跳到主要內容

Review & Remediate Attack Path Risks

Implementation Effort: Medium
This task involves enabling Defender for Containers, analyzing attack path graphs, and coordinating with security and platform teams to remediate misconfigurations and vulnerabilities.

User Impact: Low
Only security and infrastructure teams are involved in reviewing and remediating attack paths; end users are not affected.

Overview

Microsoft Defender for Containers includes attack path analysis, a graph-based feature that identifies exploitable paths attackers could use to move laterally and reach high-value assets in your containerized environments. These paths are visualized in the Cloud Security Explorer, which helps security teams prioritize and break attack chains before they are exploited.

To review and remediate attack path risks:

  • Enable Defender for Containers and ensure agents are deployed on relevant clusters 1.
  • Navigate to Microsoft Defender for Cloud > Attack Paths.
  • Review attack paths sorted by:
    • Risk level
    • Entry point
    • Target asset
    • Affected resources
    • Active recommendations
  • Investigate insights such as:
    • Pods exposed to the internet
    • Privileged containers
    • Containers using host networking
    • Vulnerable container images 2
  • Apply remediations by:
    • Updating Kubernetes configurations
    • Restricting network exposure
    • Rebuilding vulnerable images
    • Enforcing policies to prevent insecure deployments

This process supports the Zero Trust principle of "Assume Breach" by proactively identifying and eliminating lateral movement paths that attackers could exploit within Kubernetes environments.

Risks if not implemented: Unaddressed attack paths can allow adversaries to escalate privileges, move laterally, and compromise sensitive workloads, increasing the likelihood of a successful breach.

Reference