Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

From a people perspective and an organizational standpoint, many CISOs have said that their security teams are not ready for containers and Kubernetes. This isn’t surprising, given the stark contrast between where we were less than a decade ago and where we are today in terms of systems architecture. I am of course referring to the cloud-native era, which has ushered in a whole new architectural approach.

Kubernetes leverages various deployment objects to simplify the provisioning of resources and configuration of workloads running in containers. These objects include ReplicaSets, lSets, Sets, and Deployments. A pod is the smallest deployment unit in Kubernetes that usually represents one instance of the containerized application.

Container-based web applications built on microservices architecture, whether public-facing or internal, are critical to businesses. This new class of applications is commonly referred to as cloud-native applications. Read on to find out why traditional WAFs are no longer enough to protect cloud-native applications and how Calico’s new workload-centric WAF solves this problem.

When running containers in a Kubernetes cluster, trusting the images you deploy is key to enforce security. The use of mutable images represents a risk to the secure Kubernetes deployment and highlights the importance of having a reliable mechanism to ensure you run what you expect. In this blog, you will learn step-by-step how to implement a secure Kubernetes deployment.

Kubescape is a Kubernetes open-source platform providing a multi-cloud K8s single pane of glass, including risk analysis, security compliance, RBAC visualizer, and image vulnerabilities scanning.

You might think that your metrics are harmless from a security point of view. Well, that’s not true, and in this talk at KubeCon Valencia 2022, we share the risk of exposed Prometheus server and how attackers use this information to successfully access a Kubernetes cluster. The slides are available here, and we also collected some mentions in social media and blogs and the feedback was very positive: It was our first time as speakers at KubeCon and expectations were really high.

Why settle for less! The challenge of manually dealing with self-hosting a product like Velero or Kasten on dozens of clusters and multiple clouds, and then trying to migrate data across different accounts and even different clouds is very different from dealing with a single cluster and a single cloud environment. CloudCasa provides a guided workflow for cross-account and cross-cluster Kubernetes restores in Amazon EKS from an intuitive GUI.

Amazon EKS Anywhere (EKS-A) on Bare Metal is a new deployment option for Amazon Elastic Kubernetes Service that launched this week. Why bare metal? In the age of the cloud it would seem to go against “best practices.” On the contrary. While we tend to overuse the term, “hybrid cloud,” it is a real thing. Enterprises come in all shapes and sizes — and so do their compute choices and privacy requirements.

In a Kubernetes cluster, Control Plane controls Nodes, Nodes control Pods, Pods control containers, and containers control applications. But what controls the Control Plane? Kubernetes exposes APIs that let you configure the entire Kubernetes cluster management lifecycle. Thus, securing access to the Kubernetes API is one of the most security-sensitive aspects to consider when considering Kubernetes security.

At Sysdig, we are constantly looking for ways to improve the security posture of the organizations that we work with. One of the areas we continuously improve upon is our platform’s threat intelligence and detection capabilities that leverage the open-source Falco project. We incorporate threat intelligence sourced from our own strategically placed honeypots, data collection systems, and multiple other open-source feeds.