It’s that time of year again — full of ugly sweaters, holiday cookies and technology predictions (cloud-native style)! Last year, we predicted that we’d see continued Kubernetes adoption, focus on DevSecOps in organizations and open source dominance. This year, we sat down with our co-founder and CTO, Tim Hinrichs and our CEO Bill Mann to hear a few of their predictions for the open source and cloud-native authorization market.

GKE Autopilot from Google Cloud is a mode of operation in Google Kubernetes Engine (GKE) designed to simplify working with Kubernetes in the cloud. Pairing secure DevOps practices with GKE Autopilot will help you and your teams ensure the security, compliance, and performance of your workloads and applications. Sysdig has collaborated with Google Cloud to enable visibility and security for GKE Autopilot and your containers.

A critical vulnerability, CVE-2021-44228 known as “log4shell,” in Apache’s log4j was revealed on December 10th, 2021, and has already seen wide exploitation around the Internet. Previously, we discussed the vulnerability and how to find it in your images using Sysdig Scanning reports. In a perfect world, patching would be quick, easy, and completed without any issues.

On Dec 9th, a critical zero-day vulnerability - CVE-2021-44228 - was announced concerning the Java logging framework - Log4j All current versions of log4j2 up to 2.14.1 are vulnerable. To remediate this vulnerability, please update to version 2.15.0 or later.

Audit logging involves recording transactions and system events, making it an invaluable tool for regulatory compliance, digital forensics, and information security. In a typical Kubernetes ecosystem, auditing involves providing chronological, activity-relevant records documenting events and actions in a cluster. Modern logging tools come with aggregation and analytical functionalities so that teams can use log data to mitigate security threats.

The Sysdig Threat Research Team has detected an attack that can be attributed to the TeamTNT. The initial target was a Kubernetes pod exposed outside the network. Once access was gained, the malware attempted to steal AWS credentials using the EC2 instance metadata. TeamTNT is a threat actor that conducts large-scale attacks against virtual and cloud solutions, like Kubernetes and Docker.

Enterprises have traditionally relied on perimeter network security to keep attackers out and protect their organizationally unique sensitive data and resources. This approach works on the principle “verify, always trust” wherein authenticated users inside the network are trusted by default and allowed unfettered access. With the shift to cloud-native architecture, perimeter-based defenses have become obsolete and leave systems inherently vulnerable to malicious actors.

Last June, Tigera announced a first for Kubernetes: supporting open-source WireGuard for encrypting data in transit within your cluster. We never like to sit still, so we have been working hard on some exciting new features for this technology, the first of which is support for WireGuard on AKS using the Azure CNI. First a short recap about what WireGuard is, and how we use it in Calico.