{"id":93183,"date":"2021-03-23T09:00:45","date_gmt":"2021-03-23T16:00:45","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/?p=93183"},"modified":"2023-05-15T23:09:08","modified_gmt":"2023-05-16T06:09:08","slug":"secure-containerized-environments-with-updated-threat-matrix-for-kubernetes","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/03\/23\/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes\/","title":{"rendered":"Secure containerized environments with updated threat matrix for Kubernetes"},"content":{"rendered":"<p>Last April, we released the first version of the <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/04\/02\/attack-matrix-kubernetes\/\" target=\"_blank\" rel=\"noopener noreferrer\">threat matrix for Kubernetes<\/a>. It was the first attempt to systematically map the threat landscape of Kubernetes. As we described in the previous post, we chose to adapt the structure of MITRE ATT&amp;CK\u00ae framework which, became almost an industry standard for describing threats.<\/p>\n<p>Since the publication of the threat matrix last year, things have changed:<\/p>\n<ul>\n<li>New threats were discovered as attackers targeted more and more Kubernetes workloads.<\/li>\n<li>We were glad to see that the security community adopted the matrix and added more techniques.<\/li>\n<li>As Kubernetes evolves, it becomes more secure by default and some techniques are no longer relevant.<\/li>\n<\/ul>\n<p>Today, we are releasing the second version of the threat matrix for Kubernetes, which considers these changes. The updated matrix adds new techniques that were found by Microsoft researchers, as well as techniques that were suggested by the community. We also deprecate several techniques, which do not apply anymore to newer versions of Kubernetes. In this version, we also add a new tactic taken from MITRE ATT&amp;CK\u00ae: collection.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-93188 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2021\/03\/Matrix.png\" alt=\"The threat matrix to Kubernetes. The matrix consists of the various attacking techniques that target Kubernetes.\" width=\"1622\" height=\"978\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/03\/Matrix.png 1622w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/03\/Matrix-300x181.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/03\/Matrix-1024x617.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/03\/Matrix-768x463.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/03\/Matrix-1536x926.png 1536w\" sizes=\"(max-width: 1622px) 100vw, 1622px\" \/><\/p>\n<h2>What has deprecated?<\/h2>\n<p>Kubernetes evolved and became more secure by default; techniques that appeared in last year&#8217;s matrix aren\u2019t relevant to newer environments. Therefore, we decided to deprecate some of the techniques:<\/p>\n<h3>Exposed Kubernetes Dashboard<\/h3>\n<p>The Kubernetes dashboard\u2019s usage has been in decline for a while now. Cloud-managed clusters, such as Microsoft\u2019s AKS and Google\u2019s GKE, deprecated this service and moved to a centralized interface in their portals. Moreover, the recent versions of the Kubernetes dashboard require authentication and it\u2019s less likely to find exposed dashboards that do not require authentication. Consequently, we also removed the technique, \u201c<strong>Access Kubernetes dashboard<\/strong>,\u201d under lateral movement tactic. Older versions of Kubernetes, including newer clusters that have the dashboard manually installed, are still affected by this technique. The concept of this technique was generalized in the new technique: <strong>exposed sensitive interfaces <\/strong>(see below).<\/p>\n<h3>Access tiller endpoint\u00ad<\/h3>\n<p>As of version 3, Helm doesn\u2019t use its server-side component, Tiller. This is a major improvement in the security of Helm. Currently, Helm operates (by default) on behalf of the user\u2019s credentials as they appear in the kubeconfig file. Users of older versions of Helm are still affected by this technique.<\/p>\n<h2>New techniques for the threat matrix<\/h2>\n<h3>1. Initial access<\/h3>\n<h4>Exposed sensitive interfaces<\/h4>\n<p>Exposing a sensitive interface to the internet poses a security risk. Some popular frameworks were not intended to be exposed to the internet, and therefore don\u2019t require authentication by default. Thus, exposing them to the internet allows unauthenticated access to a sensitive interface which might enable running code or deploying containers in the cluster by a malicious actor. Examples of such interfaces that were seen exploited include Apache NiFi, Kubeflow, Argo Workflows, Weave Scope, and the Kubernetes dashboard.<\/p>\n<h3>2. Execution<\/h3>\n<h4>Sidecar injection<\/h4>\n<p>A Kubernetes Pod is a group of one or more containers with shared storage and network resources. Sidecar container is a term that is used to describe an additional container that resides alongside the main container. For example, service-mesh proxies are operating as sidecars in the applications\u2019 pods. Attackers can run their code and hide their activity by injecting a sidecar container to a legitimate pod in the cluster instead of running their own separated pod in the cluster.<\/p>\n<h3>3. Persistence<\/h3>\n<h4>Malicious admission controller<\/h4>\n<p>Admission controller is a Kubernetes component that intercepts, and possibly modifies, requests to the Kubernetes API server. There are two types of admissions controllers: validating and mutating controllers. As the name implies, a mutating admission controller can modify the intercepted request and change its properties. Kubernetes has a built-in generic admission controller named <em>MutatingAdmissionWebhook<\/em>. The behavior of this admission controller is determined by an admission webhook that the user deploys in the cluster. Attackers can use such webhooks for gaining persistence in the cluster. For example, attackers can intercept and modify the pod creation operations in the cluster and add their malicious container to every created pod.<\/p>\n<h3>4. Credential access<\/h3>\n<h4>Access managed identity credential<\/h4>\n<p>Managed identities are identities that are managed by the cloud provider and can be allocated to cloud resources, such as virtual machines. Those identities are used to authenticate with cloud services. The identity\u2019s secret is fully managed by the cloud provider, which eliminates the need to manage the credentials. Applications can obtain the identity\u2019s token by accessing the Instance Metadata Service (IMDS). Attackers who get access to a Kubernetes pod can leverage their access to the IMDS endpoint to get the managed identity\u2019s token. With a token, the attackers can access cloud resources.<\/p>\n<h4>Malicious admission controller<\/h4>\n<p>In addition to persistency, a malicious admission controller can be used to access credentials. One of the built-in admission controllers in Kubernetes is <em>ValidatingAdmissionWebhook<\/em>. Like <em>MutatingAdmissionWebhook<\/em>, this admission controller is also generic, and its behavior is determined by an admission webhook that is deployed in the cluster. Attackers can use this webhook to intercept the requests to the API server, record secrets, and other sensitive information.<\/p>\n<h3>5. Lateral movement<\/h3>\n<h4>CoreDNS poisoning<\/h4>\n<p>CoreDNS is a modular Domain Name System (DNS) server written in Go, hosted by Cloud Native Computing Foundation (CNCF). CoreDNS is the main DNS service that is being used in Kubernetes. The configuration of CoreDNS can be modified by a file named corefile. In Kubernetes, this file is stored in a ConfigMap object, located at the kube-system namespace. If attackers have permissions to modify the ConfigMap, for example by using the container\u2019s service account, they can change the behavior of the cluster\u2019s DNS, poison it, and take the network identity of other services.<\/p>\n<h4>ARP poisoning and IP spoofing<\/h4>\n<p>Kubernetes has numerous network plugins (Container Network Interfaces or CNIs) that can be used in the cluster. Kubenet is the basic, and in many cases the default, network plugin. In this configuration, a bridge is created on each node (cbr0) to which the various pods are connected using veth pairs. The fact that cross-pod traffic is through a bridge, a level-2 component, means that performing ARP poisoning in the cluster is possible. Therefore, if attackers get access to a pod in the cluster, they can perform ARP poisoning, and spoof the traffic of other pods. By using this technique, attackers can perform several attacks at the network-level which can lead to lateral movements, such as DNS spoofing or stealing cloud identities of other pods (CVE-2021-1677).<\/p>\n<h3>6. Collection<\/h3>\n<p>In this update, we also add a new tactic to the threat matrix: collection. In Kubernetes, collection consists of techniques that are used by attackers to collect data from the cluster or through using the cluster.<\/p>\n<h4>Images from private registry<\/h4>\n<p>The images that are running in the cluster can be stored in a private registry. For pulling those images, the container runtime engine (such as Docker or containerd) needs to have valid credentials to those registries. If the registry is hosted by the cloud provider, in services like Azure Container Registry (ACR) or Amazon Elastic Container Registry (ECR), cloud credentials are used to authenticate to the registry. If attackers get access to the cluster, in some cases they can obtain access to the private registry and pull its images. For example, attackers can use the managed identity token as described in the \u201cAccess managed identity credential\u201d technique. Similarly, in EKS, attackers can use the AmazonEC2ContainerRegistryReadOnly policy that is bound by default to the node\u2019s IAM role.<\/p>\n<h2>Protect your containerized environments<\/h2>\n<p>Understanding the attack surface of containerized environments is the first step of building security solutions for these environments. The revised threat matrix for Kubernetes can help organizations identify the current gaps in their defenses\u2019 coverage against the different threats that target Kubernetes.<\/p>\n<p>We recommend that you start protecting your containerized environment with Azure Defender today. Learn more about Azure Defender\u2019s\u00a0<a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/security-center\/container-security\" target=\"_blank\" rel=\"noopener noreferrer\">support for container security<\/a>.<\/p>\n<p>To learn more about Microsoft Security solutions <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/solutions\" target=\"_blank\" rel=\"noopener noreferrer\">visit our website.<\/a>\u00a0Bookmark the\u00a0<a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\" target=\"_blank\" rel=\"noopener noreferrer\">Security blog<\/a>\u00a0to keep up with our expert coverage on security matters. Also, follow us at\u00a0<a href=\"https:\/\/twitter.com\/@MSFTSecurity\" target=\"_blank\" rel=\"noopener noreferrer\">@MSFTSecurity<\/a>\u00a0for the latest news and updates on cybersecurity.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The updated threat matrix for Kubernetes adds new techniques found by Microsoft researchers, as well as techniques that were suggested by the community. <\/p>\n","protected":false},"author":106,"featured_media":93186,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"content-type":[3662],"topic":[3683],"products":[3690],"threat-intelligence":[],"tags":[3809],"coauthors":[2290],"class_list":["post-93183","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","content-type-news","topic-security-management","products-microsoft-defender","tag-security-strategies"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Secure containerized environments with updated threat matrix for Kubernetes | Microsoft Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/03\/23\/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Secure containerized environments with updated threat matrix for Kubernetes | Microsoft Security Blog\" \/>\n<meta property=\"og:description\" content=\"The updated threat matrix for Kubernetes adds new techniques found by Microsoft researchers, as well as techniques that were suggested by the community.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/03\/23\/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-03-23T16:00:45+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-16T06:09:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/03\/MSC17_dataCenter_016.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"800\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Yossi Weizman\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/03\/MSC17_dataCenter_016.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Yossi Weizman\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/03\/23\/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/03\/23\/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/yossi-weizman\/\",\"@type\":\"Person\",\"@name\":\"Yossi Weizman\"}],\"headline\":\"Secure containerized environments with updated threat matrix for Kubernetes\",\"datePublished\":\"2021-03-23T16:00:45+00:00\",\"dateModified\":\"2023-05-16T06:09:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/03\/23\/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes\/\"},\"wordCount\":1348,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/03\/23\/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/03\/MSC17_dataCenter_016.jpg\",\"keywords\":[\"Security strategies\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/03\/23\/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/03\/23\/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes\/\",\"name\":\"Secure containerized environments with updated threat matrix for Kubernetes | Microsoft Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/03\/23\/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/03\/23\/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/03\/MSC17_dataCenter_016.jpg\",\"datePublished\":\"2021-03-23T16:00:45+00:00\",\"dateModified\":\"2023-05-16T06:09:08+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/03\/23\/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/03\/23\/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/03\/23\/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/03\/MSC17_dataCenter_016.jpg\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/03\/MSC17_dataCenter_016.jpg\",\"width\":1200,\"height\":800,\"caption\":\"IT professionals build and maintain the LinkedIn server farm.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/03\/23\/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Secure containerized environments with updated threat matrix for Kubernetes\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"name\":\"Microsoft Security Blog\",\"description\":\"Expert coverage of cybersecurity topics\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\",\"name\":\"Microsoft Security Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Security Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Secure containerized environments with updated threat matrix for Kubernetes | Microsoft Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/03\/23\/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes\/","og_locale":"en_US","og_type":"article","og_title":"Secure containerized environments with updated threat matrix for Kubernetes | Microsoft Security Blog","og_description":"The updated threat matrix for Kubernetes adds new techniques found by Microsoft researchers, as well as techniques that were suggested by the community.","og_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/03\/23\/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes\/","og_site_name":"Microsoft Security Blog","article_published_time":"2021-03-23T16:00:45+00:00","article_modified_time":"2023-05-16T06:09:08+00:00","og_image":[{"width":1200,"height":800,"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/03\/MSC17_dataCenter_016.jpg","type":"image\/jpeg"}],"author":"Yossi Weizman","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/03\/MSC17_dataCenter_016.jpg","twitter_misc":{"Written by":"Yossi Weizman","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/03\/23\/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/03\/23\/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/yossi-weizman\/","@type":"Person","@name":"Yossi Weizman"}],"headline":"Secure containerized environments with updated threat matrix for Kubernetes","datePublished":"2021-03-23T16:00:45+00:00","dateModified":"2023-05-16T06:09:08+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/03\/23\/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes\/"},"wordCount":1348,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/03\/23\/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/03\/MSC17_dataCenter_016.jpg","keywords":["Security strategies"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/03\/23\/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/03\/23\/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes\/","name":"Secure containerized environments with updated threat matrix for Kubernetes | Microsoft Security Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/03\/23\/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/03\/23\/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/03\/MSC17_dataCenter_016.jpg","datePublished":"2021-03-23T16:00:45+00:00","dateModified":"2023-05-16T06:09:08+00:00","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/03\/23\/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/03\/23\/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/03\/23\/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes\/#primaryimage","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/03\/MSC17_dataCenter_016.jpg","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/03\/MSC17_dataCenter_016.jpg","width":1200,"height":800,"caption":"IT professionals build and maintain the LinkedIn server farm."},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/03\/23\/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/"},{"@type":"ListItem","position":2,"name":"Secure containerized environments with updated threat matrix for Kubernetes"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization","name":"Microsoft Security Blog","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/"}}]}},"msxcm_display_generated_audio":false,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Security Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/93183"}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/users\/106"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/comments?post=93183"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/93183\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media\/93186"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media?parent=93183"}],"wp:term":[{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/content-type?post=93183"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/topic?post=93183"},{"taxonomy":"products","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/products?post=93183"},{"taxonomy":"threat-intelligence","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/threat-intelligence?post=93183"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/tags?post=93183"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/coauthors?post=93183"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}