KTrust, a Tel Aviv-based security startup, is taking a unique approach to Kubernetes security. Instead of solely scanning Kubernetes clusters for known vulnerabilities, KTrust has introduced an automated system that attempts to hack into the system. This proactive approach allows security teams to focus on real-world attack paths, providing a more comprehensive security solution.
Key Takeaway
KTrust’s proactive approach to Kubernetes security, utilizing an automated red team algorithm, sets it apart in the security space. By focusing on real-world attack paths, KTrust aims to provide a more effective and actionable security solution for Kubernetes-based systems.
Seed Funding and Leadership Team
KTrust is emerging from stealth and has announced a $5.4 million seed funding round led by AWZ Ventures. The company’s leadership team brings extensive experience to the table. CEO Nadav Toledo, a former colonel in the Israeli Defense Forces’ 8200 intelligence unit, leads the team. Additionally, CTO Nadav Aharon-Nov and COO Sigalit Shavit contribute their expertise from previous roles in the cybersecurity industry. CBO Snit Mazilik complements the team with a wealth of business experience.
Focus on Kubernetes Security
The decision to focus on Kubernetes is strategic, given its rapid growth and increasing adoption by traditional enterprises. KTrust’s CEO, Nadav Toledo, emphasized the complexity and dynamism of Kubernetes, noting the challenges faced by DevOps and DevSecOps teams in configuring and securing Kubernetes-based systems.
Proactive Security Approach
While most Kubernetes security solutions utilize a passive scanner approach, KTrust stands out with its automated red team algorithm. This algorithm proactively explores attack paths to identify exposures in a Kubernetes-based system. By mimicking real attackers, KTrust’s algorithm provides validated exploits, offering a more focused and actionable approach to security.
Validation and Mitigation
KTrust’s approach has proven effective in reducing the number of vulnerabilities identified by passive scanners. By using an agent-based system, the team was able to narrow down over 500 vulnerabilities to about a dozen actual attack paths. The service also provides recommendations for manual mitigation and can automate these steps in many cases.
