alcide

Alcide Blog

Cloud-native Security Provider

Kubernetes Threat Vectors: Part 1 - Initial Access

Oct 21, 2020 8:06:13 AM / by Alon Berger posted in cloud security, kubernetes, Kubernetes security, cloud

0 Comments

Kubernetes keeps transforming the way we think about modern application architecture, as it keeps its status as the flagship orchestrator for containerized workloads and services.

Read More

Cloud Native Security for Kubernetes In Practice

Oct 15, 2020 9:54:28 AM / by Alon Berger posted in cloud security, kubernetes, Kubernetes security

0 Comments

The month of October is well recognized as the National Cyber Security Awareness Month.
Here at Alcide, we leverage the hype around Cyber Security and share our take on how to protect your Cyberspace, specifically with Kubernetes.

Read More

Securing Kubernetes Deployments From Runway To Take-off

Sep 24, 2020 8:38:51 AM / by Rachel Cheyfitz posted in kubernetes, Kubernetes security, Advisor, Runtime, sKan, kaudit

0 Comments

Kubernetes use is rising rapidly: 58% more respondents than last year - 78% of this years’ respondents - reported in the 2019 CNCF (Cloud Native Computing Foundation) survey that they use Kubernetes today. With numbers like those, it looks like everyone is headed towards the cloud.

Read More

Insecure by Default - Kubernetes Networking

Sep 17, 2020 12:52:33 PM / by Natan Yellin posted in kubernetes, network security, Kubernetes security

0 Comments

Traditional network security includes protection against layer2 and layer3 spoofing attacks. Many security teams don’t realize it, but these threats are still relevant when running applications on a Kubernetes cluster in the cloud. You might be using a complex container network, but that doesn’t mean that simple spoofing attacks between pods aren’t possible. This matters because it dramatically increases the blast radius of compromised pods.

Read More

Kubernetes Security for AWS Bottlerocket Applications

Sep 8, 2020 6:23:55 AM / by Alon Berger posted in AWS, devsecops, cloud security, kubernetes, devops, network security, Kubernetes security, bottlerocket, linux

0 Comments

Read More

Three Ways to Simplify and Secure your Infrastructure using Kubernetes Namespaces

Jul 24, 2020 5:59:56 AM / by Natan Yellin posted in kubernetes, Micro segmentation, microservices, network security, Kubernetes security, namespaces

1 Comment

Kubernetes namespaces - they’re an essential feature for building modern cloud architectures. Namespaces let you split up a single cluster into multiple “virtual clusters”. Resources like pods, replicasets, and deployments all live in namespaces. You can think of a namespace as being a resource’s last name - it specifies which family the resource is part of - and normal resources can have one and only one namespace (There are exceptions like the Node resource which is cluster-wide and doesn’t belong to any namespace). If you don’t think you’re using namespaces on your cluster then you’re wrong. You’re actually just putting everything into the default namespace.

Read More

New Kubernetes API Server Vulnerability Enables Privileges Escalation (CVE-2020-8559)

Jul 19, 2020 12:56:39 PM / by Nitzan Niv posted in kubernetes, privilege escalation, API Server

0 Comments

 

A security issue was discovered in the kube-apiserver that could enable a privilege escalation from a compromised node.

Read More

New Kubernetes Node Storage-based DoS Vulnerability [CVE-2020-8557]

Jul 16, 2020 10:44:47 AM / by Gadi Naor posted in devsecops, kubernetes, devops, network security, Kubernetes security, Advisor, CVE, vulnerability

0 Comments

 

Vulnerability Description and Impact

Read More

Get Operational Security Insights and Alerts for Kubernetes using Alcide kAudit and Coralogix

Jun 18, 2020 9:59:26 AM / by Guest Writer: Amir Raz, Coralogix posted in devsecops, kubernetes, devops, Kubernetes security, foresnsics, kaudit, coralogix

0 Comments

 

Alcide Logs and Coralogix

Read More

Ingress This!!! API GA In 1.19

Jun 8, 2020 5:46:44 AM / by Gadi Naor posted in kubernetes, ingress, api

0 Comments


Ingress APIs manage external access to the services in a cluster, typically HTTP. This would generally be implemented as an API Gateway style of traffic routers that relay traffic to proxied services through a common entry point. The user would be left to control when and how to publish a service by using a declarative definition of the desired behavior (with YAML/JSON file).

Read More

Subscribe to Email Updates