Today’s systems can be considered as very advanced as well as complex, with multiple dependencies and interrelationships. It requires a lot of time to develop a fix and test it in operation. Implementation of a virtual patch does not modify the operation of the underlying application or the systems that interact with it. It is possible to run the patch in monitor mode to evaluate any potential impacts before turning on the blocking functions.
The term patch is misleading because the vulnerable system is not being patched. A quick repair job for a piece of software code is called a patch. It is developed and distributed as a replacement or insertion of rule(s) to restrict the inputs and outputs to the vulnerable application in an intermediary layer.
“Virtual Patching” is a term that was initially used by Intrusion Prevention System vendors many years ago. It is also known as External Patching or Just-in-time Patching. This term is not only web-application specific but mainly used by WAF providers over the past years.
With the running application, we want to access one service. Let’s create a ClusterIP type of service. We can:
Key Terms
Key Terms:
| Security should extend beyond images and workloads and defend the complete environment, as well as the cluster infrastructure. You want to secure your clusters, nodes and also the container engine. |
|
Kubernetes Security: Runtime Phase
|
Kubernetes Container Security in Deployment PhaseKubernetes infrastructure ought to be designed firmly before workloads being deployed. From a security... |