We often hear from our customers that to adopt a container and Kubernetes security tool in any mid sized or large organization, separation of duties and least privilege access via RBAC is a must. Admin roles cannot be granted unnecessarily to all teams. If users or groups are routinely granted these elevated privileges, account compromises or mistakes can result in security and compliance violations.
Sysdig, an industry leader for monitoring and security of cloud-native workloads, and IBM have joined forces to bring a fully Integrated powerful platform that delivers the security and performance that enterprises need in today’s multi-cloud world. Sysdig Secure and the IBM Cloud Pak for Multicloud Management (MCM) can help you accelerate Kubernetes and cloud adoption by addressing security and regulatory compliance from the start on enterprise hybrid cloud environments.
Two malicious Python libraries, jeilyfish (with a capital i and a lowercase L in the original name) and python3-dateutil, were detected on PyPI (Python Package Index) on December 1st. They were typosquatting similar named legitimate libraries jellyfish (with a double lowercase L) and python-dateutil libraries, a malicious technique aiming to trick developers to use the similar named modified libraries.
Authorization to Operate (ATO) in a day and on-going authorization are compliance nirvana. The ATO is the authorizing official’s statement that they accept the risk associated with the system running in production environments using live business data. The idea that all of the information necessary to make a risk decision is at hand and can be consumed by decision makers is what every compliance program is trying to achieve.
In this blog post you’ll learn how to set up image vulnerability scanning for AWS CodePipeline and AWS CodeBuild using Sysdig Secure DevOps Platform. AWS provides several tools for DevOps teams: CodeCommit for version control, CodeBuild for building and testing code, and CodeDeploy for automatic code deployment. The block on top of all these tools is CodePipeline that allows them to visualize and automate these different stages.
As container adoption in AWS takes off, ECR scanning is the first step towards delivering continuous security and compliance. You need to ensure you are scanning your images pulled from AWS ECR for both vulnerabilities and misconfigurations so that you don’t push applications running on AWS that are exploitable.
Cloud teams are increasingly adopting AWS container services to deliver applications faster at scale. Along with the roll out of cloud native architectures with containers and orchestration, what’s needed to stay on top of the security, performance and health of applications and infrastructure has shifted. At Sysdig, we’ve worked with Amazon to provide tools and integrations that help secure your Cloud Native workloads deployed across all AWS container services.
