alcide

Alcide Blog

Cloud-native Security Provider

Whitelisting Processes on Kubernetes Pods Using AppArmor (Part 1)

Aug 12, 2020 7:01:37 AM / by Natan Yellin posted in devsecops, cloud security, network security, Kubernetes security

0 Comments

 

Read More

Three Ways to Simplify and Secure your Infrastructure using Kubernetes Namespaces

Jul 24, 2020 5:59:56 AM / by Natan Yellin posted in kubernetes, Micro segmentation, microservices, network security, Kubernetes security, namespaces

0 Comments

Kubernetes namespaces - they’re an essential feature for building modern cloud architectures. Namespaces let you split up a single cluster into multiple “virtual clusters”. Resources like pods, replicasets, and deployments all live in namespaces. You can think of a namespace as being a resource’s last name - it specifies which family the resource is part of - and normal resources can have one and only one namespace (There are exceptions like the Node resource which is cluster-wide and doesn’t belong to any namespace). If you don’t think you’re using namespaces on your cluster then you’re wrong. You’re actually just putting everything into the default namespace.

Read More

New Kubernetes API Server Vulnerability Enables Privileges Escalation (CVE-2020-8559)

Jul 19, 2020 12:56:39 PM / by Nitzan Niv posted in kubernetes, privilege escalation, API Server

0 Comments

 

A security issue was discovered in the kube-apiserver that could enable a privilege escalation from a compromised node.

Read More

New Kubernetes Node Storage-based DoS Vulnerability [CVE-2020-8557]

Jul 16, 2020 10:44:47 AM / by Gadi Naor posted in devsecops, kubernetes, devops, network security, Kubernetes security, Advisor, CVE, vulnerability

0 Comments

 

Vulnerability Description and Impact

Read More

Ensuring In-flight Kubernetes Security

Jul 15, 2020 5:02:35 AM / by Alon Berger posted in network security, Kubernetes security, kaudit

0 Comments

 

Automate Kubernetes Analytics and Forensics with Alcide kAudit

 

Read More

New Kubernetes Node Vulnerability (CVE-2020-8558) bypasses localhost boundary

Jul 9, 2020 2:00:16 PM / by Gadi Naor

0 Comments

Read More

Kubernetes, OPA Gatekeeper, Alcide and Your Cluster Security

Jun 26, 2020 11:59:55 AM / by Gadi Naor posted in Admission Controller, OPA

0 Comments

Policies are a critical foundation to successfully build and operate Kubernetes based applications. Rather than making assumptions on how workloads and applications components should work, we can define policies that will govern and enforce the way those workloads and applications components must work.

Read More

Get Operational Security Insights and Alerts for Kubernetes using Alcide kAudit and Coralogix

Jun 18, 2020 9:59:26 AM / by Guest Writer: Amir Raz, Coralogix posted in devsecops, kubernetes, devops, Kubernetes security, foresnsics, kaudit, coralogix

0 Comments

 

Alcide Logs and Coralogix

Read More

Ingress This!!! API GA In 1.19

Jun 8, 2020 5:46:44 AM / by Gadi Naor posted in kubernetes, ingress, api

0 Comments


Ingress APIs manage external access to the services in a cluster, typically HTTP. This would generally be implemented as an API Gateway style of traffic routers that relay traffic to proxied services through a common entry point. The user would be left to control when and how to publish a service by using a declarative definition of the desired behavior (with YAML/JSON file).

Read More

New Kubernetes Man-In-The-Middle (MiTM) Attack Leverages IPv6 Router Advertisements

Jun 3, 2020 10:30:43 AM / by Natan Yellin posted in vulnerability, ipv6

0 Comments

 

The recent MiTM attack disclosed was a very unusual one in the Container Security world. All at the same time, Kubernetes, Docker, and Calico announced security bulletins related to IPv6 Rogue Router Advertisements. There are several security bulletins here because this isn’t a single vulnerability in one product - rather, multiple independent CNIs are all vulnerable. IPv6 Router Advertisements are a fairly obscure topic, yet this vulnerability is definitely worth understanding.

Read More

Subscribe to Email Updates