Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Tigera

Top 6 Container Security Lessons from Deploying Kubernetes and Red Hat OpenShift

We recently had the opportunity to share the lessons we have learned about container security from deploying Kubernetes and OpenShift in the field. If you don’t have time to watch the full recording of our conversation, here are a few highlights.

Navigating Network Services and Policy With Helm

Deploying an application on Kubernetes can require a number of related deployment artifacts or spec files: Deployment, Service, PVCs, ConfigMaps, Service Account — to name just a few. Managing all of these resources and relating them to deployed apps can be challenging, especially when it comes to tracking changes and updates to the deployed application (actual state) and its original source (authorized or desired state).

New Tigera Secure Enterprise 2.3 Anomaly Detection Deepens Visibility into Suspicious Kubernetes Activities

Tigera is excited to announce several new capabilities with Tigera Secure Enterprise Edition 2.3, extending the ability to uncover sophisticated Kubernetes attacks. Tigera Anomaly Detection capabilities provide insight into unusual behaviors that compromise the security and performance of Kubernetes environments.

Single Sign-On for Kubernetes: An Introduction

One of the great things about Kubernetes is that it completely separates authentication and authorization. Authentication (Authn) meaning the act of identifying who the user is and authorization (Authz) meaning the act of working out if they’re allowed to perform some action. This can be thought of in terms of a Passport and a Visa.

Leveraging Service Accounts for Label-based Security

One of the key Kubernetes security concepts is that workload identity is tied back to information that the orchestrator has. The orchestrator is actually the authoritative entity for what the actual workloads are in the platform. Kubernetes uses labels to select objects and to identify collections of objects that satisfy certain conditions. We, and others in the Kubernetes networking space, often talk about using Kubernetes ‘labels’ as identity bearers.

Zero Trust Security: Supporting a CARTA approach with Network Security

Learn how to support, what Gartner has termed, a continuous adaptive risk and trust assessment (CARTA) when building a CaaS platform using Kubernetes. Network security enables microsegmentation and is a core component of a zero trust security model. It allows you to protect your workloads against threats without relying on assumptions about the network, infrastructure, and workloads.

Adding CVE scanning to a CI/CD pipeline

A Docker image contains an application and all its dependencies. As it also contains the numerous binaries and libraries of an OS, it’s important to make sure no vulnerabilities exist in its root filesystem, or at least no critical or major ones. Scanning an image within a CI/CD pipeline can ensure this additional level of security.