Underscoring the importance and complexity of Kubernetes security, in Aug 2021 the U.S. Government published Kubernetes Hardening Guidance to help Kubernetes users and developers build more secure, resilient systems.  The document was developed at the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA), and targets cloud native systems used in national security …

Kubernetes Security Enhanced with NSA and CISA Guidance Read More »

I don’t envy those on Infosec and compliance teams.  In addition to holding accountability for the security of company and customer data, they need to maintain compliance with appropriate regulations and standards, they need to satisfy the auditors that verify compliance.  On top of all of that, they have very little control over vulnerabilities that …

Is Security as Code and DevSecOps the Future of Security? Read More »

Kubernetes security can be frustrated by its built-in customizability and the fact that no default settings will be secure for every situation.  Users must configure certain functionality in order to secure their cluster. This means that the engineers responsible for deploying the Kubernetes platform need to understand how poor and incomplete configuration can lead to …

Kubernetes Security: Protect Internal Traffic with Policy as Code (CVE-2021-25737 and CVE-2021-25740) Read More »

Breach path prediction is a way to group a sequence of individual violations or weaknesses into a “breach path” which an attacker can use to compromise your system.  The idea is that individual weaknesses may not be exploitable or severe on their own, and identifying breach paths enables organizations to recognize the issues that may …

Breach path prediction: Breaking Kill Chains with Policy as Code Read More »