alcide

Alcide Blog

Cloud-native Security Provider

Mitigate Attack Vectors with Alcide Kubernetes Security Platform

May 27, 2020 8:07:50 AM / by Rachel Cheyfitz posted in cloud security, security services, kubernetes, devops, alcide advisor, network security, Kubernetes security, Advisor, Runtime, SaaS

0 Comments

Last month, the Microsoft Azure Security Center published a fully detailed Threat Matrix for Kubernetes. This article identifies attack vectors unique to a Kubernetes environment. This important contribution is derived from the more generalized MITRE ATT&CK® framework that offers a complex matrix of common attack vectors.

Read More

Securing Kubernetes Clusters Using Process Whitelisting

Apr 22, 2020 3:02:42 AM / by Natan Yellin posted in Runtime, process whitelist

0 Comments

Process whitelisting is a simple concept. In the K8s context, the basic idea is to create a list for each pod of all the processes that the pod is expected to run. Every time a process runs in your cluster you check if it is in the list. If an attacker manages to gain access to your cluster and starts running a malicious process then you can identify it immediately because a new non-whitelisted process is running. It doesn’t matter whether that process is a known bitcoin miner, a custom RAT (Remote Access Tool), or even a legitimate process like ssh. If the new process isn’t in the whitelist and isn’t part of the pod’s regular behaviour then it should be flagged immediately. 

Read More

New Kubernetes Vulnerabilities: CVE-2020-8551, CVE-2020-8552

Mar 24, 2020 7:09:17 AM / by Nitzan Niv posted in kubernetes, CVE, Runtime

0 Comments

Two security issues were discovered in Kubernetes and disclosed on March 23, 2020 that could lead to a recoverable denial of service in a Kubernetes cluster.

Read More

Subscribe to Email Updates