Container Security in AKS/EKS: What Australian Businesses Need to Know

Containers and Kubernetes offer incredible agility but introduce novel risks. In Australia, where industries from finance to mining adopt AKS or EKS, awareness of container misconfigurations and runtime threats is critical.

Common Misconfigurations

• Privileged Containers: Running containers with --privileged or root user gives attackers root on the host node. Train DevOps teams to use least-privilege security contexts and drop Linux capabilities they don’t need.

• Exposed Dashboards & APIs: Kubernetes dashboards often default to no auth. Ensure role-based access control (RBAC) is enforced and kube-api access is limited to trusted IPs via network policies.

Runtime Threats

• Image Supply-Chain Attacks: Malicious or vulnerable base images can introduce backdoors. Use Azure Container Registry (ACR) vulnerability scanning or third-party tools to detect CVEs before deployment. Awareness materials should highlight recent incidents where attackers slipped malware into popular public images.

• In-Cluster Lateral Movement: Once a container is compromised, bad actors may hop across pods. Namespace segmentation and network policies help confine traffic. Emphasise that a namespace is not a security boundary—namespace network policies define true micro-segmentation.

Monitoring & Incident Response

Deploy CrowdStrike's Falcon® Cloud Security runtime threat detection tools to alert on suspicious syscalls (e.g. execution in read-only volumes). Integrate with Sentinel for centralised alerting. Dev and SecOps teams need awareness that container breaches often show subtle symptoms—unexpected process starts or anomalous outbound connections.