In this section, we will take a look at the CBC Cloud Console in detail
8. Login to Carbon Black Cloud
Launch the Carbon Black Cloud shortcut on your desktop as shown. You will be re-directed to the login page.
9. Carbon Black Cloud Demo Credentials
Login using the credentials listed in Demo Credentials.txt file located on your desktop.
- Username: (listed in text file Demo Credentials.txt on the VMware Tanzu desktop)
- Password: (listed in text file Demo Credentials.txt on the VMware Tanzu desktop)
10. Carbon Black Cloud Dashboard
The Carbon Black Cloud dashboard provides a high-level overview of your environment and enables you to quickly navigate to items of interest. You can customize the dashboard tiles and display data for specific time periods and policies.
11. Accessing K8s Clusters
Navigate to Inventory > Clusters to review current cluster management.
CBC Inventory provides Security teams with unified insights across Endpoints, Workloads and Containers. Security teams are able to view all protected and active clusters running within their enterprise.
12. View Cluster Details
Expand the > under Actions column to view cluster details.
13. Kubernetes Workloads
To assess K8s Workloads running within your environment navigate to Inventory > Workloads.
K8s Workloads monitor and provide information for each workload. You can view risk severity, if a workload is covered by K8s runtime and hardening policies, and if there are any policy violations or enforcements. This helps remediate risks and fix issues at a workload level in your K8s environment.
14. Kubernetes Health Overview
To understand your current state of you K8 Workloads navigate to Harden > K8s Health
Kubernetes Health Overview: Provides a single pane of glass for complete visibility into your security posture across k8s clusters and namespaces, including visibility into rules violations and configurations. The K8s Health page shows the current state of your Kubernetes environment and a summary on potential vulnerabilities. The vulnerabilities are split into five categories: Workloads, Network, Operations, Volume and Container Images.
- Workloads group built-in rules which identify settings that may expose your deployment to attack.
- Network groups built-in rules which identify Ingress services (read more for Ingress) in use in your deployment.
- Operations group built-in rules which identify performance and utilization of workloads.
- Volume groups built-in rules which identify access to data within your deployment.
- Container Images groups built-in rules which identify issues and vulnerabilities within your container images.
15. Kubernetes Health Risks
Next, let's switch the Tab from Overview to Risks. For more details on a particular risk, highlight it by clicking on the right hand arrow '>'
Kubernetes Health Risks: The K8s Health page displays identified risks and associated workloads after setting up your Kubernetes clusters. Reduce risks in your K8s environment and create policies to enforce Alert or Block actions in the future if any rule validation fails. The K8s Health page will reflect all changes in your environment once you have taken action to resolve any potential vulnerabilities. Risk is defined by KCCSS which scores risk based on:
- Confidentiality: Exposure of PII (Personally Identifiable Information), potential access to secrets, PII, etc.
- Integrity: Unwanted changes to the container, host or cluster such as being able to change the runtime behavior, launch new processes, new pods, etc.
- Availability: Exhaustion of resources, Denial of Service, etc.