In this blogpost we will demonstrate how to build a complete GKE security stack for anomaly detection and to prevent container runtime security threats. We will integrate Falco runtime security engine with Google Cloud Functions and Pub/Sub.
Recently, a member of the Falco community privately disclosed a capacity related vulnerability which, under circumstances where a malicious actor has already gained access to your system, could allow the actor to further bypass Falco’s detection of abnormal activity. The final details are still being worked out, but we believe the CVE will be classified as Medium severity according to the CVSS methodology.
We are happy to announce the release of Falco 0.15.0. This release incorporates a number of improvements, as well as bug fixes, and rules updates. This release also includes a mitigation for CVE-2019-8339, and all users are encouraged to update to this release. You can find more details about the features and improvements in the release notes, but below are a few highlights.
MITRE ATT&CK is a comprehensive knowledge base and complex framework of over 200 techniques that adversaries may use over the course of an attack. While MITRE’s full ATT&CK framework is publicly available, it can be characterized into 3 key elements.
In September 2017, the National Institute of Standards and Technology (NIST) released Special Publication (SP) 800-190, Application Container Security Guide. NIST SP 800-190 explains the security concerns associated with container technologies and recommendations for the image details and container runtime security. It provides prescriptive details for various sections including image, registry, orchestrator, container and host OS countermeasures.
Today we’re announcing version 2.0 of the Sysdig Cloud-Native Visibility + Security platform. It provides a more powerful and significantly simpler way for enterprises to see the health, risk, and performance of their cloud-native environments in a single unified view.
