, Elastic Cloud).
Enrichment starts with running the pre-defined automation Playbook.
Security Incidents created in the UnderDefense MAXI for further enrichment, tracking, and processing by a security analyst.
The team closely monitors the attacker's attempts to maintain persistence within the AWS Environment. The SOC analyst investigates the enriched data of the alert and defines the verdict.
Speakers show the other side of the AWS Cloud attack experience: how fast a client is informed about the attack and receives the necessary guidelines on remediation to minimize the impact on business. 
The SOC analyst closes the incident after the threat is contained and eradicated.
What can we learn from this AWS case?
  • 24x7 security monitoring is critical to spot a breach in time and contain it promptly with MDR.
  • AWS breaches are possible. It is harder to execute than on endpoints, but all infrastructure is vulnerable.
  • AWS credentials are valuable. Additional monitoring of identities and escalation of privileges is needed.
  • AWS is not responsible for your security.
  • Most companies experience detection and recovery challenges with cloud security.
How to protect identities in AWS
  • Temporary credentials may seem harmless, but they can be used to create persistent credentials, causing a potential threat.
  • Regularly monitor and audit your AWS environment to detect any suspicious activity that could indicate a privilege escalation.
  • Keep a close eye on the following key identities:
    1. Temporary credentials
    2. IAM users
    3. Roles
    4. Roles Anywhere
    5. Identity providers
  • AWS credentials are powerful and can be costly. Hackers can create resources for malicious activity and extract valuable data.

Get instant visibility and control over your multi-cloud environment

Effective DevSecOps work requires a combination of centralized management, automation, and prioritization to separate noise from true positives. Our platfrom is designed to move fast.

Start Now Free Request a Demo
Cloud security experts

Mary Roak

CISSP, Product Marketing Director

Experienced leader and strategist in the cybersecurity industry with over 15 years of international technology marketing experience.

Andriy Hural
MDR & IR Director
Cybersecurity Veteran, Incident Response Expert, and MDR/IR Director at UnderDefense.
Vasyl Herman
DevSecOps Engineer
Guiding a high-performing DevSecOps team to secure your organization’s cloud infrastructure.
How to fortify your Kubernetes
Adopt a Defense-in-Depth approach: Implement multiple layers of security to protect your infrastructure. This includes network security, container runtime security, IAM controls, vulnerability scanning, and monitoring.
Prioritize least privilege: Grant minimal necessary permissions to users, processes, and services within your Kubernetes clusters to prevent lateral movement in case of a breach.
Implement network segmentation: Isolate workloads and limit communication between services to reduce the attack surface and contain potential threats.
Enable logging and monitoring: Collect and analyze logs to detect suspicious activity, identify potential threats, and respond quickly to security incidents.
Leverage managed services: Consider leveraging Managed Detection and Response (MDR) services to offload operational burdens and enhance security management.
Continuously monitor and improve: Implement robust monitoring and logging to detect anomalies and security events. Review your security posture regularly and make adjustments as needed.
Automate routine tasks and keep your business protected 24/7 with UnderDefense MAXI platform
Start Now Free