Aqua Blog

Kubernetes Security

Key Takeaways From KubeSec: Our 6th Enterprise Summit for K8s Security

Key Takeaways From KubeSec: Our 6th Enterprise Summit for K8s Security

This month, the KubeSec Enterprise vSummit brought together hundreds of DevOps and security practitioners to discuss the state of cloud native security and share best practices. As with previous events, the focus was on enterprise experiences in securing real-world deployments involving containers, Kubernetes, …

Continue reading ›
Tracee Runtime Security Series: Easy Installation on Kubernetes

Tracee Runtime Security Series: Easy Installation on Kubernetes

Despite best efforts to harden Kubernetes environments, prevention will never be enough and attackers are finding ways to evade shift-left and other preventative capabilities. It is critical to be able to detect and respond in real time to attacks within Kubernetes clusters. Tracee, an open source runtime security …

Continue reading ›
Improving Kubernetes Security: Work on Your MUT

Improving Kubernetes Security: Work on Your MUT

Every organization has a limited amount of time to spend on security, and sometimes it seems like there’s a never-ending panoply of things that need attention. In such a world, how do you pick where to start? A concept that I find useful is focusing on improving your “mess-up tolerance”, or MUT. As part of my …

Continue reading ›
NSA Kubernetes Hardening Guide

A Closer Look Into the NSA Kubernetes Hardening Guide

In August, the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) released their Kubernetes Hardening Guidance. As Kubernetes continues to rapidly gain adoption, it’s good to see government organizations, such as the NSA, providing guidance on how to secure this critical …

Continue reading ›
AWS EKS Anywhere

Securing Kubernetes Everywhere with EKS Anywhere

AWS has taken a major step toward reducing the management complexity of Kubernetes and simplifying deployment across on-premises data centers and public cloud with the general availability of EKS Anywhere. Aqua has worked to ensure that customers can take advantage of EKS Anywhere with holistic Kubernetes-native …

Continue reading ›
Kubernetes Hardening Techniques

Top 10 Kubernetes Application Security Hardening Techniques

One of the main challenges developers face is how to manage security risks when deploying applications to Kubernetes clusters. A great way to address this early is by applying security hardening to the application manifests during the development process. In this post, we run down 10 ways that developers can apply …

Continue reading ›
Kubernetes 1.22

Kubernetes Version 1.22: Security Features You Need to Know

Even with Kubernetes’ new, longer release cycle in place, it doesn’t seem long since the last version came along with all its new features, but 1.22 is upon us. As ever, there’s an interesting mix of new features that are starting their maturation process as alpha releases and other features that are graduating to …

Continue reading ›
CIS Benchmark framework

What’s New in the Docker and Kubernetes CIS Benchmarks

One of the challenges with container security and its standards is keeping current with new releases and products. New versions of the Docker and Kubernetes CIS Benchmarks were released recently to capture changes in the new versions of those projects, both to keep things current and to expand coverage to help …

Continue reading ›
06-21 K8s Upgrades & Visibility Blog Image

Improving Your K8s Security: Upgrade Your Clusters and Avoid Exposure

With the move to cloud native development comes potentially increased risk of services that are exposed to the Internet and can easily be discovered by attackers. When combined with the fast pace of change in Kubernetes versions, there’s real risk of being one vulnerability away from a security incident. Recently I …

Continue reading ›
MITRE ATT&CK Framework

Mapping Risks and Threats in Kubernetes to the MITRE ATT&CK Framework

In April, MITRE published the ATT&CK matrix for Containers covering adversarial techniques that target container technologies. At Aqua, we were proud to support this effort by sharing our knowledge and helping refine and extend the matrix. As for the risks in Kubernetes, Microsoft created a framework for …

Continue reading ›
Kubernetes Authorization

Improving Your Kubernetes Authorization: Don’t Use system:masters

When you’re operating Kubernetes clusters, an important area of focus is in ensuring your authorization model is correct and provides users with the least privileges needed for them to carry out their roles. As such, blanket cluster-admin privileges should never be used and in particular the in-built system:masters

Continue reading ›

Subscribe to Email Updates

Popular Posts

Filter by Topic

Show more...