KTrust, a Tel Aviv-based security startup, is taking a different approach to Kubernetes security from many of its competitors in the space. Instead of only scanning Kubernetes clusters and their configurations for known vulnerabilities, KTrust is taking a more proactive approach. It deploys an automated system that tries to hack into the system. This allows security teams to focus on real-world attack paths and not just long lists of potential security vulnerabilities. As such, KTrust is essentially a read team in a box — though research firm Gartner prefers to call it Continous Threat Exposure Management (CTEM).
Ktrust is coming out of stealth today and announcing a $5.4 million seed funding round led by AWZ Ventures.
As with so many Israeli security companies, the leadership team is coming in with considerable experience. CEO Nadav Toledo was previously a colonel in the Israeli Defense Forces’ 8200 intelligence unit, where he spent 25 years before starting KTrust. CTO Nadav Aharon-Nov previously was the CTO at cyber intelligence and defense company R-MOR, while COO Sigalit Shavit was previously the global CIO of publicly traded CyberArk. CBO Snit Mazilik complements this group with extensive business experience, including as the CEO of Shanghai-based fashion wholesaler Must Garment Group and as a managing partner at real estate investment firm NOI Ventures. That’s an eclectic group of founders, but as Toledo told me, “everybody brings a different perspective to the board and it’s the very best team.”
As a group, Toledo, Aharon-Nov and Mazilik started brainstorming different ideas for a security startup. The team landed on Kubernetes, which is not necessarily a surprise, given that it’s still a fast-growing ecosystem that many traditional enterprises are only now starting to embrace.
“Kubernetes is very complex and it’s very dynamic. We went to organizations and talked to the DevOps teams and CISOs […] We saw the DevOps teams were struggling — and we also saw the DevSecOps teams struggling because they want them to also be Kubernetes experts — configuring Kubernetes — and on the other hand, be security experts,” Toledo told me.
The team noted that most Kubernetes security solutions took what he called a “passive scanner approach” that focuses on doing static code analysis. But that results in lots of alerts and somebody then has to turn these into a work plan. The idea behind KTrust is to take a very different approach by using an automated red team algorithm that proactively explores attack paths to identify exposures in a Kubernetes-based system. KTrust takes a customer’s Kubernetes infrastructure settings and then duplicates them in a secure sandbox where its algorithms can attack it.
The algorithm then mimics real attackers. “By doing this, we find actual attack paths to exploit and you don’t get a list of hundreds of items that are not connected. We show the DevSecOps the validated exploits — and it’s true validation because it was a real attack,” Toledo explained. He noted that when working with a recent client, the passive scanner discovered more than 500 vulnerabilities, but using KTrust’s agent-based system, the team was able to whittle this down to only about a dozen actual attack paths.
Using KTrust, security teams can then see exactly how the algorithm attacked the system. As for mitigation, the service can provide users with recommendations for manual mitigation and in many cases, it can also automate these steps.
It’s worth noting that the company employs a group of security specialists dedicated to uncovering novel attack vectors. The team has already submitted a number of CVEs (Common Vulnerabilities and Exposures) for Kubernetes and Argo CD.
“Our investment in KTrust signifies our confidence in their distinctive Kubernetes security solution, meeting a critical market demand. With this investment KTrust will scale to empower DevSecOps globally in ensuring the secure deployment of their Kubernetes-based applications,” said Yaron Ashkenazi, Managing Partner, AWZ Ventures.