In late 2016 we enlisted the help of security analysts and thought leaders Securosis to perform an in-depth best practices analysis of what companies should do to build a security program around containers. In the 14 months that passed, many things have evolved in the container (and now, cloud-native) ecosystem. So …
Many organizations use Pivotal Cloud FoundryⓇ (PCF), one of the world’s most powerful cloud native platforms. PCF enables developers and operators to iterate rapidly, and help expand and launch new businesses fast, as well as deliver extraordinary user experiences to their customers.
Since the second half of 2017, Kubernetes has been gaining momentum in adoption as well as in its ecosystem support. We see more and more enterprises choosing Kubernetes for the orchestration of their cloud native deployments. This is in no small part thanks to the many enterprise-grade features added in versions 1.8 …
A few months ago I was lucky enough to get my hands on Fargate when it was in preview in the run-up to AWS re:invent. It was immediately clear that it’s a pretty cool concept, and that it presents a new challenge for security solutions like Aqua, because of the lack of a “host” entity on which you can deploy your …
Today’s #1 Attack: Zero-day exploits of new and previously unknown vulnerability in apps and OSs
Container Security Top Challenges: Lack of adequate and disparate security tools, vulnerabilities in images, and the need for granular access-control between containers
Continuous integration and continuous delivery (CI/CD) are two of the biggest trends in software development. As companies move to release higher quality software at a faster pace, developers and engineers need new approaches to building, testing, and delivering products. As a result, many companies are turning to …
This isn't a story about a Docker vulnerability; it's a story about how hackers are looking for unsecured Docker deployments where they can mine cryptocurrency. You shouldn't leave your Docker daemon unsecured any more than you would leave your mail server unsecured.
We’ve heard many accounts of attempted (sometimes …
The General Data Protection Regulation (GDPR), set to replace the European Data Protection Directive 95/46/EC, comes into effect in May 2018. GDPR is intended to protect the privacy of EU citizens, and give regulatory bodies the power to act against non-compliant organizations. It affects member states in the EU, but …
Co-written by Nahman Khayet and Michael Cherny
eBPF Verifier Bypass Vulnerability
Around the last week of December a tweet by Bruce Leidl caught our eyes, since it said “Straight up unlimited R/W to all kernel memory”...
When it comes to securing containerized applications, the first item on everyone’s agenda is to ensure that only trusted images are running in your environment, based on security and compliance policies. And for good reason too. This is by far the most effective preventive measure you can take to protect your …
Storage has been a hot topic for as long as containers have been around. According to a survey by Portworx, 26% of IT pros cite persistent storage as the most difficult challenge in adopting containers, and 44% blame inadequate tools as the main reason. Although containers are stateless by design, the need to store …