Protecting Kubernetes clusters with Cloud Advisor

The new version of Cloud Advisor protects managed Kubernetes clusters located in Huawei Cloud.

Cloud Advisor identifies vulnerabilities in images running in a Kubernetes cluster and prioritizes them based on the information about the public exposure and rights of the pods on which they are found. Additionally, Cloud Advisor validates Kubernetes against CIS guidelines and security best practices.

Cloud Advisor now analyzes all layers of cloud infrastructure operations: cloud configuration layer, Kubernetes managed clusters layer, OS and software running on virtual machines and containers. Cloud Advisor combines CSPM, CWPP and KSPM products and is recommended as a single platform to ensure the security of the entire cloud infrastructure.

Analysis of all layers of cloud infrastructure operation provides a complete picture of cloud security risks and identifies attack vectors that are inaccessible to products that operate at only one layer — for example, «Log4Shell vulnerability found on a VM with an assigned public IP and a security group that allows connection to 0.0.0.0.0».

Cloud infrastructure is analyzed using a unique agentless technology that provides 100% coverage of the entire infrastructure, product deployment in minutes, reduced administration costs and no impact on virtual machine performance.

Kubernetes protection is available for Advanced license users and is currently not additionally charged.