Skip to content

Network intrusion prevention


ID: MS-M9007
MITRE mitigation: M1031

Use intrusion detection signatures and web application firewall to block traffic at network boundaries to pods and services in a Kubernetes cluster.

Adapting the network intrusion prevention solution to Kubernetes environment might be needed to route network traffic destined to services through it. In some cases, this will be done by deploying a containerized version of a network intrusion prevention solution to the Kubernetes cluster and be part of the cluster network, and in some cases, routing ingress traffic to Kubernetes services through an external appliance, requiring that all ingress traffic will only come from such an appliance.

Techniques Addressed by Mitigation

ID Name Use
MS-TA9004 Application vulnerability Use network intrusion prevention to block exploiting vulnerabilities.