alcide

Alcide Blog

Cloud-native Security Provider

New Kubernetes Vulnerabilities: CVE-2020-8551, CVE-2020-8552

Mar 24, 2020 7:09:17 AM / by Nitzan Niv posted in kubernetes, CVE, Runtime

0 Comments

Two security issues were discovered in Kubernetes and disclosed on March 23, 2020 that could lead to a recoverable denial of service in a Kubernetes cluster.

Read More

Avoid Exposing Configs in Your SaaS Application

Jan 29, 2020 9:33:27 AM / by Oz Madar posted in kubernetes, devops, alcide advisor, Kubernetes security

0 Comments

 

In this blog I am going to explain why you should avoid exposing every tiny configuration in your SaaS application. I am going to talk about configurations that are related to SaaS deployments. This kind of deployments have the unique property that they are fully deployed and managed by either dev or ops teams.

Read More

Kubernetes 1.18 Introduces Immutable ConfigMaps and Secrets

Jan 22, 2020 10:48:56 AM / by Adi Sapir posted in kubernetes, V1.18, secrets, ConfigMap, kubernetes Advisor

0 Comments

Kubernetes V1.18-alpha.2 is live! The new version introduces an alpha stage field for both Secret and ConfigMap objects to mark their content as immutable.

Read More

Prevent Costly Mistakes that Expose Your Kubernetes Service

Nov 27, 2019 8:03:04 AM / by Adi Sapir posted in kubernetes, devops, alcide advisor, Kubernetes security, "load balancer"

0 Comments

 

 

Publishing a Kubernetes Service

In Kubernetes, a Service is an abstract way to expose an application running on a set of Pods as a network service

With Kubernetes you don’t need to modify your application to use an unfamiliar service discovery mechanism. Kubernetes gives Pods their own IP addresses and a single DNS name for a set of Pods, and can load-balance across them.

This post will describe the different ways used to publish a Kubernetes service, the risks harbored and the methods that can be applied to mitigate those risks.

 

Read More

Kubernetes Orphaned Resources

Nov 13, 2019 8:16:37 AM / by Guy Moyal posted in cloud security, kubernetes, devops, alcide advisor, Kubernetes security, Advisor

2 Comments

 

The Kubernetes container-orchestration system provides a platform for automating deployments
and operations of application containers across clusters of hosts by defining resources as
manageable Objects. Some of these resources can be managed by other resources automatically
while others can be referenced through metadata fields within the object.

Read More

Kubernetes Audit: Making Log Auditing a Viable Practice Again.

Oct 31, 2019 9:26:57 AM / by Nitzan Niv posted in kubernetes, logs, audit, foresnsics

0 Comments

In the security world, one of the most established methods to identify that a system was compromised, abused or mis-configured is to collect logs of all the activity performed by the system’s users and automated services, and to analyze these logs.

Read More

Pod Security Policy

Oct 24, 2019 10:53:44 AM / by Adi Sapir posted in kubernetes, network security, pod, Kubernetes security

0 Comments

What is Pod Security Policy?

The Pod Security Policy, sometimes called PSP in short, is a Kubernetes resource that allows the enforcement of policy rules during the creation phase of a Pod.
When a PodSecurityPolicy resource is created, it does nothing. In order to use it, the requesting user or target pod’s service account must be authorized to use the policy, by allowing the use verb on the policy.

Read More

Kubernetes Network Policies Best Practices

Oct 6, 2019 9:19:53 AM / by Guest Writer: Twain Taylor posted in kubernetes, network security, firewall

0 Comments

While a lot of people are calling network policies the Kubernetes equivalent of a firewall, they probably wouldn’t be called network policies if that were really the case. Although network policies are comparable to security features like firewalls, they mostly pertain to rules, and therefore a more accurate comparison would be with “firewall rules” or security groups in the Cloud that are used to manage permissions.

Read More

IAM Role Pod Delegation Checks on AWS Kubernetes Clusters

Sep 16, 2019 9:27:49 AM / by Guest Writer: Twain Taylor posted in AWS, cloud security, kubernetes, microservices, devops, IAM Role

0 Comments

 
You can never be too safe when it comes to securing your applications. It’s essential that security is a part of the application framework and not just a protective outer layer. Enterprises are swiftly adopting the microservices architecture because of its numerous benefits. However, security still remains a concern. Kubernetes has emerged as the de-facto container orchestration tool. And, on its own, Kubernetes seems to be decent for managing secrets.
 
**Since we published this blog, AWS Fine-Grained IAM Roles for Service Accounts - read about it here. **

Read More

The New Cloud-Native Security Paradigm- Exciting times for me to join Alcide!

Aug 26, 2019 8:41:22 AM / by Amir Ofek posted in cloud security, kubernetes, microservices, devops

0 Comments

 
 
I am a big believer in Jeff Bezos’s Day 1 philosophy. So when the opportunity came for me to drive Day 1 yet again, I could not resist.

Read More

Subscribe to Email Updates