A guest post by James Berthoty the founder of Latio Tech. The shift to cloud has meant an explosion in cloud security-related acronyms – so many that it can be difficult to know what you currently have versus what’s missing or available. First we bought CSPMs (Cloud Security Posture Management), then CWPPs (Cloud Workload Protection Platforms), then CNAPPs (Cloud Native Application Protection Platform), then CDRs (Cloud Detection Response), and now KDRs (Kubernetes Detection Response). Along the way, EDR (Endpoint Detection Response) providers pretended they could do it all, but provided broke ..read more

Seccomp, short for Secure Computing Mode, is a noteworthy tool offered by the Linux kernel. It is a powerful mechanism to restrict or log the system calls that a process makes. Operating within the kernel, seccomp allows administrators and developers to define fine-grained policies for system call execution, enhancing the overall security posture of applications and the underlying system. By filtering and limiting the system calls accessible to a process, seccomp aids in minimizing the potential impact of vulnerabilities and decreases the attack surface. This makes it a key element in creating ..read more

On March 29, 2024, Red Hat disclosed CVE-2024-3094 (a.k.a XZ vulnerability) scoring a critical CVSS rating of 10. Stemming from a supply chain compromise it affects the latest iterations of XZ tools and libraries. The CVE was identified by a software engineer following the discovery of performance issues in SSH connections. This led to the exposure of a major supply chain attack where a compromised library was inserted into sshd and exploited during the authentication process.  In this article, we will explore the technical implications of this attack and explain its effects on Kubernetes ..read more

Kubernetes 1.30 marks a significant milestone in the evolution of the widely used orchestration platform, particularly regarding security enhancements and developer experience.  This post will explore updates encompassing secrets management, node and cluster management, data security and additional security measures. Each of these improvements strengthens the Kubernetes framework, making it a more secure and reliable platform for enterprises and developers. Security-Specific Improvements in Kubernetes 1.30 The Kubernetes 1.30 release brings several enhancements that focus on enhancing the ..read more

Introduction In the dynamic landscape of cloud-native cybersecurity, image scanning has become essential to ensuring the safety and integrity of cloud workloads and digital assets. Historically, image scanners focus on finding vulnerabilities (CVEs) that may be the cause of exploits in Kubernetes workloads. However, there’s a significant gap that often goes unnoticed. This gap is the lack of comprehensive scanning for malware, viruses, crypto miners, and other malicious threats. These types of threats can be caught if just look for them. In this blog post, we explore the missing piece in most ..read more

Introduction In the ever-changing world of Kubernetes security, it’s crucial to stay ahead of threats while maintaining operational efficiency. That’s why we’re excited to introduce our latest feature: Auto-Generated Kubernetes Network Policy, based on application runtime behavior, powered by eBPF (extended Berkeley Packet Filter) technology. With this addition, organizations can easily apply native Kubernetes network rules without worrying about disrupting their production systems. What are the challenges when adopting a Network Policy? Visibility: Understanding which workloads have network ..read more

Struggling to manage vulnerabilities in your Kubernetes environment? You’re not alone. Traditional vulnerability management tools often leave security teams feeling overwhelmed and unsure of where to focus their efforts. Traditional scanners churn out an endless stream of alerts, many irrelevant, making it difficult to prioritize and address the most critical issues. Sound familiar? As a security professional, to reach the goal of achieving and maintaining a strong Kubernetes security posture, you need to streamline resource allocation for maximum impact on security. To achieve this you must e ..read more

Introduction In an ideal world, patching every vulnerability before attackers discover them would be a breeze. The reality of the evolving cloud-native landscape, with its ever-changing mix of cloud, DevOps, mobile, and critical infrastructure, paints a different picture. New risks emerge constantly, leaving traditional vulnerability management approaches struggling to keep up. Meanwhile, Security and DevOps teams face ongoing pressure to protect their organizations from vulnerabilities. Over the past five years, there has been a significant surge in the number of identified Common Vulnerabili ..read more

ARMO’s new feature revolutionizes Kubernetes vulnerability scanning based on eBPF technology to help Kubernetes and DevSecOps practitioners focus on fixing the vulnerabilities that impact their security posture the most.   “CVE shock” is a term that describes the overwhelming feeling that DevOps and security teams experience when faced with a large number of vulnerabilities. The volume of vulnerabilities can make it challenging to prioritize and mitigate those that are the most critical. The resulting overwhelming feeling, and absence of clear indications of priority, can paralyze te ..read more

With the rapid pace of technological evolution, ensuring security within the systems we operate and the software we deploy has never been more crucial. In the world of vulnerability management, we’ve moved from scanning Linux hosts to scrutinizing container images. However, are we looking for vulnerabilities in the right places?  A brief history of vulnerability scanners The journey of vulnerability scanning began with simple scripts written to identify vulnerable software on Linux hosts. As the landscape expanded, these scanner scripts turned into projects that matured, evolving into rob ..read more