CVE-2020-8554 is a vulnerability that allows Kubernetes Services to intercept cluster traffic to any IP address. Users who can manage services can exploit the vulnerability to carry out man-in-the-middle (MITM) attacks against pods and nodes in the cluster. All Kubernetes versions including the latest release (v1.20) are vulnerable to this attack. If your cluster is multi-tenant, or allows unprivileged users to create and update services, you are impacted.
Since this is a major design flaw with no fix in sight, detecting exploitation attempts of this vulnerability is critical to preventing or stopping an attack. In this webinar, we will demonstrate several ways that Calico Enterprise’s runtime defense approach can help mitigate this unpatched vulnerability. You will learn:
- How you can lock down your cluster and prevent the MITM attack by applying Calico Enterprise’s runtime defense approach to policy.
- How you can use Calico Enterprise IDS capabilities to continuously monitor, detect, and alert on suspicious behaviors, such as (a) when a Kubernetes service is created or patched by an attacker, and (b) when an endpoint is created or patched in the cluster.
- How to deploy a zero-trust security model in the cloud using Calico Enterprise to ensure workload isolation and protection from CVE-2020-8554.
A Calico Enterprise trial is available after this session and you will be able to practice these use cases on your own within a hosted lab.