Last week we announced the broadest policy library and toolset for Kubernetes, Terraform and CloudFormation. This work is part of our effort to support platform engineering and cloud infrastructure teams with policy guardrails, as they work to support hundreds (or thousands) of developers. But what does this exactly mean for Kubernetes users? Today we’ll cover the Styra DAS features and policies that are now at your fingertips for those managing Kubernetes clusters.
Scanning for vulnerabilities is a best practice and a must-have step in your application lifecycle to prevent security attacks. It is also important where this step is performed, but why? Let’s dig into the details of vulnerability scanning with Sysdig.
The microservice architecture involves breaking the application into small interconnected services, each performing a specific task. This breakdown enables developers to work on individual services without affecting the rest of the application, leading to more agility and easier scaling. These services communicate through APIs and, as the number of services within an application increases, developers may introduce a microservice service mesh to control all the service-to-service communication.
KSMBD, as defined by the kernel documentation1, is a linux kernel server which implements SMB3 protocol in kernel space for sharing files over network. It was introduced in kernel version ‘v5.15-rc1’ so it’s still relatively new. Most distributions do not have KSMBD compiled into the kernel or enabled by default. Recently, another vulnerability (ZDI-22-16902) was discovered in KSMBD, which allowed for unauthenticated remote code execution in the kernel context.
If you want to learn how to prevent a DDoS attack in your cloud environment by detecting the early signs of compromise associated with this threat, then this article should explain most of the best practices required to secure your cloud infrastructure. From January through July 2022, Sysdig Threat Research team implemented a global honeynet system that captured numerous breaches through multiple attack vectors.
OPA Gatekeeper is the most popular solution for enforcing admission control policies on Kubernetes clusters. It was designed for policy management on a single cluster. Styra DAS (built by the creators of OPA) aims to provide the next step for enterprise companies with centralized policy management over tens or hundreds of clusters and policy use cases beyond Kubernetes. In this post, we explain how Styra DAS differs from OPA Gatekeeper and how our enterprise focus led to different design decisions.
