Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

DevOps

mend

How to Manage Risk Effectively in Cloud-Native Environments

We’ve all got our heads in the cloud, or if not yet, we’re well on our way there. In other words, the process of digital transformation is happening at such a pace that almost all organizations will soon be working in the cloud and using cloud-native technology. Analyst Gartner has predicted that by 2025, over 95% of new digital workloads will be deployed on cloud-native platforms. This represents a 30% growth from 2021.

rezilion

Where is Your Risk? Software License Compliance and Other Non-Vulnerability Risk

In this final post of a series on software-related risks, we take a look software license compliance and other non-vulnerability risk. Not all software risk has to do with vulnerabilities and the security threats that can come from them. Organizations need to be aware of their licensing requirements and status on various software dependencies, including open source software, because they could be out of compliance if the software license has expired.

Moving on From Pod Security Policy with OPA and Styra DAS

In this video, Styra Solutions Architect Ádám Sándor shares how teams can use OPA and Styra DAS to manage the deprecation of Kubernetes PodSecurityPolicy (PSP) in Kubernetes v1.25. Not only can OPA can work in tandem with the new Pod Security Admission, but dedicated PSP Policy Packs with Styra DAS can help automate many of these necessary changes.

HashiCorp +Styra: Validate Terraform Infrastructure using Styra DAS and Terraform Cloud

Security teams must constantly scan infrastructure for policy violations. HashiCorp’s Terraform Cloud, and Styra DAS, an OPA-based authorization management platform, work together to keep infrastructure compliant by mandating verification of Terraform configurations at provisioning.
styra

What is Service Mesh in Microservices?

The microservice architecture involves breaking the application into small interconnected services, each performing a specific task. This breakdown enables developers to work on individual services without affecting the rest of the application, leading to more agility and easier scaling. These services communicate through APIs and, as the number of services within an application increases, developers may introduce a microservice service mesh to control all the service-to-service communication.

rezilion

Best Practices for Securing the Software Supply Chain

There are several best practices for securing the software supply chain. Failing to do so is like leaving open the vault in your home containing your most valuable possessions and sensitive documents. There are an average of 203 open source dependencies per repository in today’s software supply chains. A staggering 99% of codebases contain open source code and between 85 to 97% of enterprise codebases are generated from open source, according to GitHub.

mend

Building a Modern Application Security Strategy. Part One: Threats, Opportunities, and Challenges

First of a two-part series The online world is now packed with applications, so it’s unsurprising that they’re a top target for threat actors. However, traditional application security (AppSec) strategies often prove ineffective. To defend themselves against the rapidly evolving threat landscape, organizations need to build a modern AppSec strategy that addresses these fast-changing conditions.

styra

Beyond OPA Gatekeeper: Enterprise-scale Admission Control for Kubernetes

OPA Gatekeeper is the most popular solution for enforcing admission control policies on Kubernetes clusters. It was designed for policy management on a single cluster. Styra DAS (built by the creators of OPA) aims to provide the next step for enterprise companies with centralized policy management over tens or hundreds of clusters and policy use cases beyond Kubernetes. In this post, we explain how Styra DAS differs from OPA Gatekeeper and how our enterprise focus led to different design decisions.