Vulnerabilities Management

Runtime-based Vulnerability Management


Vulnerability management in Kubernetes environments is essential for ensuring the security and integrity of containerized applications and the underlying infrastructure. This document provides guidance on implementing effective vulnerability management practices specific to Kubernetes deployments.

Key Concepts

  1. Container Vulnerabilities: Weaknesses or flaws in container images that could be exploited to compromise the security of Kubernetes clusters.
  2. Kubernetes Security Posture: The overall security stance of a Kubernetes environment, including the configuration of Kubernetes resources, network policies, and access controls.
  3. Vulnerability Scanning: The process of identifying and assessing vulnerabilities in container images and Kubernetes configurations.
  4. Patch Management: The process of applying security patches and updates to container images and Kubernetes components to remediate vulnerabilities.

Use Cases

  • What are the workloads at most risk?
  • What is my most vulnerable workload, namespace, or cluster?
  • Is the trend of my CVE detections going down?
  • What are the most vulnerable packages in my workload?
  • Which CVEs are exploitable?

Runtime-Based Vulnerabilities Prioritization

ARMO's Runtime-based vulnerability prioritization addresses the top requirements for effective vulnerability management:

  • Offers clear and precise insights into vulnerability risks on a large scale.
  • Detailed information provides exact details about vulnerability risks, such as their CVSS score, In Use package, Exploitability, and more, sourced from various expert feeds like EPSS, CISA-KEV, NVD, etc.
  • Access to public exploits lets you confirm security measures and patch vulnerabilities effectively.
  • Focuses on prioritized risk data related to the vulnerabilities associated with the software packages used during runtime.
  • Allows you to accept risks in cases where vulnerability matching doesn't fit your specific setup or if you want to delay fixing the issue.

Vulnerability Management Process

  1. Container Image Scanning: The ARMO platform scans container images and identifies vulnerabilities in Docker images and other container images used in Kubernetes deployments.
  2. Vulnerability Prioritization: The ARMO platform prioritizes vulnerabilities based on risk factors, severity ratings, runtime analysis, exploitability, and potential impact on Kubernetes clusters and applications.
  3. Remediation: Get the recommended fixes from the ARMO Platform and apply patches to remediate vulnerabilities in container images and Kubernetes configurations.
  4. Continuous Monitoring: The ARMO Platform continuously monitors your Kubernetes environments for new vulnerabilities and emerging threats to ensure ongoing protection.