Jerusalem, Israel
Sep 28, 2023   |  By Matthias Bertschy
I had always wanted to use sidecars with Istio or Splunk forwarder in production, but as a Kubernetes maintainer, I knew there was no reliable way of telling Kubernetes to ensure sidecar containers were kept running before and after the main application. In this post I will share the twists and turns of my adventure in addressing this long-standing Kubernetes challenge.
Sep 20, 2023   |  By ARMO
We are excited to announce the preview release of Kubescape 3.0, the next generation of the CNCF Kubernetes security posture management tool. Kubescape 3.0 will add: Most of these features have landed already, with some being finished over the next few weeks. Get ARMO Platform.
Sep 19, 2023   |  By ARMO
Guest post originally published on Kubescape’s blog by Ben Hirschberg. Co-Founder and CTO at ARMO and a Kubescape maintainer. What do you get a piece of software for its second birthday? A brand new blog, of course! And cake. More on the cake later. Kubescape is an open-source Kubernetes security platform that helps you identify and fix security risks, misconfigurations and vulnerabilities in your Kubernetes clusters.
Sep 14, 2023   |  By Yossi Ben Naim
Prioritizing the security of your Kubernetes environment is of utmost importance. As organizations increasingly rely on containerization for their applications, the need for robust security measures is ever-growing. But security doesn’t work in isolation; it should seamlessly blend into your workflow. This is where the integration of ARMO Platform with collaboration tools like Microsoft Teams becomes invaluable.
Aug 23, 2023   |  By Ben Hirschberg
Recently, the Kubernetes Security Response Committee disclosed three interrelated vulnerabilities affecting the Windows versions of Kubelet and the Kubernetes CSI proxy. These vulnerabilities pose a significant risk, allowing even users with limited permissions to escalate their privileges to administrator level on affected nodes.
Aug 22, 2023   |  By Ben Hirschberg
Kubernetes has become the de facto platform for orchestrating containerized applications at scale in today’s IT landscape. Its ability to run on various platforms including on-premises, public cloud, and hybrid has made it an essential tool for many organizations. This is particularly true for companies following a multi-cloud strategy, relying on more than one vendor for their cloud computing needs.
Aug 17, 2023   |  By Ben Hirschberg
In the evolving world of software delivery and IT operations, Kubernetes has emerged as the frontrunner for container orchestration. This is due to its automated deployments, scaling, management of containerized applications, and other powerful features. However, with great power comes great complexity, especially when it comes to Kubernetes networking.
Aug 14, 2023   |  By Ben Hirschberg
With each release, Kubernetes introduces new features and enhancements to improve the user experience and address the evolving needs of its users. Today’s release is no exception. This blog post delves into the security enhancements introduced in Kubernetes 1.28, providing insights into their significance and impact.
Aug 10, 2023   |  By Brad Morgan
How do I keep my Kubernetes cluster secure? I do it with the open-source tool Kubescape – a popular CNCF security tool for Kubernetes. In this video, I go over how you can get started with Kubescape as well as the SaaS platform ARMO.
Aug 7, 2023   |  By Ben Hirschberg
Kubernetes has become one of the most popular platforms for running cloud-native applications. This popularity is due to several factors, including its ease of use and ability to handle stateless applications. However, running stateful applications, such as databases and storage systems, on Kubernetes clusters is still debatable. In other words, does Kubernetes and its containerized ecosystem provide a solid and reliable infrastructure to run such critical applications?
Dec 2, 2019   |  By ITProTV
With the short week for the Thanksgiving holiday in the US, the Technado team decided to have a little fun by looking back at some of the dumbest tech headlines from 2019. Romanian witches online, flat-earthers, and fake food for virtual dogs - what a time to be alive. Then, Shauli Rozen joined all the way from Israel to talk about a zero-trust environment in DevOps. IT skills & certification training that’s effective & engaging. Binge-worthy learning for IT teams & individuals with 4000+ hours of on-demand video courses led by top-rated trainers. New content added daily.

ARMO closes the gap between development and security, giving development, DevOps, and DevSecOps the flexibility and ease to ensure high grade security and data protection no matter the environment – cloud native, hybrid, or legacy.

ARMO is driving a paradigm shift in the way companies protect their cloud native and hybrid environments. We help companies move from a “close-the-hole-in-the-bucket” model, installing firewalls, defining access control lists, etc. to a streamlined DevOps- and DevSecOps led model in which environments are deployed with inherent zero-trust.

Security at the Speed of DevOps:

  • Runtime workload identity and protection: Identifies workloads based on application code analysis, creating cryptographic signatures based on Code DNA to prevent unauthorized code from running in the environment to access and exfiltrate protected data. The patent-pending technology signs and validates workloads in runtime throughout the entire workload lifecycle.
  • Transparent data encryption: Transparent data encryption – keyless encryption – robustly and uniformly encrypts and protects files, objects, and properties, requiring no application changes, service downtime, or impact on functionality. It eases the adoption of encryption by removing the complexity of key management and providing an out-of-the-box solution for key protection in use, key rotations, and disaster recover procedures.
  • Identity-based communication tunneling: Transparent communication tunneling ensures only authorized and validated applications and services can communicate. Even if attackers steal valid access credentials, they are useless because the malicious code will be unsigned. Create API access polices to build identity-based policies and enforce correct workload behaviors.
  • Application-specific secret protection: Application-specific protection of secrets ensures cryptographic binding between continuously validated specific workload identities and their confidential data, delivering complete protection against access by unauthorized applications.
  • Visibility & compliance: Visibility and compliance monitoring provide granular details about workloads and running environments, including individual processes, file names and locations, open listening ports, actual connections, mapped volumes, opened files, process privilege levels, connections to external services, and more. Alerts can be used for continuous compliance verification.

Bringing Together Run-Time Workload And Data Protection To Seamlessly Establish Identity Based, Zero-Trust Service-To-Service Control Planes.