We are very excited to share with you that the Azure Security Center offering for Azure Kubernetes Serviceis generally available!
The popular, open source platform Kubernetes has been adopted so widely that it’s now an industry standard for container orchestration. Despite this widespread implementation, there’s still a lack of understanding regarding how to secure a Kubernetes environment. Defending the attack surfaces of a containerized application requires expertise to ensure the infrastructure is configured securely and constantly monitored for potential threats.
With this native solution, Azure Security Center is expanding its container security features to protect Azure Kubernetes Service (AKS), providing an experience that blends into the Security Center cloud security suite and answers customer demand in the rapidly growing Container Security space. This is an important milestone on the journey towards providing Azure customers with a single pane of glass for CWP workloads.
The new capabilities include:
Discovery and visibility - Continuous discovery of managed AKS instances within the subscriptions registered to Security Center.
Security recommendations - Actionable recommendations to help you comply with security best-practices for AKS. These recommendations are included in your secure score to ensure they’re viewed as a part of your organization’s security posture. An example of an AKS-related recommendation you might see is "Role-based access control should be used to restrict access to a Kubernetes service cluster".
Threat protection - Through continuous analysis of your AKS deployment, Security Center alerts you to threats and malicious activity detected at the host and AKS cluster levels