This month, the KubeSec Enterprise vSummit brought together hundreds of DevOps and security practitioners to discuss the state of cloud native security and share best practices. As with previous events, the focus was on enterprise experiences in securing real-world deployments involving containers, Kubernetes, …
Despite best efforts to harden Kubernetes environments, prevention will never be enough and attackers are finding ways to evade shift-left and other preventative capabilities. It is critical to be able to detect and respond in real time to attacks within Kubernetes clusters. Tracee, an open source runtime security …
Every organization has a limited amount of time to spend on security, and sometimes it seems like there’s a never-ending panoply of things that need attention. In such a world, how do you pick where to start? A concept that I find useful is focusing on improving your “mess-up tolerance”, or MUT. As part of my …
In August, the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) released their Kubernetes Hardening Guidance. As Kubernetes continues to rapidly gain adoption, it’s good to see government organizations, such as the NSA, providing guidance on how to secure this critical …
AWS has taken a major step toward reducing the management complexity of Kubernetes and simplifying deployment across on-premises data centers and public cloud with the general availability of EKS Anywhere. Aqua has worked to ensure that customers can take advantage of EKS Anywhere with holistic Kubernetes-native …
One of the main challenges developers face is how to manage security risks when deploying applications to Kubernetes clusters. A great way to address this early is by applying security hardening to the application manifests during the development process. In this post, we run down 10 ways that developers can apply …
Even with Kubernetes’ new, longer release cycle in place, it doesn’t seem long since the last version came along with all its new features, but 1.22 is upon us. As ever, there’s an interesting mix of new features that are starting their maturation process as alpha releases and other features that are graduating to …
One of the challenges with container security and its standards is keeping current with new releases and products. New versions of the Docker and Kubernetes CIS Benchmarks were released recently to capture changes in the new versions of those projects, both to keep things current and to expand coverage to help …
With the move to cloud native development comes potentially increased risk of services that are exposed to the Internet and can easily be discovered by attackers. When combined with the fast pace of change in Kubernetes versions, there’s real risk of being one vulnerability away from a security incident. Recently I …
In April, MITRE published the ATT&CK matrix for Containers covering adversarial techniques that target container technologies. At Aqua, we were proud to support this effort by sharing our knowledge and helping refine and extend the matrix. As for the risks in Kubernetes, Microsoft created a framework for …
When you’re operating Kubernetes clusters, an important area of focus is in ensuring your authorization model is correct and provides users with the least privileges needed for them to carry out their roles. As such, blanket cluster-admin privileges should never be used and in particular the in-built system:masters …