Since its inception, Wiz has been committed to securing public and hybrid cloud environments against emerging threats. As Kubernetes is a cloud in its own right, its security is central to our mission. With over two years of dedicated effort, Wiz has continually evolved its methodologies to comprehensively address all facets of Kubernetes security based on three pillars: 

• An agentless-first approach, enabling complete visibility with the context of all cloud layers and identification of all potential toxic combinations at runtime 

• Integration at the beginning and throughout application development cycles to prevent risks early 

• Real-time detection of abnormal behavior to be able to respond effectively to breaches 

Where Wiz comes in: a defense-in-depth strategy

To fully understand your environment and implement a successful defense strategy, it's essential to completely understand your production's risks. As the first pillar, Wiz's Kubernetes Security Posture Management (KSPM) combined with Cloud Workload Protection Platform (CWPP) offers an unparalleled suite of tools and capabilities to enhance security across Kubernetes clusters. The setup process is streamlined, enabling users to establish complete visibility within minutes. Through meticulous examination of configurations, identities, and network pathways, Wiz identifies potentials risks and ensures compliance with industry standards such as CIS Benchmarks, Kubernetes official recommendation like Pod Security Standards (PSS), and more.  

Furthermore, Wiz provides a complete inventory of all services and technologies deployed in cloud environments, including Kubernetes clusters. This makes it possible to identify the deployment and use of service meshes such as Istio, and thus visualize network connections and configurations between pods, nodes, and the cloud. 

The second pillar of Wiz enables you to apply your understanding of your runtime environment to define the controls that need to be set upstream. It is more effective to detect and block misconfigurations or vulnerabilities in an application early in its development phase rather than correcting them once the application is in production. Wiz can be seamlessly integrated into the IDE, SCM, and pipelines to scan applications and IaC (Infrastructure as Code) code, as well as container and virtual machine images. In addition to these proactive measures, Wiz implements an admission controller, serving as the gatekeeper against misconfigured or untrusted images to reach Kubernetes clusters, preventing potential security breaches and audits any deviations from established security policies. 

As the third and final pillar, Wiz offers cloud detection and response in near real-time. It correlates events from the cloud and the Kubernetes control plane, hosts, and containers to detect and promptly alert on potential breaches and abnormal behaviors. This capability enhances Wiz's proactive approach by continuously monitoring and analyzing activity across cloud and Kubernetes environments, enabling swift responses to security threats and ensuring the integrity of your infrastructure. Using a combination of agentless methods (cloud events, Kubernetes control plane logs) and the Wiz runtime sensor, a lightweight eBPF agent, it provides comprehensive coverage and deep visibility into your cloud and Kubernetes ecosystem, empowering you to effectively mitigate risks and safeguard your assets. 

OWASP top 10 for Kubernetes

Wiz is excited to announce its comprehensive coverage of the OWASP Top 10 for Kubernetes risks, a testament to its unwavering commitment to proactive security measures. The OWASP Top 10 for Kubernetes delineates the most critical security vulnerabilities specific to Kubernetes environments, highlighting the necessity for robust security measures to safeguard against potential exploits. 

Understanding the significance of these risks, such as overly permissive RBAC or secrets management failures, is paramount for organizations seeking to fortify their Kubernetes ecosystems. Wiz's strategic approach, honed over the past two years, has enabled the mitigation of nearly all OWASP Top 10 risks through a combination of proactive monitoring, policy enforcement, and rapid response mechanisms. 

In an era marked by relentless cyber threats, safeguarding Kubernetes environments is imperative for organizations embracing cloud-native architectures. Kubernetes clusters rarely run as an isolated system but are integrated in a bigger cloud environment, that's why they need to be part of a bigger defense strategy. 

With Wiz's comprehensive security solutions, organizations can proactively mitigate risks and fortify their defenses against evolving threats. From initial setup to ongoing monitoring and response, Wiz empowers organizations to navigate the complexities of Kubernetes security with confidence and resilience. 

In short, Wiz gives you a complete visibility of what is happening in your Kubernetes clusters and their underlying clouds, and your security posture against the OWASP TOP 10 framework. You can now quickly understand what is covered and what is not and act accordingly with actionable insights to remediate faster. 

View your OWASP Kubernetes top 10 score in Wiz

Would you like to know your compliance position regarding this new framework? Nothing could be simpler. In the Reports > Compliance posture menu, select OWASP Kubernetes Top 10, and check your score. Learn more about how you can use these new compliance capabilities. Use the Wiz docs (login required) to get started. Have questions, comments, or feedback? Do reach out to Wiz. We love hearing from you.