Security | Threat Detection | Cyberattacks | DevSecOps | Compliance


Container Security Fundamentals - Linux Namespaces (Part 2): The PID Namespace

In this video we continue our examination of Linux namespaces by looking at some details of how the PID namespace can be used to isolate a container’s view of processes running on the host, and how this feature can be used for troubleshooting container problems. To learn more read our blog on Datadog’s Security Labs site.

Container Security Fundamentals - Linux namespaces part 1: The mount namespace

One of the technologies used by Linux containers to provide an isolated environment, is namespaces. They are used to provide a contained process with an isolated view of different Linux resources. In this video we look at some of the details of how Linux namespaces work and then take a more detailed look at the mount namespace which isolates a processes' view of its filesystem.

The Linux Crypto API for user applications

In this post we will explore Linux Crypto API for user applications and try to understand its pros and cons. The Linux Kernel Crypto API was introduced in October 2002. It was initially designed to satisfy internal needs, mostly for IPsec. However, in addition to the kernel itself, user space applications can benefit from it.


4 ways to leverage existing kernel security features to set up process monitoring

The large attack surface of Kubernetes’ default pod provisioning is susceptible to critical security vulnerabilities, some of which include malicious exploits and container breakouts. I believe one of the most effective workload runtime security measures to prevent such exploits is layer-by-layer process monitoring within the container. It may sound like a daunting task that requires additional resources, but in reality, it is actually quite the opposite.


Find threats: Cloud credential theft on Linux endpoints

The Sumo Logic Threat Labs team previously outlined the risks associated with unprotected cloud credentials found on Windows endpoints. This article builds on that work by providing detection and hunting guidance in the context of endpoints that run the Linux operating system. Although workloads that support business functionality are increasingly moving to the cloud, these workloads are often managed through an endpoint that is often found on premises.