"In this video, John Martinez shows how this policy helps protect from anomalous behavior by restricting connections to production clusters to occur only during business hours. When the time window is shifted, the connection is denied. 👉 What exactly does this policy do? This policy helps protect from anomalous behavior by restricting connections to production clusters to occur only during business hours. When the time window is shifted, the connection is denied. 👉 Why it matters A common anomalous behavior pattern is connecting to critical resources outside normal hours. This can be due to either external or internal threats, where behavior deviates from normal usage patterns, where users or attackers establish command and control (C2) channels, perform lateral movements, or execute malicious actions."
This policy for bids, access to production, Kubernetes clusters, unless it's during business hours.
Let's attempt to connect to this Kubernetes cluster.
I'm in the cluster.
Let's change the hour to something that I know will deny it and access is forbidden.
