Kubernetes with WICCA & null Amsterdam @Adyen

Details

This evening session is a joint meetup between WICCA and null hosted by Adyen, where members from both communities are happily invited to attend. Adyen is a global payment service provider based in Amsterdam. They will be providing food and drinks for all of us!!! ^^

null (https://www.meetup.com/null-The-Open-Security-Group/) is India's largest open security community with chapters all over the world, including Amsterdam.
null is an open, inclusive, responsible, and most importantly a completely volunteer driven community. Their aim is not only to spread information security awareness, but to learn from other members of the community.

There will be two presentations, one by Daniel Lindner, lead data scientist from Adyen, and one given by Valentine (WICCA) and Vincent (null). The topic of the evening is Kubernetes.

*** Agenda ***
18:00-19:00 --> Walk-in and food/drinks
19:00-19:45 --> Adyen talk
19:45-20:00 --> Break
20:00-20:45 --> Presentation by WICCA & null
20:45-21:30 --> Networking

All visitors will have to register downstairs and pick up a badge that they will have to wear visibly at all time.

*** Daniel Lindner from Adyen ***
The Adyen Big Data Evolution: From Excel to Kubernetes

*** WICCA & null Amsterdam ***
A Monitoring Platform for Kubernetes Cluster Security

Kubernetes is an open-source system for the deployment, scaling, and management of containerized applications. Common implementations of Kubernetes are not secure by default and a lot of information about the hardening of Kubernetes intrinsic security is not known to the public. Since version 1.7 though, the security level has increased and the common security risks have been mitigated. More information about Kubernetes attack and defense methodologies has become available. However, none of these published resources lay the focus on the logging mechanisms of Kubernetes and the possibility for detection of active threats.

The system created is a combination of existing tools for a centralized audit system for Kubernetes instances. This system, named K8sCop, serves as a data analysis tool for the monitoring of cluster activity and detection of potentially malicious events. The presentation contains several demonstrations, where attacks are conducted against a Kubernetes instance, which are made visible in the Kubernetes Security Dashboard (K8SD) in Kibana.

The presentation will describe how to set up the existing tools the following way:

- How to store audit logs in Kubernetes instances
- How to set up Elasticsearch with Kubernetes using the Fluent daemon
- How to run the K8sCop analyzer for static or streaming analysis on Kubernetes log data
- What types of Kubernetes incidents are labelled by K8sCop
- How to import and view the Kubernetes Security Dashboard in Kibana

All project material is opensource, such that organizations and individuals that require visibility over their Kubernetes infrastructure can use and adapt these tools to suit their own needs. The sources can be found at https://github.com/k8scop/k8s-security-dashboard