<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=521127644762074&amp;ev=PageView&amp;noscript=1">
8 minute read
| January 23, 2023

An Overview of the NSA Kubernetes Hardening Guide

Earlier this month, the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) released the 1.0 version of the Kubernetes hardening... Read More
14 minute read
| December 13, 2022

The Top Three Kubernetes Security Strategies You Need for 2023

The entire world is trying to move to Kubernetes. At the same time, everyone is afraid that they are going to do something wrong. They fear shipping apps and services that... Read More
2 minute read
| November 3, 2022

CVE-2022-3602 and CVE-2022-3786 OpenSSL Vulnerabilities: Scanning Container Images

On November 1st, 2022, OpenSSL announced a pair of High Severity vulnerabilities in version 3.0.0-3.0.6 of OpenSSL. The vulnerability is a buffer overflow that requires a... Read More
5 minute read
| October 6, 2022

Kubernetes Security vs. Security Theater

Physical Security Checks When I was a kid my father worked for the government and that sent us around the world to some interesting places. One of the places we lived had a... Read More
6 minute read
| September 8, 2022

Kubernetes Security, Cost Avoidance and Policy Go Hand in Hand

Kubernetes security continues to be one of the biggest concerns for organizations adopting the technology. Security teams are learning Kubernetes while DevOps and developers... Read More
4 minute read
| September 1, 2022

Why Infrastructure-as-Code Scanning Matters for Kubernetes Configuration

Infrastructure as code (IaC) is the ability to provision and manage infrastructure using a configuration language. It offers the repeatability, transparency, and testing of... Read More
4 minute read
| August 4, 2022

Mitigate Kubernetes Risk with Vulnerabilities Explorer

For DevOps security leaders, knowing what vulnerabilities exist in Kubernetes clusters is critical, but only part of the problem. Once risks are identified, a plan of action... Read More
3 minute read
| July 22, 2022

Kubernetes Security Alerts that Actually Matter

The Cost of Ignoring Security Alerts One of the bigger character flaws that I have is that I buy very old vehicles because I hate owning new things. Most of the time this is... Read More
3 minute read
| July 19, 2022

Do You Have Kubernetes Security Blind Spots?

Kubernetes is Still New to Most People I managed to make it to my 30s before I had to buy a house and there are loads of reasons I wish I never had one.  Read More
5 minute read
| June 15, 2022

NSA Kubernetes Hardening Guide: Upgrade and Application Security

Our NSA Kubernetes Hardening Guide series has looked at pod security, network access, authentication and authorization, audit logging and threat detection. In the final... Read More
5 minute read
| June 10, 2022

NSA Kubernetes Hardening Guide: Audit Logging and Threat Detection Overview

In our series on the NSA Kubernetes Hardening Guide, we’ve looked at pod security, network access and authentication and authorization. Today we look at the audit logging and... Read More
3 minute read
| May 24, 2022

Kubernetes Vulnerability Management: Keep Third-party Images Up-to-Date

The Kubernetes ecosystem is built on a vast array of open source technologies. Kubernetes itself is one of the largest open source projects, and a community of tools and... Read More