Security | Threat Detection | Cyberattacks | DevSecOps | Compliance


CVE-2024-3094 Exposed: A Guide to Overcoming XZ/liblzma and Similar Threats Using Calico

Before we start this blog post, let’s acknowledge that the only way to secure your environment from any vulnerability is to update the vulnerable hardware or software with patches that the author or the project community releases. Every other form of mitigation is only a way to provide an extended time for critical applications that cannot be updated immediately.

Prevent Data Exfiltration in Kubernetes: The Critical Role of Egress Access Controls

Data exfiltration and ransomware attacks in cloud-native applications are evolving cyber threats that pose significant risks to organizations, leading to substantial financial losses, reputational damage, and operational disruptions. As Kubernetes adoption grows for running containerized applications, it becomes imperative to address the unique security challenges it presents.

Securing the Modern Enterprise: Unified Microsegmentation and Observability with Calico

In the ever-evolving landscape of enterprise networks, the traditional approach of relying on a fortified perimeter to secure internal assets faces significant challenges. The dichotomy of a trusted internal network and an untrusted external environment, enforced by perimeter defenses, has been a longstanding strategy.

Embracing DevSecOps for Containers and Kubernetes with Calico Cloud

DevSecOps is a collaborative practice that incorporates security into the development and delivery of software. DevSecOps encourages a culture where security, development, and operations teams collaborate closely; this collaboration ensures that security considerations are understood and implemented by everyone involved in the software development lifecycle.

What you can't do with Kubernetes network policies (unless you use Calico): The ability to explicitly deny policies

In my previous blog post, I talked about the eighth use case from the list of nine things you cannot implement using basic Kubernetes network policy — the ability to log network security events. In this final blog post of the series, we’ll be focusing on one last use case: the ability to explicitly deny policies.

The Crucial Role of Network Policies and Encryption in Securing Kubernetes Workloads

Ensuring the security of containerized workloads has become a top priority given the accelerated adoption of managed Kubernetes services. The complexity of hosting these workloads securely in the cloud necessitates a comprehensive array of security measures. Among these, network policies and encryption stand out as indispensable prerequisites for safeguarding sensitive workloads in a shared, multi-tenant environment.

Using webhooks to boost cloud-native application security

In the ever-evolving landscape of cloud-native applications built with containers and Kubernetes, webhooks serve as the communication backbone, facilitating seamless integration between various components, especially in the realms of security, networking, and troubleshooting. This is further amplified when combined with popular collaboration tools such as Jira and Slack.

Integrating Calico Image Assurance (Vulnerability Management) with Azure DevOps Build Pipeline

In cloud-native software development, ensuring the supply chain security of containerized applications in Kubernetes (K8s) environments is of utmost importance. With the continuous evolution of threats, safeguarding your containerized applications at every stage is not a choice anymore; it is an absolute necessity. With Calico’s vulnerability management, you can scan container images across three pivotal application lifecycle stages: Let’s break down the scanning guardrails offered by Calico.

What you can't do with Kubernetes network policies (unless you use Calico): The ability to log network security events

In my previous blog post, What you can’t do with Kubernetes network policies (unless you use Calico): Advanced policy querying & reachability tooling, I talked about this use case from the list of nine things you cannot implement using basic Kubernetes network policy — advanced policy querying and reachability tooling. In this blog post, we’ll focus on the use case — the ability to log and analyze network security events.