Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Open Policy Agent (OPA) allows developers to accelerate time to market and focus on their differentiated work, instead of spending their time figuring out how they are going to write bespoke authorization policies. With OPA handling authorization decisions across the stack, each service, app or platform API just has to handle enforcement of OPA decisions.

Without a doubt, Kubernetes is the most prominent container orchestration tool. And you’ve probably noticed that many positions available to IT professionals require Kubernetes experience. One way to gain or prove your Kubernetes knowledge is by becoming a Certified Kubernetes Administrator (CKA). This certification is issued by the Cloud Native Computing Foundation (CNCF) in collaboration with the Linux Foundation. They offer three Kubernetes related certifications.

It’s that time of year again — full of ugly sweaters, holiday cookies and technology predictions (cloud-native style)! Last year, we predicted that we’d see continued Kubernetes adoption, focus on DevSecOps in organizations and open source dominance. This year, we sat down with our co-founder and CTO, Tim Hinrichs and our CEO Bill Mann to hear a few of their predictions for the open source and cloud-native authorization market.

GKE Autopilot from Google Cloud is a mode of operation in Google Kubernetes Engine (GKE) designed to simplify working with Kubernetes in the cloud. Pairing secure DevOps practices with GKE Autopilot will help you and your teams ensure the security, compliance, and performance of your workloads and applications. Sysdig has collaborated with Google Cloud to enable visibility and security for GKE Autopilot and your containers.

A critical vulnerability, CVE-2021-44228 known as “log4shell,” in Apache’s log4j was revealed on December 10th, 2021, and has already seen wide exploitation around the Internet. Previously, we discussed the vulnerability and how to find it in your images using Sysdig Scanning reports. In a perfect world, patching would be quick, easy, and completed without any issues.

On Dec 9th, a critical zero-day vulnerability - CVE-2021-44228 - was announced concerning the Java logging framework - Log4j All current versions of log4j2 up to 2.14.1 are vulnerable. To remediate this vulnerability, please update to version 2.15.0 or later.

Audit logging involves recording transactions and system events, making it an invaluable tool for regulatory compliance, digital forensics, and information security. In a typical Kubernetes ecosystem, auditing involves providing chronological, activity-relevant records documenting events and actions in a cluster. Modern logging tools come with aggregation and analytical functionalities so that teams can use log data to mitigate security threats.

The Sysdig Threat Research Team has detected an attack that can be attributed to the TeamTNT. The initial target was a Kubernetes pod exposed outside the network. Once access was gained, the malware attempted to steal AWS credentials using the EC2 instance metadata. TeamTNT is a threat actor that conducts large-scale attacks against virtual and cloud solutions, like Kubernetes and Docker.