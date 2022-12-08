Advanced search
Log in
Log in
Or log in with
GoogleGoogle
Twitter Twitter
Facebook Facebook
Apple Apple     
Sign up
Email Registration
Or log in with
GoogleGoogle
Twitter Twitter
Facebook Facebook
Apple Apple     
  1. Homepage
  2. Equities
  3. United States
  4. Nasdaq
  5. Microsoft Corporation
  6. News
  7. Summary
    MSFT   US5949181045

MICROSOFT CORPORATION

(MSFT)
  Report
Real-time Estimate Cboe BZX  -  10:10 2022-12-08 am EST
246.83 USD   +1.01%
09:43aMicrosoft : What's new in 3rd version of Microsoft threat matrix for Kubernetes
PU
09:03aMarketScreener's World Press Review: December 8, 2022
MS
07:54aWalmart-backed PhonePe seeks to raise $1 billion - Bloomberg News
RE
SummaryQuotesChartsNewsRatingsCalendarCompanyFinancialsConsensusRevisionsFunds 
SummaryMost relevantAll NewsAnalyst Reco.Other languagesPress ReleasesOfficial PublicationsSector newsMarketScreener Strategies

Microsoft : What's new in 3rd version of Microsoft threat matrix for Kubernetes

12/08/2022 | 09:43am EST
share with twitter
share with LinkedIn
share with facebook

Today, we are glad to release the third version of the threat matrix for Kubernetes, an evolving knowledge base for security threats that target Kubernetes clusters. The matrix, first released by Microsoft in 2020, was the first attempt to systematically cover the attack landscape of Kubernetes. Since then, the project has received great attention and interest from the Kubernetes security community and was updated last year to keep up with the evolving threat landscape. The latest version of the matrix comes in a new format that simplifies usage of the knowledge base and with new content to help mitigate threats. The new matrix is available at: http://aka.ms/KubernetesThreatMatrix.

Mitigations methods

Understanding the attack surface of containerized environments is the first step of building security solutions for these environments. In addition to helping organizations measure and assess coverage of threats with matching detections, the updated threat matrix for Kubernetes can now also help organizations with a systematic approach to apply mitigation techniques that prevent attacks from being successfully launched.

In this third version of the threat matrix, we introduce a collection of mitigations specific to Kubernetes environments and associate each with relevant threat techniques. Those mitigations, as displayed below in Figure 1, provide practical tools to prevent the various attack techniques, using built-in Kubernetes and cloud tools.

When reviewing the different threat techniques in the matrix, a list of relevant mitigations is provided so that organizations can see if they are taking all the necessary steps to prevent a threat. Additionally, when looking at a specific mitigation, a list of relevant threat techniques is displayed and can help organizations prioritize their mitigation implementation plan according to their threat assessment and detection coverage in each area.

Mapping to MITRE ATT&CK techniques

Last year, MITRE added a container matrix to the MITRE ATT&CK framework. MITRE ATT&CK for containers matrix, inspired by Microsoft threat matrix for Kubernetes, is a result of a joint effort between MITRE, Microsoft, and additional companies in the industry. The differences between Microsoft's and MITRE's matrices are described in this blog. In the new version of the Microsoft threat matrix for Kubernetes, we include a mapping between the Microsoft matrix and MITRE ATT&CK techniques and mitigations, as displayed below in Figure 2. This can help organizations to efficiently use the two frameworks.

MITRE ATT&CK matrix for containers does not have an equivalent technique for each of the techniques in the Microsoft threat matrix for Kubernetes. When there is no equivalent technique in the MITRE matrix, the Microsoft techniques might be mapped to a MITRE technique that is not part of MITRE's containers matrix but shares the same principle. For example, the Backdoor Container (MS-TA9012) technique explains that attackers can use Kubernetes controllers (such as daemonsets) to run their code and survive reboots of the podsnodes. This is very similar to MITRE's Create or Modify System Process technique (T1543), which is about using servicesdaemons for the exact same purpose. Another example is the mapping between Malicious Admission Controller (MS-TA9015) and MITRE's Event Triggered Execution. Although MITRE doesn't talk about containerized environment, those two techniques share the same idea. In cases when there is no matching MITRE technique with the same principle, the Microsoft technique will not point back to a MITRE technique.

New techniques

The new version of the matrix also introduces two new techniques and additional re-categorization of existing techniques:

  1. New technique: Static pods

A persistence technique which allows attackers to deploy pods that aren't managed by the Kubernetes API server.

  1. New technique: Collecting data from pod

Kubernetes-native technique which allows attackers to extract data from running pods.

  1. Extending existing technique: Container service account

Attackers may create new service accounts or steal tokens of existing service accounts for future use from inside and outside the cluster. Therefore, we also added this technique to the persistence tactic.

  1. Extending existing technique: Exposed sensitive interfaces

Attackers may use management interfaces for discovery purposes, after gaining initial access to the cluster. By using the network reachability between pods, attackers can connect to management interfaces from the internal network, allowing them to get valuable information about the workload. Thus, we also added this technique to the discovery tactic.

New web interface

As new threats were added to the Kubernetes matrix and additional content was introduced, it became increasingly harder to effectively deliver the breadth of information included in the matrix as a blog post. Looking for ways to make it easier to use the Kubernetes threats and mitigations matrix as reference material for day-to-day security operations, we are releasing the matrix as a web site, shown in Figure 4 below.

The new version of the threat matrix for Kubernetes is now available at: http://aka.ms/KubernetesThreatMatrix

The threat matrix for Kubernetes can help organizations to have visibility to the unique attack surface of Kubernetes and help them to measure their coverage to those threats. With the new mitigation section, organizations can now understand the measures required to prevent those threats.

Microsoft Defender for Cloud can help detect and mitigate threats in your Kubernetes environments. Learn more about Microsoft Defender for Cloud support for container security.

Attachments

Disclaimer

Microsoft Corporation published this content on 08 December 2022 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 08 December 2022 14:42:02 UTC.


© Publicnow 2022
All news about MICROSOFT CORPORATION
09:43aMicrosoft : What's new in 3rd version of Microsoft threat matrix for Kubernetes
PU
09:03aMarketScreener's World Press Review: December 8, 202..
MS
07:54aWalmart-backed PhonePe seeks to raise $1 billion - Bloomberg News
RE
07:06aFutures edge up ahead of jobs data, recession fears loom
RE
06:38aSocial Buzz: Wallstreetbets Stocks Mostly Up Premarket; Carvana Poised to Ad..
MT
06:00aPentagon awards $9 bln cloud deal to big tech
RE
04:11aGoogle Support Services, Oracle America, Amazon Web Services, Microsoft Secure Hybrid C..
MT
02:41aNintendo, Microsoft Sign 10-Year Call of Duty Agreement
MT
02:11aDismal Economic Reports Knock Down Japanese Shares; SoftBank CEO Ups Stake in Conglomer..
MT
01:30aStolen data of 600,000 Indians sold on bot markets so far - study
RE
More news
Analyst Recommendations on MICROSOFT CORPORATION
More recommendations
Financials (USD)
Sales 2023 213 B - -
Net income 2023 71 624 M - -
Net cash 2023 68 362 M - -
P/E ratio 2023 25,6x
Yield 2023 1,10%
Capitalization 1 822 B 1 822 B -
EV / Sales 2023 8,23x
EV / Sales 2024 7,09x
Nbr of Employees 221 000
Free-Float 99,9%
Chart MICROSOFT CORPORATION
Duration : Period :
Microsoft Corporation Technical Analysis Chart | MarketScreener
Full-screen chart
Technical analysis trends MICROSOFT CORPORATION
Short TermMid-TermLong Term
TrendsBullishNeutralBearish
Income Statement Evolution
Consensus
Sell
Buy
Mean consensus BUY
Number of Analysts 50
Last Close Price 244,37 $
Average target price 296,98 $
Spread / Average Target 21,5%
EPS Revisions
Managers and Directors
Satya Nadella Chairman & Chief Executive Officer
Bradford L. Smith President & Chief Legal Officer
Amy E. Hood Chief Financial Officer & Executive Vice President
James Kevin Scott Chief Technology Officer & Executive VP
Hemma Prafullchandra CTO
Sector and Competitors
1st jan.Capi. (M$)
MICROSOFT CORPORATION-27.34%1 821 650
SYNOPSYS INC.-10.99%49 513
DASSAULT SYSTÈMES SE-33.29%48 121
CADENCE DESIGN SYSTEMS, INC.-12.18%44 052
SEA LIMITED-74.03%32 637
ATLASSIAN CORPORATION-67.10%32 058