As much as we might like to think otherwise, cloud-native applications are web applications. We may build services, but their APIs are often RESTful, and where we may have used various remote procedure call technologies in the past, we’re now transitioning to the QUIC-based gRPC. All that means we’re running most of our applications’ interactions with the outside world over web protocols through the same limited set of ports.
Back in the early days of the internet, we were able to segregate applications by IP ports, using firewalls to block unwanted traffic by preventing access to unwanted ports. Attackers needed to scan the entire range of possible port numbers before finding vulnerabilities, reducing the size of the available attack surface and keeping risk to a minimum. Now, however, they can simply go to the familiar HTTP, HTTPS, and QUIC ports and try to break in using a reduced set of tools.