Top 10 Kubernetes Security Tools
It is also important to note that Kubernetes is inherently neither secure nor insecure. It is simply a platform, and that platform, just like Windows or Linux or a MySql database, is only as secure as you make it. There are, of course, flaws in every system, including Kubernetes and Docker, but in most cases, critical security issues are caused directly or indirectly by the users and their applications.
Kube-bench is available on Github. It is extra-useful because apart from highlighting non-compliant areas of your Kubernetes environment, it also gives you solutions and suggestions on how to fix them. In a nutshell, Kube-bench checks to ensure that user authorization and authentication are in accordance with the CIS guidelines, that the Kubernetes deployment follows the principle of least privilege, and that data is encrypted both at rest and also in transit.
Interestingly, by creating a firewall at the workload level, Calico can even manage and route pod-specific network traffic on individual network routers and switches.
The NeuVector solution is itself delivered as a container that deploys easily on each host. It then creates a container firewall, host monitoring and security, security auditing with CIS benchmarks, and a vulnerability scanner.
It is important to validate your network policies, not simply assume that they have been defined and therefore implemented. Sometimes network policies are declared but not enforced, especially when some individual nodes in your cluster have not yet synchronized their network policies to the overall cluster- defined policies in time.