Securing AWS EKS Environments – Cisco Blogs


So, your organization’s simplifying Kubernetes management with AWS’s Elastic Kubernetes Service (EKS). Now, how are you going to secure that cluster?

Whether your role is on the application team, or in DevOps or SecOps, you might be thinking: We chose EKS because agility is important to us. Similarly, we need manageable and efficient security, so we can stay focused on what only our team can do.

Whether your organization is embracing a zero trust security approach, or you’re developing a threat model to prioritize your security actions and investments, several items are likely top-of-mind, including:

  • Micro-segmentation and simplified east-west traffic control
  • Software inventory and vulnerability detection
  • Real-time analytics to detect security concerns
  • Logical testing of planned security policy changes to rapidly model how such changes will impact your production environment

Cisco Secure Workload (formerly Tetration) supports the use cases above, and more, in AWS EKS environments. Since Secure Workload’s inception, its agent has always been lightweight, consuming less that 1% of CPU resources. Now, for container security, we’ve enhanced the agent to be easily deployed as a DaemonSet, rather than a host OS agent.

Here’s why we think you’ll like DaemonSets:

  • It accelerates on-boarding Secure Workload in a K8s environment – run one script and it’s deployed to all nodes, simultaneously. Secure Workload scales up and down with the worker nodes, automatically.
  • For developers and engineers familiar with Kubernetes, it is the native experience you’d expect.
  • If you need to off-board, run the same script and it simultaneously, completely, and cleanly removes the Secure Workload agent from all nodes.

Additionally, Secure Workload provides a SaaS subscription option, simplifying proof-of-value demos and accelerating time-to-value in your production environment. Just as EKS is managed by AWS, the Secure Workload infrastructure is fully managed by Cisco, available globally, and supporting European data residency requirements. As customers “get their feet wet” with Secure Workload’s capabilities, they often begin by addressing one or two use cases, taking advantage of Secure Workload’s flexible, usage-based, pricing model.

Additional resources:

Share:



Source link