Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Unraveling the State of Kubernetes Security in 2024

We explored the Red Hat State of Kubernetes security report 2024, one of our favorite yearly reports. It’s jam-packed with incredibly fascinating information about one of our favorite subjects—Kubernetes security. Imagine that! In this post we’ll review some of the more interesting data points and contrast them with results from prior years. We’ll also discuss our own perspectives and observations on how this affects you as a Kubernetes user.

eBPF use cases

What is eBPF and how can it be used within the Kubernetes environment? In the dynamic world of container orchestration, where speed and adaptability are a must, eBPF, short for Extended Berkeley Packet Filter, has changed how developers interact with kernels within Kubernetes environments. At its core, eBPF crosses traditional boundaries, offering a programmable and secure in-kernel execution environment that empowers developers to use custom code without the need for modifications to the kernel itself.

The Kubernetes gap in CNAPP - exploring why many CNAPPs have a Kubernetes gap

A guest post by James Berthoty, founder of Latio. CSPMs and CNAPP have a major gap, and unfortunately, it drives the majority of your cloud that actually matters (Kubernetes). To be frank, most CNAPPs were created around two things: Even the early players in the space who recognized the value of containerization found themselves too ahead of the market to support the giant funding opportunities present from their competition, who were focused on easily scanning every cloud workload that could exist.

regreSSHion: RCE Vulnerability in OpenSSH Server (CVE-2024-6387)

A high-severity remote code execution (RCE) vulnerability has been found in OpenSSH’s server (CVE-2024-6387) by the research team of Qualys. This issue is especially concerning because it brings back a problem that was originally fixed in 2006, showing that one of the most popular secure software still has hidden bugs. This discovery follows another major vulnerability found in the XZ Utils library just a few months ago, highlighting ongoing security challenges.

Reverse engineering eBPF programs

eBPF is one of the most widely used technologies in today’s computing ecosystem, starting from the cloud sector up to routing and tracing in companies like Cloudflare. Many companies are basing and transforming their core products to use eBPF as an alternative to kernel modules because of all the benefits it offers both on the business side and technological side. Since this shift is gaining a lot of momentum I wanted to shed some light on eBPF.

Leveraging Golden Signals for Enhanced Kubernetes Security

As a powerful and widely adopted open-source platform, the complexity of Kubernetes is not to be underestimated. Managing a Kubernetes environment requires a deep understanding of how its various components interact, especially when it comes to observability and security. This blog post will delve into the intricacies of golden signals in Kubernetes, their connection to security issues, and how they can be leveraged to safeguard a Kubernetes environment against common attack chains.

How we differentiate ARMO Platform from Open Source Kubescape

In August 2021 we launched Kubescape with a mission to make Kubernetes security open source, simple, and available for everyone, even non-security engineers. Since then we have been working on adding new capabilities to Kubescape, while building a strong community around it. The acceptance of Kubescape by the CNCF, as a sandbox project, was an important milestone for ARMO’s open-source journey with Kubescape.

Seccomp for Kubernetes workloads

Seccomp, short for Secure Computing Mode, is a security feature in the Linux kernel that plays a role in enhancing the security of systems. Initially introduced in Linux kernel 2.6.12 in 2005, seccomp was designed to restrict the system calls a process can make, effectively reducing the attack surface and limiting potential damage from compromised processes.

What is the difference between a root process and a containerized root process?

To answer this question, let’s first look at some history. Processes are software instances running in their own memory spaces. They enable a user to execute multiple software instances in parallel on the same computer. The concepts are derived from operating systems of the 1960s, with UNIX first being released in 1971. In today’s operating systems, every process is associated with an identity to which authorizations are bound. This enables the definition of access controls around processes.