Get started with Kubernetes Security Posture Management (KSPM)
Latest Dynatrace Early Adopter
Dynatrace Kubernetes Security Posture Management enables you to detect, analyze, and monitor misconfigurations, security hardening guidelines, and potential compliance violations across your Kubernetes deployment.
Capabilities
-
Provides in-depth insights into the security posture of your Kubernetes environments.
-
Monitors against regulatory security and compliance standards such as Security Technical Implementation Guide (STIG), Digital Operational Resilience Act (DORA), National Institute of Standards and Technology (NIST), and Center for Internet Security (CIS).
-
Analyzes the Kubernetes environment from the cluster to the nodes and pods against regulatory requirements.
-
Provides actionable findings that allow you to
- Prioritize compliance efforts
- Create audit evidence and reporting for auditors and internal security and compliance teams
Use cases
Stay compliant with Security Posture Management
Target audience
Kubernetes Security Posture Management is dedicated to Security Ops Engineers, DevOps, DevSecOps, and Site Reliability Engineers (SREs).
Scenario
Your organization requires following Industry best practices for Kubernetes deployments or regulatory requirements.
New clusters, nodes, and pods are constantly added or removed from your Kubernetes environment.
Goal
-
Gain immediate insight into the overall security posture of your monitored environment.
-
Detect and address security issues and misconfigurations easily.
-
Ensure your environment is configured securely and efficiently.
-
Enhance the overall system reliability.
-
Stay compliant with security standards.
Result
-
Kubernetes clusters are actively assessed through Kubernetes Security Posture Management against regulatory compliance standards and security best practices.
-
Misconfigurations and violations against standards are continuously discovered.
How it works
Dynatrace ingests configuration data from your clusters and workloads into Grail, where it's formatted into compliance events according to the Semantic Dictionary conventions.
The mechanism is described below.
KSPM is configured by Dynatrace Operator to collect data
Data is collected
Data is sent to the Dynatrace Cluster
Data is mapped
Compliance results are ready to use
KSPM is configured by Dynatrace Operator to collect data
Once you enable Dynatrace Kubernetes Node Configuration Collector in Dynatrace Operator, it's deployed as a DaemonSet on your monitored cluster's nodes to collect cluster and workload configuration data.
Data is collected
- Node Configuration Collector collects data from the cluster nodes.
- Frequency: every minute
- ActiveGate collects data from the Kubernetes API.
- Frequency: every hour
Data is sent to the Dynatrace Cluster
ActiveGate processes all data received from the nodes and Kubernetes API and sends it to the Dynatrace Cluster.
Data is mapped
The cluster and workload configuration data is mapped as compliance events according to the Semantic Dictionary and stored in the default_security_events bucket (for details, see: Built-in Grail buckets).
Compliance results are ready to use
Once data is ingested into Grail, you can use
- Security Posture Management app
to analyze your clusters' security posture and evaluate your compliance with industry standards - Security Investigator
to query compliance events for further insights - Notebooks
to share finding reports with stakeholders
For a list of DQL examples based on compliance events that you can use for further investigation or reporting, see Query compliance events.
Deploy
For deployment instructions, see Kubernetes Security Posture Management.
What's next
Install and explore Security Posture Management app .
Try Security Posture Management app and share your feedback to help us improve.
FAQ
For a list of frequently asked questions regarding Security Posture Management, see FAQ.