alcide

Alcide Blog

Cloud-native Security Provider

Whitelisting Processes on Kubernetes Pods Using AppArmor (Part 1)

Aug 12, 2020 7:01:37 AM / by Natan Yellin posted in devsecops, cloud security, network security, Kubernetes security

0 Comments

 

Read More

Three Ways to Simplify and Secure your Infrastructure using Kubernetes Namespaces

Jul 24, 2020 5:59:56 AM / by Natan Yellin posted in kubernetes, Micro segmentation, microservices, network security, Kubernetes security, namespaces

0 Comments

Kubernetes namespaces - they’re an essential feature for building modern cloud architectures. Namespaces let you split up a single cluster into multiple “virtual clusters”. Resources like pods, replicasets, and deployments all live in namespaces. You can think of a namespace as being a resource’s last name - it specifies which family the resource is part of - and normal resources can have one and only one namespace (There are exceptions like the Node resource which is cluster-wide and doesn’t belong to any namespace). If you don’t think you’re using namespaces on your cluster then you’re wrong. You’re actually just putting everything into the default namespace.

Read More

New Kubernetes Node Storage-based DoS Vulnerability [CVE-2020-8557]

Jul 16, 2020 10:44:47 AM / by Gadi Naor posted in devsecops, kubernetes, devops, network security, Kubernetes security, Advisor, CVE, vulnerability

0 Comments

 

Vulnerability Description and Impact

Read More

Ensuring In-flight Kubernetes Security

Jul 15, 2020 5:02:35 AM / by Alon Berger posted in network security, Kubernetes security, kaudit

0 Comments

 

Automate Kubernetes Analytics and Forensics with Alcide kAudit

 

Read More

Mitigate Attack Vectors with Alcide Kubernetes Security Platform

May 27, 2020 8:07:50 AM / by Rachel Cheyfitz posted in cloud security, security services, kubernetes, devops, alcide advisor, network security, Kubernetes security, Advisor, Runtime, SaaS

0 Comments

Last month, the Microsoft Azure Security Center published a fully detailed Threat Matrix for Kubernetes. This article identifies attack vectors unique to a Kubernetes environment. This important contribution is derived from the more generalized MITRE ATT&CK® framework that offers a complex matrix of common attack vectors.

Read More

Pod Security Policy

Oct 24, 2019 10:53:44 AM / by Adi Sapir posted in kubernetes, network security, pod, Kubernetes security

0 Comments

What is Pod Security Policy?

The Pod Security Policy, sometimes called PSP in short, is a Kubernetes resource that allows the enforcement of policy rules during the creation phase of a Pod.
When a PodSecurityPolicy resource is created, it does nothing. In order to use it, the requesting user or target pod’s service account must be authorized to use the policy, by allowing the use verb on the policy.

Read More

Kubernetes Network Policies Best Practices

Oct 6, 2019 9:19:53 AM / by Guest Writer: Twain Taylor posted in kubernetes, network security, firewall

0 Comments

While a lot of people are calling network policies the Kubernetes equivalent of a firewall, they probably wouldn’t be called network policies if that were really the case. Although network policies are comparable to security features like firewalls, they mostly pertain to rules, and therefore a more accurate comparison would be with “firewall rules” or security groups in the Cloud that are used to manage permissions.

Read More

Subscribe to Email Updates