A Practical Analysis of Open-Source Security Tools in Microservice Kubernetes Environments

The recent adoption of cloud-native computing and development models emphasizes the importance of security in protecting data residing in cloud-native workloads. Implementing such solutions presents that having as little system impact as possible is crucial while running protected workloads for the correct functioning of microservice-focused applications and end-user experience.In this paper, a systematic and practical analysis of widely used open-source microservice security tools was conducted by simulating a real-world cloud-native environment with Kubernetes. Various microservices and security tools were deployed and used during the emulation of a command-and-control (C2) attack scenario to evaluate the performance, observability, and enforcement capabilities of these tools under diverse system parameters. The simulated attack scenario included the exploitation of the Kubernetes API from a remote node through a vulnerable deployment, delivering valuable insights into each tool's visibility and response to real-world cyber threats.Furthermore, this paper entails a detailed methodology to conduct these experiments. To validate the assessments and determine the system impact across various hardware platforms, experiments were conducted on the Grid'5000 infrastructure and on a consumer-grade private server. These experiments on real and dedicated platforms outline the cloud-native security landscape, offering a holistic view of the capabilities and challenges of popular open-source security tools.