When you’re operating Kubernetes clusters, an important area of focus is in ensuring your authorization model is correct and provides users with the least privileges needed for them to carry out their roles. As such, blanket cluster-admin privileges should never be used and in particular the in-built system:masters …
One of the challenges of managing containerized environments is how to store sensitive information that’s needed for the operation of the applications running in those environments. Kubernetes provides a built-in secrets object type, but a common comment about them is that, from a technical standpoint, they’re just …
As with every new Kubernetes release there are a great number of new features, however there are a couple of key changes which could have impacts to security and are worth looking at in more details. In addition to the deprecation of PodSecurityPolicies, we’ll also look at some newly promoted features being put in …
Java Debug Wire Protocol (JDWP) is a great way to remotely debug applications during development. However, if enabled when shipped to production, hackers can exploit this mistake by running an arbitrary code that allows initial access or privilege escalation in your production environment. Using Aqua’s Dynamic Threat …
When the Mirantis team announced the Lens Extensions API back in November 2020, we were excited to experiment with it and build an extension for Starboard, our open source Kubernetes native security toolkit. True to DevSecOps principles, the integration makes security reports accessible within Lens IDE, giving you …
To improve your Kubernetes security, you need to control and limit what pods can be created and deployed in your environment. For this, Kubernetes has provided a beta feature called Pod Security Policy (PSP), which soon will be deprecated and replaced with a standard called Pod Security Standards (PSS). In this blog, …
If you’re looking to improve the security posture of your Kubernetes applications, you can get a lot of bang for your buck with vulnerability scanning. In this blog, I’ll talk about the fundamentals of scanning container images: how to pick a vulnerability scanner, when to use it in the application pipeline, and why …
Looking for a great start to the year? We got you covered! For the fifth time, Aqua will host the KubeSec Enterprise Summit, an industry event entirely dedicated to the security of cloud native applications. While we’re looking forward to connecting with you all in-person again someday, we are also, as was the case …
Overly permissive defaults associated with roles and K8s subjects, such as service accounts, add risks to the attack surface of Kubernetes. And attempting to manually understand these risks and enforce least privilege rights in a Kubernetes environment is time-consuming and prone to human error. With the introduction …
Secure your Digital Transformation on Amazon EKS-Distro with Aqua
The cloud is fundamental for digital transformation, but for many organizations, a hybrid approach is preferred. This ideally allows you to use the very same foundational tools on-prem as your destination in the cloud. Well, now you can do just that with Amazon EKS-Distro (EKS-D), a new Kubernetes distribution that …
The adoption of Kubernetes has more than doubled since 2017 and continues to grow without any signs of slowing down. Over the last few years, the Kubernetes ecosystem has significantly matured, and we’ve seen a lot of consolidation in the market. It now spans a wide range of well-established cloud and on-premises …