ARMO Platform has added the CIS EKS benchmark. Now, with Amazon Elastic Kubernetes Service (EKS) users can add this specific benchmark to the frameworks already available to them.
RBAC management is crucial to securing a Kubernetes cluster and ensuring compliance with regulations and industry standards. ARMO Platform includes an RBAC visualizer allowing administrators to see which privileges are assigned to any given user. Role-based access control—commonly known as RBAC—is the practice of assigning access to an organization’s resources whereby the level of access privilege depends upon an individual’s role in the organization.
Container adoption in enterprises continues to grow, and Kubernetes has become the de facto standard for deploying and operating containerized applications. At the same time, security is shifting left and should be addressed earlier in the software development lifecycle (SDLC). Security has morphed from being a static gateway at the end of the development process to something that (ideally) is embedded every step of the way. This can potentially increase the effort for engineering and DevOps teams.
We are happy to announce that ARMO Platform users can now utilize ChatGPT to quickly and easily create custom controls. ARMO is the first Kubernetes security company to offer this kind of integration. Read all about it 👇
In this article, we examine the impact of a shared responsibility model on end-user security administration in managed Kubernetes environments. We also explore typical difficulties and effective methods for securing these environments.
The popular open-source platform Kubescape by ARMO has been recently announced as a fully managed operator called a Charm for Canonical’s Charmed Kubernetes distribution. This collaboration between Canonical and ARMO is exciting for the solution it enables for end users, ultimately resulting in hardened and more secure Kubernetes environments.
Kubescape, an end-to-end open-source Kubernetes security platform, embarks on a new journey. Kubescape, created by ARMO, will fully migrate to the CNCF. This coincides with the launch of ARMO Platform, a hosted, managed security solution powered by Kubescape.
In August 2021 we launched Kubescape with a mission to make Kubernetes security open source, simple, and available for everyone, even non-security engineers. Since then we have been working on adding new capabilities to Kubescape, while building a strong community around it. The recent acceptance of Kubescape by the CNCF, as a sandbox project, is another important milestone for ARMO’s open-source journey with Kubescape.
Security researchers at ARMO have found a high-severity vulnerability in the Kyverno admission controller container image signature verification mechanism. The vulnerability enables an attacker who is either running a malicious container image registry or is able to act as a proxy between the registry and Kyverno, to inject unsigned images into the protected cluster, bypassing the image verification policy. The vulnerability was introduced in version 1.8.3 and was fixed in version 1.8.5.
CIS Benchmarks are a focused set of guidelines for the secure configuration, vulnerability detection, and threat remediation of distributed workloads. In this article, we compare the leading tools that scan against the CIS Kubernetes benchmark framework. Security frameworks help modern software organizations define their risk management processes and platform requirements to prevent cyber risks.