Integrating Advanced Security Features into Canarytokens for Enhanced Security in Kubernetes
Wagh, Tushar (2024-07-31)
Integrating Advanced Security Features into Canarytokens for Enhanced Security in Kubernetes
(31.07.2024)
Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.
avoin
Julkaisun pysyvä osoite on:
https://urn.fi/URN:NBN:fi-fe2024100776294
https://urn.fi/URN:NBN:fi-fe2024100776294
Tiivistelmä
Kubernetes has become the standard for orchestration and management of container-based applications, in an environment that is rapidly evolving due to cloud computing and containerization. Nevertheless, the complexity and distributed nature of Kubernetes introduces new security issues including identification of unauthorized access attempts and compromised credentials. This study examines the use of Canarytokens in Kubernetes environments as a seamless trickster-like defense measure designed to impersonate sensitive data.
This primarily aims at bringing out new advanced add-on security features that will enhance Canarytokens capabilities by addressing their current challenges such as non-integration with SIEM systems, manual response/remediation procedures, limited alert forwarding options, offline working etc.
It is a comprehensive study of the Canarytokens open-source project that was followed by designing, developing and implementing innovative solutions. These included integration of Canarytokens with SIEM systems to enhance visibility and correlation; automated response and remediation mechanisms triggered by Canary Token alerts; alternative methods for receiving alerts; and enabling offline working capabilities. To demonstrate their effectiveness, the proposed solutions are empirically tested and evaluated in a live Kubernetes environment.
The research findings contribute towards improving the security position of Kubernetes deployments by providing organizations with an advanced approach to securing their containerized environments through employment of these sophisticated features offered by the Canarytokens system. The developed modular add-ons offer practical and innovative solutions thereby allowing organizations to effectively use the Canarytokens according to their technology needs.
This primarily aims at bringing out new advanced add-on security features that will enhance Canarytokens capabilities by addressing their current challenges such as non-integration with SIEM systems, manual response/remediation procedures, limited alert forwarding options, offline working etc.
It is a comprehensive study of the Canarytokens open-source project that was followed by designing, developing and implementing innovative solutions. These included integration of Canarytokens with SIEM systems to enhance visibility and correlation; automated response and remediation mechanisms triggered by Canary Token alerts; alternative methods for receiving alerts; and enabling offline working capabilities. To demonstrate their effectiveness, the proposed solutions are empirically tested and evaluated in a live Kubernetes environment.
The research findings contribute towards improving the security position of Kubernetes deployments by providing organizations with an advanced approach to securing their containerized environments through employment of these sophisticated features offered by the Canarytokens system. The developed modular add-ons offer practical and innovative solutions thereby allowing organizations to effectively use the Canarytokens according to their technology needs.