BlogTop security talks from KubeCon Europe 2024

Top security talks from KubeCon Europe 2024

KubeCon Europe is the largest open source community conference in Europe with hundreds of talks, many of them about security. All the sessions are available online; in this blog, we’ll discuss our favorites.

3 minutes read

KubeCon + CloudNativeCon Europe 2024 took place last week in Paris Expo de Versailles with over 12,000 attendees. All the conference’s videos have been promptly released on YouTube, some of them within a day of the talk delivery. Kudos to CNCF for such a prompt content turnaround. Overall, there are 246 (!) videos on the KubeCon 2024 playlist

Some of our favorite KubeCon 2024 sessions 

Brewing the Kubernetes Storm Center: Open Source Threat Intelligence for the Cloud Native Ecosystem
It is always interesting to see collaboration between academia and industry, especially in such a tricky area as threat intelligence. Constanze Roedig from TU Wien and James Callaghan from ControlPlane presented their work around collection and dissemination of threat intel in Kubernetes. While Wiz’ Cloud Threat Landscape is a static database, the proposed project takes it a step further and suggests a framework for TI collection (based on eBPF sensors), processing and distribution in STIX/TAXII formats. 

Securing 900 Kubernetes Clusters Without PSP
This is a practical walkthrough through the end-user experience of applying admission controller policies at scale. Tobias Giese and Tjark Rasche describe their policies deployment journey in Mercedes-Benz Tech Innovation, from Pod Security Admission to Validating Admission Policies, while clearly demonstrating the challenges with each method — inflexibility of PSA, policy complexity of OPA, and performance issues in Kyverno. There is something for every practitioner looking to harden their cluster setup. 

Building Container Images the Modern Way
As we go higher in abstraction levels with Kubernetes, we might forget that the foundation of container security is a container image. Adrian Mouat from Chainguard gives a fresh perspective on the process of building images. He introduces several ways to build distroless and lightweight images and offers a valuable recommendation for container build solutions when a docker build is not enough. 

eBPF’s Abilities and Limitations: The Truth
Even though the hype around eBPF has toned down, there are still a lot of misconceptions around eBPF capabilities. Liz Rice and John Fastabend from Isovalent give a realistic rundown of eBPF strengths and weaknesses – something that can help any developer before starting a new project. Or in our case, understand the limitations of applying eBPF as part of a security solution.   

I'll Let Myself In: Kubernetes Privilege Escalation Tactics
Iain Smart and Andrew Martin show a behind-the-stage look at the engagements they have experienced in Control Plane and discuss various privilege escalation techniques they use. I particularly enjoyed the second part of the presentation that talks about rarely mentioned post-compromise activities in the cluster — how attackers can hide their tracks, avoid detection, and achieve silent persistence. This part resonated with our own talk (mentioned below). 

...and two noteworthy talks from Wiz 

Wiz had a powerful representation at this conference with two talks of our own. If you're a beginner / intermediate in the world of Kubernetes, your first security concern should be blocking malicious initial access to your clusters. The session entitled Why Barricade the Door if the Window is Open? Making Sense of Kubernetes Initial Access Vectors will do just that — explain the various ways attackers can gain initial access, while also providing useful detection and protection recommendations for each of those vectors. Finally, if you run managed GKE, AKS, or EKS clusters and want to know what kind of security risks they carry, you are invited to watch our talk Living off the Land Techniques in Managed Kubernetes Clusters. It sheds light on methods attackers can use to abuse existing services in managed Kubernetes clusters and reveals some cool attack chains generating from middleware components with which you might not be familiar. 

We highly recommend attending KubeCon Europe! And if you’re interested in more beginner-level information on Kubernetes, see our CloudSec Academy section on Kubernetes Security Best Practices, or download our guide to Kubernetes Security for Dummies

Continue reading

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management