Evaluating runtime threat detection strategies in Kubernetes
11-11, 14:35–15:05 (MST), Flex Space

This presentation explores the effectiveness of different runtime threat detection tools in Kubernetes by analyzing real-world attack scenarios. We will discuss real-life incidents in Kubernetes environments that have been reported, covering both external container takeovers, supply-chain attacks, and incidentally open services.

We will take three different runtime threat detection solutions, two open-source and one commercial, and analyze their efficiency via the real-life incidents that aforementioned real-life incidents.

We will cover approaches like rule-based detection, anomaly detection, and XDRs. Attendees will gain insights into their strengths and weaknesses, and how they respond to typical Kubernetes security threats.

Ben is a veteran cybersecurity and software professional. He teaches advanced information security in both undergrad and grad classes. He is a co-founder and CTO at CyberArmor. In his previous capacities, he has been a security researcher and architect, pen-tester, and lead developer at Cisco, NDS, and Siemens.