Brewing the Kubernetes Storm Center: Open Source Threat Intelligence for the Cloud Native Ecosystem

The process of threat modelling can seem an abstract art, especially regarding scoring and prioritisation. We show how a non-expert can practically validate threat modelling predictions and quantify the relative risk of different attack vectors. After a general introduction, we propose an extensible method that, based on a given threat model: a) generates a Kubernetes-based environment with embedded trip-wires, enabling the detection of real attacker paths without interference, b) exposes these simulated environments to the wild to observe quantitative threat intelligence in action, and c) informs cost-effective decisions for a defensive team. We discuss caveats, emphasise the critical role of automation in scalability across diverse threat models, and live showcase one quantified attack tree utilising Tetragon. To benefit the Kubernetes ecosystem, this accessible framework can be crowd-sourced into an open source threat intelligence capturing network for risk exposure quantification.

Key Takeaways:

• Why open source threat intelligence is important
• How can individuals and companies contribute via the Kubernetes Storm Centre
• How cloud-native threat intelligence can be gathered using honeypot clusters