| CPC H04L 63/1433 (2013.01) [H04L 63/1416 (2013.01); H04L 63/20 (2013.01)] | 20 Claims |
|
1. A system, comprising:
a processor that executes the following computer-executable components stored in a non-transitory computer readable medium:
an inspection component that inspects a set of container images respectively associated with pods, identifies a first subset of the pods that contain at least one container image comprising at least one vulnerability, and classifies the first subset of the pods as primary-infected pods;
a namespace component that generates a first list of namespaces in which the primary-infected pods are deployed within a network; and
a network component that:
checks network policies in connection with the first list of namespaces to determine secondary-suspect pods that have ability to communicate with the primary-infected pods,
generates a list of secondary-suspect namespaces in which the secondary-suspect pods are deployed within the network, and
identifies one or more secondary-suspect pods that communicated with one or more primary-infected pods;
wherein the inspection component generates a list of secondary-infected pods based on one or more secondary-suspect pods that communicated with one or more primary-infected pods; and
a risk component that generates a contextual risk score and an absolute risk score associated with the primary-infected pods and the secondary-infected pods, wherein the contextual risk score is based on:
security measures capable of mitigating security risks of container images in the primary-infected pods and the secondary-infected pods based on the at least one vulnerability,
abilities of the container images to change a first subset of the security measures, and
inabilities of the container images to change a second subset of the security measures that are different from the first subset, and
wherein the absolute risk score is based on a risk score determined based on respective vulnerability scores from a knowledge base of the security risks of the container images in the primary-infected pods and the secondary-infected pods, and wherein the risk score is adjusted based on the contextual risk score.
|