Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Containers

Secure your cloud from source to run

Security is changing, you need to adapt to the Cloud. Sysdig: Secure your Cloud from Source to Run. Cloud security that avoids, that alerts, closes gaps, grants access, takes charge. That checks out, that scales up, that keeps up. That’s there From source, to run. That’s Sysdig! A single view of risk. With no blind spots. Rich context to prioritize what matters. With no guesswork. A platform based on open standards. With no black boxes.

Zero-trust for cloud-native workloads - part 2: Mitigating future Log4j incidents

In my previous blog, I introduced the brief history of zero trust, the core pillars of a zero-trust model, and how to build a zero-trust model for cloud-native workloads. In this blog, you will learn how Calico can help mitigate vulnerabilities such as the recent zero-day Log4j vulnerability with its zero-trust workload security approach.

Safely handling containers

Snyk Ambassadors are passionate about sharing their security expertise. Become one today by signing up! In the shipping industry, the container format follows ISO 668, a standard format that regulates the safe stacking of containers. Imagine your applications with multiple containers, running different applications, serving different purposes for people all over the world.

How to detect the containers' escape capabilities with Falco

Attackers use container escape techniques when they manage to control a container so the impact they can cause is much greater. This’s why it is a recurring topic in infosec and why it is so important to have tools like Falco to detect it. Container technologies rely on various features such as namespaces, cgroups, SecComp filters, and capabilities to isolate services running on the same host and apply the least privileges principle.

How to secure Kubernetes Ingress?

Ingress aims to simplify the way you create access to your Kubernetes services by leveraging traffic routing rules that are defined during the creation of the Ingress resource. This ultimately allows you to expose HTTP and HTTPS from outside the Kubernetes cluster so you no longer need to expose each service separately—something that can be expensive and tedious as an application scales, resulting in an increase in services.

Learn OPA Performance on Styra Academy

Styra Academy, our online training portal for free courses on OPA, Rego and Styra Declarative Authorization Service (DA), has a new course available: OPA Performance. The primary purpose for OPA within applications is, of course, fine-grained authorization — that is, who can do what and what can do what. Each user request typically requires one or more authorization decisions to be made.

Enforcing Cloud Resource Policy Guardrails for HashiCorp Terraform Cloud

I’m excited to announce the Styra DAS integration with HashiCorp Terraform Cloud via run tasks is now generally available to Styra DAS users! Users can now enforce cloud resource policy guardrails at every step of the DevOps process, including right before Terraform Cloud applies changes to your cloud resources.

Definitive Guide to Kubernetes Admission Controller

Kubernetes Admission Controller is an advanced plugin for gating and governing the configuration changes and workload deployment in a cluster. Admission Controller enables DevOps and Security personnel to enforce deployment requirements and restrictions in the cluster upon every workload start and any configuration change. Think of an Admission Controller as an Advanced Resource manager with a shield.