What Kubernetes environments does Mitigant KSPM support?

‍

Mitigant KSPM works with all Kubernetes distributions:

Managed Kubernetes:

• Amazon EKS (Elastic Kubernetes Service)
• Azure AKS (Azure Kubernetes Service)
• Google GKE (Google Kubernetes Engine)

Self-Hosted Kubernetes:

• Vanilla Kubernetes clusters
• OpenShift
• Rancher
• K3s
• MicroK8s

Hybrid Environments:

• Mix of managed and self-hosted
• Multi-cluster deployments
• Edge Kubernetes installations

Architecture Support:

• Single clusters
• Multi-cluster federation
• Multiple clusters across clouds

‍

How does Mitigant KSPM detect misconfigurations in Kubernetes?

Mitigant KSPM uses a lightweight agent installed as an operator for Kubernetes cluster monitoring:

What it monitors:

• Pod security configurations (privileged containers, host namespaces, etc.)
• RBAC policies and service account permissions
• Network policies and ingress/egress rules
• Secrets management and storage
• Resource limits and quotas
• Image configurations and vulnerabilities (with EPSS and KEV intelligence for prioritization)
• API server settings
• etcd security
• Node configurations
• Registry security assessments

How it works:

• Lightweight operator deployed in the cluster
• Continuous assessment of cluster state
• Compares configurations against security best practices
• Maps findings to Kubernetes-specific benchmarks
• Integrates vulnerability intelligence (EPSS and KEV) for risk-based prioritization

Minimal performance impact:

• Lightweight agent with small resource footprint
• No impact on application workloads
• Works with existing cluster permissions

‍

Can Mitigant KSPM prioritize vulnerabilities by exploitability?

Yes. Mitigant KSPM includes advanced vulnerability prioritization:

‍

How prioritization works:

• Scans container images for known CVEs
• Integrates vulnerability intelligence using EPSS (Exploit Prediction Scoring System) and KEV (Known Exploited Vulnerabilities)
• Assesses runtime context (is the container actually running?)
• Evaluates network exposure (is it internet-facing?)
• Considers privileges (does it run as root?)
• Checks for active exploits in the wild

‍

Prioritization factors:

• Severity: CVSS score
• Exploitability: EPSS score and KEV catalog inclusion
• Exposure: Is the workload accessible?
• Context: What privileges does the container have?
• Validation: Can CAE prove it's exploitable?

‍

Integration with CAE:

• KSPM finds container vulnerabilities
• CAE validates whether they're exploitable in your specific environment
• Reduces noise by focusing on validated risks

This approach dramatically reduces the vulnerability backlog by focusing on what actually matters.

‍

How does Mitigant KSPM handle multi-cluster environments?

Mitigant KSPM provides centralized visibility across all clusters:

‍

Multi-Cluster Features:

• Single dashboard showing all clusters
• Unified policy enforcement
• Consistent compliance monitoring
• Cross-cluster comparison and benchmarking
• Aggregated reporting

‍

Cluster Organization:

• Group clusters by environment (dev/staging/prod)
• Tag clusters by team or business unit
• Filter by cloud provider or region
• Create custom cluster hierarchies

‍

Use Cases:

• Monitor security posture across 10s or 100s of clusters
• Ensure consistent security policies
• Identify configuration drift between clusters
• Centralized compliance reporting
• Track security metrics across the entire K8s estate

‍