Kasten by Veeam adds ransomware detection to K10 data management platform

Kubecon Veeam acquisition Kasten kicked off this year's Kubecon with an updated version of its K10 product, aimed at securing the Kubernetes container orchestration platform.

Now known as "Kasten by Veeam", the company told the Valencia-based conference that version 5 of the K10 Kubernetes backup and data protection suite includes extra ransomware defenses.

K10 has received a number of updates since Kasten's acquisition by Veeam. Version 4.5 added coverage for platforms including Kafka, Cassandra, and the K3s Kubernetes distribution.

With version 5, the team has worked on platform hardening, data protection policy "guardrails," ransomware detection, and "ecosystem enhancements." The latter means that Kasten K10 can be picked up in locations such as the Red Hat Marketplace and the SUSE Rancher Apps and Marketplace.

The new ransomware and data protection functionality merits closer inspection. Kasten already has a ransomware recovery pitch and, with version 4, introduced immutable object storage backups.

Ransomware recovery is one thing, but catching miscreants in the act is quite another. In v5, the platform will notify administrators when nefarious activities are detected. These include attempts to compromise the integrity of object stores holding an immutable copy of backups.

Guarav Rishi, VP of Products and Partnerships, told The Register: "Kasten K10 has leveraged the MITRE ATT&CK techniques in conjunction with Kubernetes runtime threat detection engines such as Falco to detect an impending or live attack."

The Data Protection "Guardrails" and Access Control tweaks are also handy. Rishi said: "One of the leading causes of unauthorized access or persistence in Kubernetes environments is granting users and/or applications more permissions than they need." To that end, roles and permissions have been simplified this time around.

"Policy as code" can also be leveraged to ensure that, for example, deployments with misconfigurations in the compliance department (such as forgetting about HIPAA retention periods) can be caught early, as well as making sure backup and recovery processes don't become afterthoughts once the exciting bits are done.

• Dockershim deprecated with release of Kubernetes 1.24
• NSA spies ample opportunities to harden Kubernetes
• Kubernetes container runtime CRI-O has make-me-root flaw
• DataStax updates K8ssandra to help Cassandra operate worldwide

While welcome, the K10 enhancements are a reminder that the Kubernetes world continues to evolve apace, potentially reinventing technology that might have been taken for granted elsewhere.

Matt Overstreet, field CTO for cloud at DataStax, remarked that while backups are necessary, "these are problems that were solved, and the new infrastructure approach 'unsolved' them."

He told The Register: "When thinking about distributed systems, the whole approach should be that systems can keep on running despite any problems in the first place. Backup for the sake of recovery alone should not be necessary.

"Backups today have a different purpose. They should be about preventing people from 'poisoning the well' and attacking the data that you put together, or preventing you from using that information in the business." ®