Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cloud security operates on a different paradigm compared to traditional IT security. For example, it involves multiple contextual layers such as cloud services, containers and Kubernetes that require specialized insights. The challenge is even harder when the organization is affected by compliance requirements, and is compounded by the sheer volume of data that becomes a major concern for any organization. Failing to effectively manage it leads to costly inefficiencies and risks.

Calico Open Source 3.29 is here, bringing powerful new features and enhancements to simplify networking and security in Kubernetes. In this post, we’ll explore the key highlights of this release and celebrate the contributions of the talented individuals who made it happen.

The open-source ecosystem is rich with tools that empower developers and security practitioners alike. Two standout projects are Sysdig OSS and Falco, both of which leverage deep system-level instrumentation to provide insights and enhance security. However, while they share a common foundation, they serve distinct purposes. This blog explores the strengths of Sysdig OSS and Falco, how they differ, and how they can complement each other.

One of the most important pillars of a well-architected framework is security. Thus, it is important to follow these AWS security best practices, organized by service, to prevent unnecessary security situations. So, you’ve got a problem to solve and turned to AWS to build and host your solution. You create your account and now you’re all set up to brew some coffee and sit down at your workstation to architect, code, build, and deploy. Except, you aren’t.

As application development and deployment evolve, traditional tools alone can no longer handle the dynamic, ephemeral nature of cloud and cloud-native environments. This article explores how cloud-native application protection platforms (CNAPPs) are addressing these challenges to enhance coverage and streamline prioritization.

In the early days of cloud security, like in the early days of endpoint, the focus was on prevention. This makes sense: preventative measures are an essential way to reduce risk. Blocking known threats and attack paths makes sense as a way to harden an organization’s cloud estate. For many organizations, a prevention-only strategy in the cloud might seem completely sufficient for reducing risk – and it is to an extent. But prevention alone can only go so far.

In the world of Kubernetes, optimizing cluster performance and reliability is paramount, especially when it comes to fundamental operations like DNS lookups. NodeLocal DNSCache is one such solution that helps reduce DNS latency by caching responses locally on each node. While this tool is effective in standard Kubernetes setups, complications arise when integrating it with advanced networking solutions such as eBPF-based dataplanes.

Attack surfaces in the cloud are expanding at a breakneck pace. Cloud security has reached an unprecedented level of complexity — ranging from misconfigurations and vulnerabilities to advanced threats and compliance challenges, all while malicious actors are increasingly using generative AI to target your cloud infrastructure.