To improve your Kubernetes security, you need to control and limit what pods can be created and deployed in your environment. For this, Kubernetes has provided a beta feature called Pod Security Policy (PSP), which soon will be deprecated and replaced with a standard called Pod Security Standards (PSS). In this …
If you’re looking to improve the security posture of your Kubernetes applications, you can get a lot of bang for your buck with vulnerability scanning. In this blog, I’ll talk about the fundamentals of scanning container images: how to pick a vulnerability scanner, when to use it in the application pipeline, and …
Looking for a great start to the year? We got you covered! For the fifth time, Aqua will host the KubeSec Enterprise Summit, an industry event entirely dedicated to the security of cloud native applications. While we’re looking forward to connecting with you all in-person again someday, we are also, as was the case …
This blog was co-authored with Maor Goldberg, Founder & CEO at Apolicy
Overly permissive defaults associated with roles and K8s subjects, such as service accounts, add risks to the attack surface of Kubernetes. And attempting to manually understand these risks and enforce least privilege rights in a Kubernetes …
The cloud is fundamental for digital transformation, but for many organizations, a hybrid approach is preferred. This ideally allows you to use the very same foundational tools on-prem as your destination in the cloud. Well, now you can do just that with Amazon EKS-Distro (EKS-D), a new Kubernetes distribution that …
The adoption of Kubernetes has more than doubled since 2017 and continues to grow without any signs of slowing down. Over the last few years, the Kubernetes ecosystem has significantly matured, and we’ve seen a lot of consolidation in the market. It now spans a wide range of well-established cloud and on-premises …
Aqua’s Team Nautilus has uncovered a container image that, for the first time, allows bad actors to find and exploit vulnerabilities in Kubernetes clusters. The attackers propagate this malware through a Docker Hub lookalike account intended to dupe developers into downloading malicious images. To the best of our …
This was first published by Carol Valencia on Medium
In August, the KubeCon EU 2020 took place, It was a new experience considered that the event was remote for the first time. The quality and content of the speakers were great, a nice virtual conference to share knowledge and interact with others. There were lots …
Although Kubernetes has certainly matured into a well-adopted container orchestrator platform, it remains complex to manage and secure. Coupling this with a growing attack surface and bad actors trying to exploit it, organizations must implement a comprehensive approach to securing their K8s applications. Aqua aims …
The use of object labels has grown into an industry best practice, as labels allow you to apply metadata to objects like images, deployments, containers, volumes, networks, and more. They can be short and technical, but they can also be more descriptive. However, even with the use of automation for creating labels, …
Back in June 2020, we released Starboard – an open source toolkit that integrates security tools into a Kubernetes environment. We’re now happy to announce a new Starboard Operator that automates the generation of security reports in your K8s cluster. Using Starboard Operator, you can rely on the tools you’re …