We're running payment systems in Kubernetes that handle sensitive data and run on ephemeral workloads in a hybrid cloud setup. All workloads are isolated, but we need to ensure that nothing connects to unknown networks or runs suspicious code. Our customers have stressed that it's critical to guarantee that no communication occurs with C2 servers. What steps can we take to secure our DNS effectively? Also, is runtime behavior monitoring through syscalls, DNS, and process tracing now a feasible option?
1 Answer
Have you looked into DNS firewall products? They can filter and block DNS queries and monitor for any potential data exfiltration, which is crucial for payment systems. You might also want to consider a Kubernetes-compatible SIEM. I've been using Lacework for some time and it's been great, but definitely check around since there are plenty of options available.
Thanks for the tip! I'll definitely check out Lacework and explore other SIEM solutions as well.