ThreatMapper Kubernetes: Install & Secure Your Environment
As businesses increasingly adopt Kubernetes for container orchestration, ensuring the security of applications in these environments becomes crucial. While traditional “Shift Left” scanning methods help identify vulnerabilities during development, they may miss critical issues once the code is in production. This is where ThreatMapper Kubernetes provides a powerful solution.
Why Shift Left Scanning Isn’t Enough for Kubernetes
Shift Left scanning helps identify vulnerabilities early in the development process. However, production environments are dynamic, and vulnerabilities emerge rapidly. For instance, the Log4j 2 vulnerability in late 2021 left many enterprises scrambling to secure their systems, underscoring the limitations of pre-production scans. These systems didn’t just include custom applications but also third-party components—many of which were vulnerable.
ThreatMapper Kubernetes addresses this gap by offering comprehensive vulnerability scanning within production environments. It scans running workloads for vulnerabilities that might have been missed in the development pipeline and assesses the likelihood of those vulnerabilities being exploited in real-world scenarios.
How ThreatMapper Kubernetes Enhances Security
The main strength of ThreatMapper Kubernetes lies in its ability to continuously scan production workloads in real time. It pulls data from various vulnerability feeds and uses risk prioritization to highlight the most critical issues. By considering factors such as the proximity to network attack surfaces and external traffic exposure, ThreatMapper helps you focus on vulnerabilities that are more likely to be exploited.
Key benefits of ThreatMapper Kubernetes include:
- Real-Time Vulnerability Detection: Continuous monitoring of production workloads for new vulnerabilities.
- Risk-Based Prioritization: Focus on vulnerabilities that are more likely to be exploited in your environment.
- Comprehensive Coverage: It integrates feeds from multiple sources, including the NVD CVE list and language-specific repositories for a thorough scan.
Steps to Install ThreatMapper Kubernetes
Follow these simple steps to set up ThreatMapper Kubernetes in your environment:
Step 1: Install the Management Console
Begin by installing the management console on a Docker host. First, download the required docker-compose.yml file:
wget https://github.com/deepfence/ThreatMapper/raw/master/deployment-scripts/docker-compose.yml
Run the command below to start the console:
docker-compose -f docker-compose.yml up --detach
This will take about 60 seconds to initialize. Make sure to note the IP address of the Docker host for later steps.
Step 2: Generate the API Key
After the management console starts, navigate to it using your browser. Create the initial admin account and generate an API key for the installation. This API key will be necessary for the next step.
Step 3: Install ThreatMapper Sensors
To install ThreatMapper Kubernetes sensors, use Helm to deploy a DaemonSet. Run the following command to add the Helm repository and install the sensor:
helm repo add deepfence https://deepfence-helm-charts.s3.amazonaws.com/threatmapper
helm install deepfence-agent deepfence/deepfence-agent \
--set managementConsoleUrl=---CONSOLE-IP--- \
--set deepfenceKey=---DEEPFENCE-API-KEY---
This will deploy a pod for each host in the Kubernetes cluster, which will continuously monitor network traffic and inspect containers.
Step 4: Explore Your Application Topology
After the sensors are installed, the ThreatMapper Kubernetes management console will allow you to explore your application’s topology. The visualizations help identify vulnerable workloads and areas where security risks are highest.
Step 5: Run Vulnerability Scans
Once your topology is set up, you can run vulnerability scans on your Kubernetes workloads. ThreatMapper pulls data from various vulnerability feeds and ranks vulnerabilities based on their severity and exploitability. You can then view the results in the Vulnerabilities tab and address the most critical issues first.
Why Choose ZippyOPS for Kubernetes Security
At ZippyOPS, we specialize in consulting, implementation, and managed services across a variety of modern IT operations. Our expertise spans DevOps, DevSecOps, Cloud, Microservices, Automated Ops, and Security. If you need assistance with integrating tools like ThreatMapper Kubernetes into your security workflow, we’re here to help.
Discover our services, products, and solutions to learn more about how we can assist you in securing your Kubernetes environments. For demos, tutorials, and educational videos, visit our YouTube playlist.
Conclusion: Secure Your Environments with ThreatMapper Kubernetes
By integrating ThreatMapper Kubernetes into your environment, you can significantly enhance the security of your production workloads. With continuous scanning and comprehensive vulnerability detection, ThreatMapper ensures that you are always prepared to handle new threats as they emerge.
For professional guidance and support, reach out to sales@zippyops.com.
