|
By Tomas Hruby
Today, most organizations and individuals use Linux and the Linux kernel with a “one-size-fits-all” approach. This differs from how Linux was used in the past–for example, 20 years ago, many users would compile their kernel and modify it to fit their specific needs, architectures and use cases. This is no longer the case, as one-size-fits-all has become good enough. But, like anything in life, “good enough” is not the best you can get.
|
By Regis Martins
Calico policies are a way to enforce network security at the pod level. This blog post will provide a comprehensive overview of Calico policies for Calico OS (Open Source) users. We will cover the basics of Calico policies, including what they are, how they work, and how to use them. We will also provide best practices for using Calico policies and examples of how they can be used in real-world scenarios.
|
By Dhiraj Sehgal
Misconfigurations and container image vulnerabilities are major causes of Kubernetes threats and risks. According to Gartner, more than 90% of global organizations will be running containerized applications in production by 2027. This is a significant increase from fewer than 40% in 2021. As container adoption soars, Kubernetes remains the dominant container orchestration platform.
|
By Utpal Bhatt
23andMe is a popular genetics testing company, which was valued at $6B in 2021. Unfortunately, there was a massive data breach in December 2023, which caused a steep decline in the company’s value and trust, plummeting the company to a penny stock. While this breach was not directly related to Kubernetes, the same risks apply to containers running in your Kubernetes environments.
|
By Giri Radhakrishnan
Calico, the leading solution for container networking and security, unveils a host of new features this spring. From new security capabilities that simplify operations, enhanced visualization for faster troubleshooting, and major enhancements to its popular workload-centric distributed WAF, Calico is set to redefine how you manage and secure your containerized workloads. This blog describes the new capabilities in Calico.
|
By Joao Coutinho
Network policies are essential for securing your Kubernetes clusters. They allow you to control which pods can communicate with each other, and to what extent. However, it can be difficult to keep track of all of your network policies and to ensure that they are configured correctly. This is especially true if you have a large and complex cluster with more than 100 nodes. One way to address this challenge is to leverage Prometheus and AlertManager embedded in Calico Enterprise/Cloud.
|
By Amit Gupta
Observability, especially in the context of cloud-native applications, is important for several reasons. First and foremost is security. By design, cloud-native applications rely on multiple, dynamic, distributed, and highly ephemeral components or microservices, with each microservice operating and scaling independently to deliver the application functionality.
|
By Dhiraj Sehgal
Microsegmentation represents a transformative approach to enhancing network security within Kubernetes environments. This technique divides networks into smaller, isolated segments, allowing for granular control over traffic flow and significantly bolstering security posture. At its core, microsegmentation leverages Kubernetes network policies to isolate workloads, applications, namespaces, and entire clusters, tailoring security measures to specific organizational needs and compliance requirements.
|
By Reza Ramezanpour
Before we start this blog post, let’s acknowledge that the only way to secure your environment from any vulnerability is to update the vulnerable hardware or software with patches that the author or the project community releases. Every other form of mitigation is only a way to provide an extended time for critical applications that cannot be updated immediately.
|
By Utpal Bhatt
Data exfiltration and ransomware attacks in cloud-native applications are evolving cyber threats that pose significant risks to organizations, leading to substantial financial losses, reputational damage, and operational disruptions. As Kubernetes adoption grows for running containerized applications, it becomes imperative to address the unique security challenges it presents.
|
By Tigera
Attackers are continuously evolving their techniques to target Kubernetes. They are actively using Kubernetes and Docker functionality in addition to traditional attack surfaces to compromise, gain required privileges and add a backdoor entry to the clusters. A combination of Kubernetes security and observability tools is required to ensure the cloud infrastructure monitoring and lockdown and to enable DevSecOps teams with the right tools for the job.
|
By Tigera
It’s a daunting task starting down the path to securing your workloads running on Kubernetes in the Cloud. There are no shortages of vendors with great tools in the Cloud security space. There is a multitude of domains that must be accounted for, along with internal challenges in bringing an organization along into new ways of thinking. This talk will focus on Discover’s Cloud security journey, with an overview of how the program has evolved over the last 4 years, key capabilities & concepts that have been embraced and challenges faced.
|
By Tigera
Security as an afterthought is no longer an option and must be deeply embedded in the design and implementation of the products that will be running in the cloud. It is increasingly more critical for many security teams to be almost, if not equally, knowledgeable of the emerging and rapidly evolving technology. Join Manish Sampat from Tigera, as explores the topic in detail with Stan Lee from Paypal.
|
By Tigera
Security is critical for your Kubernetes-based applications. Join this session to learn about the security features and best practices for safeguarding your Kubernetes environments.
|
By Tigera
Compliance automation is a commonly overlooked area of Kubernetes observability. The question is: how do you automate compliance to a security framework that isn’t well understood by DevSecOps teams to begin with? This lack of understanding contributes to mismanaged compliance efforts and in a worst-case scenario, audit exposures and organizational risk. This talk will walk through an example of how to 1) map compliance controls to specific Kubernetes technical configuration 2) automate the assessment of those controls 3) visualize the assessment results. DevSecOps teams will better understand how to incorporate compliance automation alongside security automation.
|
By Tigera
"Companies of various sizes are building their applications on Kubernetes because it provides significant operational benefits like autoscaling, self-healing, extensibility, and declarative deployment style. However, the operational benefits are only a starting point down the path of building a secure and observable platform that enables the continuous delivery of application workloads. This session shows how to build a fully operational platform, leveraging platform-oriented building blocks to address network security and observability.
|
By Tigera
As more production workloads migrated to the cloud, the need for Intrusion Detection Systems(IDS) grew to meet compliance and security needs. With the number of workloads in each cluster, IDS needs to be efficient to not take up the shared resources. Techniques such as packet inspection and web application firewalls provide a solid defense against threats and by leveraging the cluster's network control pane, we are able to selectively choose vulnerable workloads and provide an easy way to trace back to the origin of the attack.
|
By Tigera
Learn how eBPF will bring a richer picture of what's going on in your cluster, without changing your applications. With eBPF we can safely collect information from deep within your applications, wherever they interact with the kernel. For example, collecting detailed socket statistics to root-cause network issues, or pinpointing the precise binary inside a container that made a particular request for your audit trail. This allows for insights into the behavior (and security) of the system that previously would have needed every process to be (manually) instrumented.
|
By Tigera
Through practical guidance and best practice recommendations, this book will help you understand why cloud-native applications require a modern approach to security and observability practices, and how to adopt a holistic security and observability strategy for building and securing cloud-native applications running on Kubernetes.
|
By Tigera
A step-by-step eBook covering everything you need to know to confidently approach Kubernetes networking, starting with basic networking concepts, all the way through to advanced Kubernetes networking with eBPF.
|
By Tigera
Discover how Tigera can help you achieve a scalable, secure, and compliant approach to containers on AWS.
|
By Tigera
This whitepaper explains five best practices to help meet network security and compliance requirements for modern microservices stack.
|
By Tigera
This guide contains detailed technical instructions on how to install and configure network security on Kubernetes platforms.
|
By Tigera
Tigera commission an unbiased, third-party research firm to speak with enterprise security professionals to understand the state of network security with modern applications.
|
By Tigera
OpenShift provides a declarative, automated platform to integrate developer workflows into application deployments leveraging open source building blocks such as Kubernetes.
|
By Tigera
Applying a uniform policy framework allows enterprises to achieve consistent network policy across multiple container orchestrators.
|
By Tigera
Using simplicity to deliver the performance, stability, and manageability for application connectivity at scale in cloud native platforms such as Kubernetes.
- July 2024 (1)
- June 2024 (2)
- May 2024 (4)
- April 2024 (4)
- March 2024 (4)
- February 2024 (3)
- January 2024 (3)
- December 2023 (6)
- November 2023 (9)
- October 2023 (6)
- September 2023 (9)
- August 2023 (2)
- July 2023 (5)
- June 2023 (11)
- May 2023 (9)
- April 2023 (6)
- March 2023 (3)
- February 2023 (2)
- January 2023 (2)
- December 2022 (1)
- November 2022 (2)
- October 2022 (1)
- September 2022 (3)
- August 2022 (2)
- July 2022 (3)
- June 2022 (3)
- May 2022 (3)
- March 2022 (3)
- February 2022 (3)
- January 2022 (2)
- December 2021 (2)
- November 2021 (2)
- October 2021 (2)
- September 2021 (1)
- August 2021 (2)
- July 2021 (1)
- June 2021 (11)
- May 2021 (1)
- April 2021 (2)
- March 2021 (2)
- February 2021 (2)
- January 2021 (2)
- December 2020 (4)
- November 2020 (2)
- October 2020 (4)
- September 2020 (8)
- August 2020 (9)
- July 2020 (3)
- June 2020 (2)
- May 2020 (8)
- April 2020 (2)
- March 2020 (4)
- February 2020 (2)
- January 2020 (1)
- December 2019 (3)
- November 2019 (2)
- October 2019 (4)
- September 2019 (1)
- August 2019 (1)
- July 2019 (4)
- June 2019 (4)
- May 2019 (3)
- April 2019 (1)
- March 2019 (5)
- February 2019 (6)
- January 2019 (4)
- December 2018 (1)
- November 2018 (1)
- October 2018 (1)
Kubernetes is being adopted by every major enterprise on the planet for deploying modern, containerized applications. However, containers are highly dynamic and break their existing security models. Tigera provides zero-trust network security and continuous compliance for Kubernetes platforms that enables enterprises to meet their security and compliance requirements.
Tigera’s technology is recognized and trusted as the de facto standard for Kubernetes network security. Our open source software, Tigera Calico, provides production-grade security, and our commercial offerings layer on advanced security capabilities, enterprise controls, and compliance reporting.
Kubernetes Requires a Modern Approach to Security and Compliance:
- Zero-Trust Network Security: With 40% or more of all breaches originating from within the network, you must always have to assume that something has been compromised. Applications running on Kubernetes make heavy use of the network for service to service communication. However, most clusters have been left wide open and are vulnerable to attack. A zero trust approach is the most secure way to lock down your Kubernetes platform.
- Continuous Compliance: Kubernetes is dynamic and constantly changing. Moments after a compliance audit is completed the environment will have changed again. A continuous compliance solution is the only way to prove that your security controls have been implemented properly now and historically.
- Visibility and Traceability: Applications running on Kubernetes Platforms have constantly changing IP addresses and locations that makes it impossible to use traditional flow logs to debug issues and investigate anomalous activity. The only accurate approach is to use Kubernetes labels and workload identity in your netflow logs.
- Multi-cloud and Legacy: Many applications running on Kubernetes will not be greenfield. Applications often need to communicate securely with other systems outside of the cluster, such as on-premises or cloud-based VMs, bare metal servers and databases. To achieve zero trust security for Kubernetes, your security policies must be capable of expanding beyond the cluster.
Zero Trust Network Security and Continuous Compliance for Kubernetes Platforms.