Containers

Enable Kubernetes Pod Security Policy with kube-psp-advisor

Feb 6, 2019 By Kaizhe Huang In Sysdig

Kubernetes Pod Security Policy is a mechanism to enforce best security practices in Kubernetes. In this tutorial, we will explain how to enable Kubernetes Pod Security Policy across your cluster using kube-psp-advisor to address the practical challenges of building an adaptive and fine-grained security policy on Kubernetes in production.

Read Post

Sysdig

Read more about Enable Kubernetes Pod Security Policy with kube-psp-advisor

Leveraging Service Accounts for Label-based Security

Jan 31, 2019 By Christopher Liljenstolpe In Tigera

One of the key Kubernetes security concepts is that workload identity is tied back to information that the orchestrator has. The orchestrator is actually the authoritative entity for what the actual workloads are in the platform. Kubernetes uses labels to select objects and to identify collections of objects that satisfy certain conditions. We, and others in the Kubernetes networking space, often talk about using Kubernetes ‘labels’ as identity bearers.

Read Post

Tigera

Read more about Leveraging Service Accounts for Label-based Security

Zero Trust Security: Supporting a CARTA approach with Network Security

Jan 28, 2019 By Tigera In Tigera

Learn how to support, what Gartner has termed, a continuous adaptive risk and trust assessment (CARTA) when building a CaaS platform using Kubernetes. Network security enables microsegmentation and is a core component of a zero trust security model. It allows you to protect your workloads against threats without relying on assumptions about the network, infrastructure, and workloads.

View Video

Tigera

Read more about Zero Trust Security: Supporting a CARTA approach with Network Security

OPA policy for Kubernetes memory limits

Jan 14, 2019 By Styra In Styra

Tim Hinrichs, CTO of Styra and Co-founder of Open Policy Agent, live codes an OPA policy that enforces total memory limits on pods in Kubernetes.

View Video

Styra

Read more about OPA policy for Kubernetes memory limits

OPA policy for Kubernetes label management

Jan 14, 2019 By Styra In Styra

Tim Hinrichs, CTO of Styra and Co-founder of Open Policy Agent, live codes an OPA policy for Kubernetes admission control. The policy requires an owner label on every resource and forcibly guarantees imagePullPolicy is set to Always.

View Video

Styra

Read more about OPA policy for Kubernetes label management

60% of Organizations Suffered a Container Security Incident in 2018, Finds Study

Jan 7, 2019 By Ray Lapena In Tripwire

Many organizations have DevOps on their mind going into 2019. This is a global movement. In fact, Puppet and Splunk received responses for their 2018 State of DevOps Report from organizations on every continent except Antarctica. Those organizations varied in their industry, size and level of DevOps maturity, but they were all interested in learning how they could advance their DevOps evolution going forward.

Read Post

Tripwire

Read more about 60% of Organizations Suffered a Container Security Incident in 2018, Finds Study

Achieve CIS Compliance in Cloud, Container and DevOps Environments

Nov 12, 2018 By Ben Layer In Tripwire

If you are embracing DevOps, cloud and containers, you may be at risk if you’re not keeping your security methodologies up to date with these new technologies. New security techniques are required in order to keep up with current technology trends, and the Center for Internet Security (CIS) provides free cybersecurity best practices for many newer platforms.

Read Post

Tripwire

Read more about Achieve CIS Compliance in Cloud, Container and DevOps Environments

Enforce Docker Image CIS Policy Compliance with Tripwire for DevOps

Oct 23, 2018 By Mitch Thomas In Tripwire

We are working hard adding features to our new Tripwire for DevOps service, initially announced at BlackHat 2018. If you are a loyal State of Security follower, last you read we added Auditing for Amazon Machine Images (aka AMIs). Today, we are introducing CIS policy compliance auditing for Docker images. Tripwire for DevOps allows you to evaluate your Docker Images to check for policy compliance at build time.

Read Post

Tripwire

Read more about Enforce Docker Image CIS Policy Compliance with Tripwire for DevOps

Clarifying the Misconceptions: Monitoring and Auditing for Container Security

Oct 11, 2018 By David Bisson In Tripwire

An effective container security strategy consists of many parts. Organizations should first secure the build environment using secure code control along with build tools and controllers. Next, they should secure the contents of their containers using container validation, code analysis and security unit tests. Finally, they should develop a plan to protect their containers in production systems by focusing on runtime security, platform security and orchestration manager security.

Read Post