Handling intrusion detection, runtime security, and compliance on Kubernetes
Once you have set your Pod security policies and network policies – and generally ensured that your configuration is as watertight as possible – there are still many attack vectors that are possible in Kubernetes. In this section, we will focus on attacks from within a Kubernetes cluster. Even with highly specific Pod security policies in place (which definitely do help, to be clear), it is possible for containers and applications running in your cluster to perform unexpected or malicious operations.
In order to solve this problem, many professionals look to runtime security tools, which allow constant monitoring and alerting of application processes. For Kubernetes, a popular open source tool that can accomplish this is Falco.
Installing Falco
Falco bills itself as a behavioral activity monitor for processes on Kubernetes. It can monitor both your containerized applications running...