Identifying and remediating Common Vulnerabilities and Exposures (CVEs) as soon as possible is important for businesses, particularly when a new vulnerability is disclosed. In organizations using microservices, containers, and Kubernetes, such vulnerabilities can be particularly difficult to identify, because there are multiple images and it can be difficult to keep up with which versions of open source components exist in all those different images. In addition to the complexity, many companies have just a single site reliability engineer (SRE) managing their complex infrastructure. Often, the security team is small and has both limited resources and little expertise in Kubernetes. Staying up to date on every vulnerability and determining whether it poses a threat is a significant challenge for many teams. Recently, one of Fairwinds’ Managed Kubernetes clients discovered just how helpful it is to have someone else keeping an eye on CVEs.
Fairwinds has many active channels, using different methods to monitor vulnerabilities of all severity levels and communicate about potential emerging problems. In January 2022, CVE-2022-0185 was announced. This CVE was a heap overflow vulnerability in the Linux Kernel with a base CVSS score of 8.4, a high severity vulnerability. A malicious attacker could use the flaw to escalate their privileges on the system. Noting that the client was vulnerable to CVE-2022-0185, the dedicated Fairwinds expert reached out to let the client know about the vulnerability and that they would be updating impacted clusters to remediate the risk.
Swiftly identifying and mitigating such vulnerabilities is crucial for maintaining business continuity and safeguarding sensitive data. For this company, addressing these issues rapidly is not just about maintaining operations; it's about ensuring the trust of their customers and the integrity of their services. Days after remediation was complete, the client’s parent company advised the client about the existence of the CVE. This rapid identification of the problem and remediation, with no required downtime, made the client’s SRE look great — not only was he already aware of the CVE, it no longer posed a threat to the company. Despite limited in-house resources, Fairwinds’ Managed Kubernetes ensured that he was not only well informed, but ahead of the curve on remediation as well.
At the core of Fairwinds’ approach to managing Kubernetes is the belief that technology must be accompanied by human expertise. Adam Zahorscak, the dedicated Fairwinds SRE for this Managed Kubernetes client, embodies this philosophy. His proactive approach to identifying potential issues, from pulling up Fairwinds Insights reports to pushing for preemptive action where he sees an opportunity for improvement, has fostered a strong relationship between the Fairwinds team and this company. The client appreciates that Fairwinds doesn't just wait to react to emergencies but actively seeks ways to prevent problems (like a malicious actor escalating privileges and causing serious issues), but also ensuring that their infrastructure is highly available and performant.
Another way Adam has continued to build a relationship that transcends the typical client-service provider dynamic was by providing the client with a straightforward migration path from classic Elastic Load Balancing (ELB) to the more modern application load balancer (ALB). The client had intended to do this, but he had not been able to prioritize it and get the project over the finish line. With Adam’s help, the job was done and everything was running smoothly. The company doesn't have an infrastructure team, and having Fairwinds is part of what enables the company to be successful with a single SRE, but it also means that he has a lot on his plate and is the only one executing on a lot of initiatives. Fairwinds helps him move forward on those goals.
For this company, partnering with Fairwinds has meant more than having a reliable managed Kubernetes service. It has given them a strategic ally, one with deep knowledge of Kubernetes and an understanding of the unique needs of their operation. Hiring individual Kubernetes experts for all their needs, experts who were also willing to carry (and answer!) a pager 24/7 is incredibly difficult. With Fairwinds, however, the company has an extended team, filled with people who are not only patient and persistent but also share the problem-solving mentality that enables them to thrive in their unique business environment.
Fairwinds continues to adapt its services and software to the evolving needs of this client and others like them. Fairwinds’ Managed Kubernetes includes Fairwinds Insights as part of the service renewal. This powerful solution enables both the Fairwinds team and managed services clients to monitor, understand, and optimize their Kubernetes environment. Fairwinds also offers free training and hands-on guidance to help Managed Kubernetes clients make the most of this Insights access.
The proactive CVE mitigation for this client is just one example of how people-led managed Kubernetes services can provide significant value. The Fairwinds team are humans and care about Managed Kubernetes clients and their success. Through vigilance, swift action, and a partnership approach, Fairwinds not only resolves immediate security threats but also contributes to the strategic growth and operational excellence of its clients. This is managed Kubernetes at its best: a harmonious blend of technology and personalized service where the client’s needs and peace of mind take center stage.