alcide

Alcide Blog

Cloud-native Security Provider

Three Ways to Simplify and Secure your Infrastructure using Kubernetes Namespaces

Jul 24, 2020 5:59:56 AM / by Natan Yellin posted in kubernetes, Micro segmentation, microservices, network security, Kubernetes security, namespaces

0 Comments

Kubernetes namespaces - they’re an essential feature for building modern cloud architectures. Namespaces let you split up a single cluster into multiple “virtual clusters”. Resources like pods, replicasets, and deployments all live in namespaces. You can think of a namespace as being a resource’s last name - it specifies which family the resource is part of - and normal resources can have one and only one namespace (There are exceptions like the Node resource which is cluster-wide and doesn’t belong to any namespace). If you don’t think you’re using namespaces on your cluster then you’re wrong. You’re actually just putting everything into the default namespace.

Read More

New Kubernetes API Server Vulnerability Enables Privileges Escalation (CVE-2020-8559)

Jul 19, 2020 12:56:39 PM / by Nitzan Niv posted in kubernetes, privilege escalation, API Server

0 Comments

 

A security issue was discovered in the kube-apiserver that could enable a privilege escalation from a compromised node.

Read More

New Kubernetes Node Storage-based DoS Vulnerability [CVE-2020-8557]

Jul 16, 2020 10:44:47 AM / by Gadi Naor posted in devsecops, kubernetes, devops, network security, Kubernetes security, Advisor, CVE, vulnerability

0 Comments

 

Vulnerability Description and Impact

Read More

Get Operational Security Insights and Alerts for Kubernetes using Alcide kAudit and Coralogix

Jun 18, 2020 9:59:26 AM / by Guest Writer: Amir Raz, Coralogix posted in devsecops, kubernetes, devops, Kubernetes security, foresnsics, kaudit, coralogix

0 Comments

 

Alcide Logs and Coralogix

Read More

Ingress This!!! API GA In 1.19

Jun 8, 2020 5:46:44 AM / by Gadi Naor posted in kubernetes, ingress, api

0 Comments


Ingress APIs manage external access to the services in a cluster, typically HTTP. This would generally be implemented as an API Gateway style of traffic routers that relay traffic to proxied services through a common entry point. The user would be left to control when and how to publish a service by using a declarative definition of the desired behavior (with YAML/JSON file).

Read More

Mitigate Attack Vectors with Alcide Kubernetes Security Platform

May 27, 2020 8:07:50 AM / by Rachel Cheyfitz posted in cloud security, security services, kubernetes, devops, alcide advisor, network security, Kubernetes security, Advisor, Runtime, SaaS

0 Comments

Last month, the Microsoft Azure Security Center published a fully detailed Threat Matrix for Kubernetes. This article identifies attack vectors unique to a Kubernetes environment. This important contribution is derived from the more generalized MITRE ATT&CK® framework that offers a complex matrix of common attack vectors.

Read More

New Kubernetes Vulnerabilities: CVE-2020-8551, CVE-2020-8552

Mar 24, 2020 7:09:17 AM / by Nitzan Niv posted in kubernetes, CVE, Runtime

0 Comments

Two security issues were discovered in Kubernetes and disclosed on March 23, 2020 that could lead to a recoverable denial of service in a Kubernetes cluster.

Read More

Avoid Exposing Configs in Your SaaS Application

Jan 29, 2020 9:33:27 AM / by Oz Madar posted in kubernetes, devops, alcide advisor, Kubernetes security

0 Comments

 

In this blog I am going to explain why you should avoid exposing every tiny configuration in your SaaS application. I am going to talk about configurations that are related to SaaS deployments. This kind of deployments have the unique property that they are fully deployed and managed by either dev or ops teams.

Read More

Kubernetes 1.18 Introduces Immutable ConfigMaps and Secrets

Jan 22, 2020 10:48:56 AM / by Adi Sapir posted in kubernetes, V1.18, secrets, ConfigMap, kubernetes Advisor

0 Comments

Kubernetes V1.18-alpha.2 is live! The new version introduces an alpha stage field for both Secret and ConfigMap objects to mark their content as immutable.

Read More

Prevent Costly Mistakes that Expose Your Kubernetes Service

Nov 27, 2019 8:03:04 AM / by Adi Sapir posted in kubernetes, devops, alcide advisor, Kubernetes security, "load balancer"

0 Comments

 

 

Publishing a Kubernetes Service

In Kubernetes, a Service is an abstract way to expose an application running on a set of Pods as a network service

With Kubernetes you don’t need to modify your application to use an unfamiliar service discovery mechanism. Kubernetes gives Pods their own IP addresses and a single DNS name for a set of Pods, and can load-balance across them.

This post will describe the different ways used to publish a Kubernetes service, the risks harbored and the methods that can be applied to mitigate those risks.

 

Read More

Subscribe to Email Updates