KTrust, a Tel Aviv-based security startup, takes a different approach to Kubernetes security than many of its competitors in the space. Instead of only scanning Kubernetes clusters and their configurations for known vulnerabilities, KTrust takes a more proactive approach. It develops an automated system that tries to hack into the system. This allows security teams to focus on real-world attack paths rather than just long lists of potential security vulnerabilities. As such, KTrust is essentially a red team in a box – although research firm Gartner prefers to call it “continuous threat exposure management” (CTEM).
KTrust is coming out of stealth today and announcing a $5.4 million funding round led by Awz Ventures.
As with so many Israeli security companies, the leadership team comes with considerable experience. CEO Nadav Toledo was formerly a colonel in the Israel Defense Forces’ 8200 intelligence unit, where he spent 25 years before starting KTrust. CTO Nadav Aharon-Nov he was previously CTO at cyber espionage and defense firm R-MOR, while COO Sigalit Shavit he was previously global CIO of publicly traded CyberArk. CBO Snir Maizlik complements this group with extensive business experience, including CEO of Shanghai-based fashion wholesaler Must Garment Group and managing partner at real estate investment firm NOI Ventures. This is an eclectic group of founders, but as Toledo told me, “everyone brings a different perspective to the board and it’s the best team.”
As a team, Toledo, Aharon-Nov and Maizlik began brainstorming different ideas for a security startup. The team landed on Kubernetes, which isn’t necessarily surprising given that it’s still a rapidly growing ecosystem that many traditional enterprises are just now starting to embrace.
Image Credits: KTrust
“Kubernetes is very complex and it’s very dynamic. We went into organizations and talked to DevOps teams and CISOs. . . We’ve seen DevOps teams struggle — and we’ve also seen DevSecOps teams struggle because they want to also be Kubernetes experts — configure Kubernetes — and on the other hand, be security experts,” Toledo told me.
The team noted that most Kubernetes security solutions followed what it called a “passive scanner approach” that focuses on analyzing static code. But this leads to a lot of notifications and someone then has to turn them into a working plan. The idea behind KTrust is to take a very different approach by using an automated red team algorithm that proactively explores attack paths to detect exposures in a Kubernetes-based system. KTrust takes a customer’s Kubernetes infrastructure settings and then copies them into a secure sandbox where its algorithms can attack it.
Image Credits: KTrust
The algorithm then mimics real attackers. “By doing this, we find real attack paths to exploit, and you don’t get a list of hundreds of objects that aren’t connected. We show DevSecOps the validated exploits — and it’s true validation because it was a real attack,” Toledo explained. He noted that when working with a recent customer, the passive scanner discovered more than 500 vulnerabilities, but using KTrust’s agent-based system, the team was able to whittle it down to about a dozen real attack paths.
Using KTrust, security teams can then see exactly how the algorithm attacked the system. In terms of mitigation, the service can provide users with manual mitigation recommendations and in many cases can also automate these steps.
It is worth noting that the company employs a team of security experts dedicated to uncovering new attack vectors. The team has already submitted a number of CVEs (common vulnerabilities and exposures) for Kubernetes and Argo CD.
“Our investment in KTrust signals our confidence in the signature Kubernetes security solution, which meets a critical market demand. With this investment, KTrust will scale to empower DevSecOps globally to ensure the secure deployment of their Kubernetes-based applications,” said Yaron Ashkenazi, Managing Partner of Awz Ventures.
