alcide

Alcide Blog

Cloud-native Security Provider

GitOps Progressive Security for ArgoCD with Alcide Kubernetes Advisor

May 21, 2020 6:29:28 AM / by Gadi Naor posted in kubernetes Advisor, GitOps, ArgoCD

0 Comments


GitOps is a paradigm that puts Git at the heart of building and operating cloud- native applications by using Git as the single source of truth. GitOps empowers developers to perform what used to fall under IT operations. GitOps, as a development pattern, gained a fair share of popularity in recent times as it emphasizes declaratively expressing infrastructure and application configuration within Git repositories GitOps.

Read More

K8s Breakfast Club // 5 things we learned about Matt Klein (@envoy @Lyft)

May 17, 2020 9:06:27 AM / by Karine Regev posted in Envoy, Matt Klein, CNCF, service mesh

0 Comments

Spoiler: we learned about the importance of open source, creating a fantastic community, tech-first vs software that’s not vendor-driven, and more.

Welcome to the Kubernetes Breakfast Club, our new vlog series featuring conversations with some of the most inspiring peers and friends from the cloud-native ecosystem. We ask our guests very important questions like what their favorite morning dish is or what keeps them busy outside their work these days. But we also ask their opinion on open source projects, application development practices, and everything in between.

Read More

Slack on the Wrist

May 11, 2020 9:29:28 AM / by Gadi Naor posted in Slack, kubernetes Advisor, sKan

0 Comments

 

 

Recent security risks associated with Zoom have become one of the big stories during the coronavirus pandemic. But it turns out not only does Zoom have some code to fix up.

Read More

Kubernetes-as-a-Service: EKS vs. AKS vs. GKE

May 4, 2020 7:39:14 AM / by Alon Berger posted in EKS, AWS, hybrid cloud, devsecops, cloud security, security services, containers, devops, Kubernetes security, aks, GKE

8 Comments

 

Read More

Securing Kubernetes Clusters Using Process Whitelisting

Apr 22, 2020 3:02:42 AM / by Natan Yellin posted in Runtime, process whitelist

0 Comments

Process whitelisting is a simple concept. In the K8s context, the basic idea is to create a list for each pod of all the processes that the pod is expected to run. Every time a process runs in your cluster you check if it is in the list. If an attacker manages to gain access to your cluster and starts running a malicious process then you can identify it immediately because a new non-whitelisted process is running. It doesn’t matter whether that process is a known bitcoin miner, a custom RAT (Remote Access Tool), or even a legitimate process like ssh. If the new process isn’t in the whitelist and isn’t part of the pod’s regular behaviour then it should be flagged immediately. 

Read More

Introducing sKan: Security Hardening and Best Practices for K8s Configuration Files

Apr 20, 2020 7:08:36 AM / by Alon Berger posted in Kubernetes security, Advisor, sKan

2 Comments

Last week we released sKan: a new CI scanner for DevOps and developers that scans K8s deployment files for security drifts.

Read More

Enhancing Kubernetes Security Guardrails with Admission Controllers

Apr 5, 2020 8:52:28 AM / by Yaniv Peleg Tsabari posted in Admission Controller

0 Comments

What Is an Admission Controller?

Kubernetes admission controllers are a powerful native feature, that help define and customize the API resource configurations that can be admitted to a cluster. Described simply, an admission controller is a piece of code that acts on requests made to the Kubernetes API server. They’re invoked prior to the persistence of the object(s) defined by API requests, but after the requests have been authenticated and authorized by the API server.

Read More

Scan for HIPAA vulnerabilities in your environment. For free.

Apr 2, 2020 9:00:00 AM / by Karine Regev posted in Kubernetes security, Advisor, HIPAA, SaaS

0 Comments

 

When it comes to personal data, an individual's health records are right up there as being amongst the most sensitive of data. Protecting it from being accidentally or purposely leaked or misused, is of the highest importance; both from an individual's perspective, but also from a governmental perspective.

Read More

New Kubernetes Vulnerabilities: CVE-2020-8551, CVE-2020-8552

Mar 24, 2020 7:09:17 AM / by Nitzan Niv posted in kubernetes, CVE, Runtime

0 Comments

Two security issues were discovered in Kubernetes and disclosed on March 23, 2020 that could lead to a recoverable denial of service in a Kubernetes cluster.

Read More

Container Networking - Explained

Mar 17, 2020 10:16:41 AM / by Arik Dlugatch posted in container networking

0 Comments

 

Container networking is one of the most critical concerns in production environments where scale, security and availability are required to be as automated and as seamless as possible. In this blog post I want to focus on the role that container networking plays in enterprises today.

Read More

Subscribe to Email Updates