Uptycs Introduces Detections that Correlate Threat Activity from the Kubernetes Control Plane and Container Runtime

Comprehensive CNAPP coverage for Kubernetes and containers in a single solution.

October 24, 2022

5 Min Read


WALTHAM, Mass., Oct. 24, 2022 /PRNewswire/Uptycs, provider of the first unified CNAPP and XDR solution, today announced enhanced Kubernetes and container security capabilities. These new features provide threat detection for container runtime correlated with the Kubernetes control plane attacks alongside scanning of container images in registries for vulnerabilities, malware, credentials, secret keys, and other sensitive information.

According to the latest Cloud Native Computing Foundation survey, 96% of organizations are either using or evaluating Kubernetes — the highest percentage since the surveys began in 2016.1 Yet many organizations are not prepared to detect threats against these new deployments. "Kubernetes-orchestrated clusters are essentially 'clouds within clouds.' The monitoring and visibility of the Kubernetes logs, network flows and application behaviors within the cluster should be baselined and analyzed for indications of compromise," recommends Gartner.2

Organizations can detect attacks against their Kubernetes deployments by adopting a shift up approach to cybersecurity, in which telemetry emanating from Kubernetes clusters and containers, laptops, and cloud services is normalized at the point of collection, but processed, correlated, and analyzed in a data lake.

Unlike siloed endpoint and cloud security solutions, Uptycs protects the entire arc of cloud-native application development, from the developer's laptop to container runtime. "Threat actors know a developer's laptop is often just one hop away from cloud infrastructure," said Ganesh Pai, co-founder and CEO of Uptycs. "Uptycs correlates risk signals from the modern attack surface for lightning-fast, contextualized detection and response. We do this with our unique, telemetry-powered approach and Detection Cloud. It's a shift up approach to cybersecurity that brings together multiple teams and types of IT infrastructure into a unified data model and UI."

"Our security team is organized around six domains, including threat detection and response, risk and compliance, application security, data security, infrastructure security, and enterprise security," said Anwar Reddick, Director of Information Security at Greenlight Financial. "Having a single solution like Uptycs that traverses these domains, and contextualizes threat activity across multiple asset types like Kubernetes, cloud services, and laptops improves cross-domain collaboration and insights. As a result, we've dramatically shortened our threat investigation time."

New Kubernetes and container runtime security features include:

  • Kubernetes threat detections — Combines anomalous Kubernetes actions with actions on a granular container lever, Uptycs is able to observe in real-time and store the behavior for investigation; this reduces mean time to detection (MTTD), collects forensic evidence for investigation, and determines the full scope of the incident as it happens

  • Registry scanning — Enables the ability to look for vulnerabilities in container images in a registry; Uptycs supports many registries, including AWS ECR, Azure Container Registry, DockerHub, and jFrog Artifactory

  • Secret scanning — Provides the ability to look for private keys, credentials, and other secrets stored in container images

  • NSA/CISA hardening checks — Ensures that Kubernetes deployments are set up per the updated hardening guidance provided by the U.S. National Security Agency and Cybersecurity and Infrastructure Security Agency. For example, ensuring that pod security and network security policies are in line with guidance

Uptycs fills in security visibility gaps with a single solution to protect container-based applications, whether they are run on-premises or in the cloud, from bare-metal to a serverless deployment. With Uptycs, customers can identify vulnerabilities early in the process, verify secure configurations, ensure compliance posture against standards like CIS benchmarks for Linux and Docker, and continuously monitor the runtime in production.

Uptycs was recognized as a Sample Vendor for Container and Kubernetes Security in the Gartner Hype Cycle for Application Security, 2022 and the Gartner Hype Cycle for Network and Workload Security, 2022. In addition, Uptycs was recognized as a Sample Vendor in the report from Gartner, Emerging Tech: CIEM Is Required for Cloud Security and IAM Providers to Compete.

Uptycs will be at KubeCon + CloudNativeCon from Oct. 24 - 28, 2022 in Detroit, Michigan. To learn more, please stop by booth #G29 or visit: https://www.uptycs.com/lp-kubecon-2022-request-a-meeting


Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Note: All new features will be available to Uptycs customers in Q4, 2022.

About Uptycs

Your developer's laptop is just a hop away from cloud infrastructure. Attackers don't think in silos, so why would you have siloed solutions protecting public cloud, private cloud, containers, laptops, and servers?

Uptycs reduces risk by prioritizing your responses to threats, vulnerabilities, misconfigurations, sensitive data exposure, and compliance mandates across your modern attack surface — all from a single platform, UI, and data model. This includes the ability to tie together threat activity as it traverses on-prem and cloud boundaries, thus delivering a more cohesive enterprise-wide security posture.

Looking for acronym coverage? We have that, too, including CNAPP, CWPP, CSPM, KSPM, CIEM, CDR, and XDR. Start with your Detection Cloud, Google-like search, and the attack surface coverage you need today. Be ready for what's next.

Shift your cybersecurity up with Uptycs. Learn how at: https://uptycs.com

1 Cloud Native Computing Foundation, CNCF Annual Survey, February 2022 https://www.cncf.io/reports/cncf-annual-survey-2021/
2 Gartner, "How to Make Cloud More Secure Than Your Own Data Center," Neil MacDonald, Tom Croll, April 2021 https://www.gartner.com/document/3970177

SOURCE: Uptycs

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights