Download Gartner Report: Best Practices for Running Containers and Kubernetes in Production DOWNLOAD NOW
{ .link_text }}

Posts under Kubernetes Security

Getting started with Istio Service Mesh - What is it and what does it do?

Getting started with Istio Service Mesh - What is it and what does it do?

Anyone who has even a passing interest in Kubernetes and the cloud native ecosystem has probably heard of Istio. Getting a clear description of what exactly Istio is, what it can (and can’t) do, and whether it’s a technology you might need are all a little harder to find. Hopefully, this post will help clear up some of the confusion. The Istio Service Mesh What is a service mesh? The term “service mesh” can apply either to the set of overlapping network connections between services in a distributed application or to a set of tools used to manage that group of connected services.

How to Build Production-Ready Kubernetes Clusters and Containers

How to Build Production-Ready Kubernetes Clusters and Containers

Kubernetes is a powerful tool for building highly scalable systems. As a result, many companies have begun, or are planning, to use it to orchestrate production services. Unfortunately, like most powerful technologies, Kubernetes is complex. How do you know you’ve set things up correctly and it’s safe to flip the switch and open the network floodgates to your services? We’ve compiled the following checklist to help you prepare your containers and kube clusters for production traffic.

Making Security Easier for OpenShift Customers

Making Security Easier for OpenShift Customers

Greetings from the Red Hat Summit in Boston! We had a great time at OpenShift Commons yesterday, and today we’re talking to folks about some joint news between StackRox and Red Hat – the StackRox Kubernetes Security Platform is now available as a Red Hat certified container, and customers can get our software through the Red Hat Container Catalog. This certification makes it easier for OpenShift customers to access enhanced security and compliance capabilities that complement Red Hat’s Kubernetes platform.

StackRox and Google Cloud Deliver Container Security as Cloud SCC goes GA

StackRox and Google Cloud Deliver Container Security as Cloud SCC goes GA

We’re excited to announce today that we’ve added support for the latest version of the Google Cloud Security Command Center (Cloud SCC). StackRox has collaborated with the Cloud SCC team as part of our Google Cloud partnership since Cloud SCC’s alpha release, and we’re excited that the platform is now generally available. The StackRox Kubernetes Security Platform enables customers to meet their security and compliance requirements across the container lifecycle, and we’ve integrated deeply with Kubernetes to deliver the key capabilities essential to an effective container security solution.

Kubernetes Network Policies - A Detailed Security Guide

Kubernetes Network Policies - A Detailed Security Guide

The container orchestrator war is over, and Kubernetes has won. With companies large and small rapidly adopting the platform, security has emerged as an important concern – partly because of the learning curve inherent in understanding any new infrastructure, and partly because of recently announced vulnerabilities. Kubernetes brings another security dynamic to the table – its defaults are geared towards making it easy for users to get up and running quickly, as well as being backward compatible with earlier releases of Kubernetes that lacked important security features.

New Kubernetes Security Vulnerabilities Disclosed: CVE-2019-1002101 and CVE-2019-9946

New Kubernetes Security Vulnerabilities Disclosed: CVE-2019-1002101 and CVE-2019-9946

Two Kubernetes security vulnerabilities were disclosed yesterday: CVE-2019-1002101, a high severity issue, and CVE-2019-9946, a medium severity issue. Read on for a description of the vulnerabilities and their impact, how to know whether you’re affected, and what the remediation steps are. CVE-2019-1002101: kubectl cp could replace or delete files on a user machine This vulnerability is in the kubectl binary – specifically, in the kubectl cp command. An attacker can exploit this vulnerability to write files to any path on the user’s machine, limited only by the system permissions of the local user.

Kubernetes 1.14 is Out - What Are the New Features?

Kubernetes 1.14 is Out - What Are the New Features?

Kubernetes 1.14 is out! As always, we at StackRox are excited to dive in and see what’s new. And this release didn’t disappoint – from major new features and security improvements to small enhancements that simplify the day-to-day life of operators, this update includes a lot to unpack (and a few deprecation warnings to watch out for!). Windows Support is now Stable This feature is the big one: starting with 1.

11 Tips to Operationalizing Kubernetes Admission Controllers for Better Security

11 Tips to Operationalizing Kubernetes Admission Controllers for Better Security

Kubernetes provides several built-in security capabilities, including network security, resource isolation, access control, and logging and auditing. One of the more recent security capabilities is a group of plugins known as admission controllers. Admission controllers enable governance and enforcement of how clusters are used. Kubernetes ships with over 30 admission controllers, which are listed here along with their descriptions. This article assumes you have a basic understanding of admission controllers, but if you are unfamiliar with them, check out Kubernetes reference guide on admission controllers to learn more.

Winning When It Counts - the Prestigious SC Magazine Award

Winning When It Counts - the Prestigious SC Magazine Award

Like the “participation” trophy every kid on the soccer team wins in kindergarten, some industry awards just don’t carry much clout. The SC Magazine awards? Now that’s a different story. These awards, announced in conjunction with the RSA Conference every year, bestow a huge amount of prestige on the companies and technologies they celebrate. The award submissions are incredibly competitive, and I know of many companies who try year after year to win and fall short.

StackRox – Putting the Customer at the Center of Kubernetes Security

StackRox – Putting the Customer at the Center of Kubernetes Security

When we officially launched the StackRox Kubernetes Security Platform about 18 months ago, we highlighted that microservices, containers, and Kubernetes were the next stage in the evolution of application development in the cloud-native stack. While DevOps embraced microservices and its advantages in delivering unprecedented speed, efficiency, and portability, security teams were frequently left in the dark or brought in a little too late. Today, security teams are proactively working with DevOps to ensure that their organization’s security and compliance requirements are adequately addressed before new apps go live.

7 Critical Kubernetes Security Issues Resolved by Upgrading Your k8s

7 Critical Kubernetes Security Issues Resolved by Upgrading Your k8s

In 2018, we learned about several Kubernetes security vulnerabilities, with the latest Kubernetes security flaw being the most severe. The last few Kubernetes releases have both introduced new security features and also provided critical security patches to help resolve some of the most impactful Kubernetes security issues and shortcomings to date. As you start the new year, take a look at the version of your Kubernetes clusters. If you are still using an older version, we highly recommend you promptly upgrade to the latest release.

Top 5 Container and Kubernetes Security Posts of 2018

Top 5 Container and Kubernetes Security Posts of 2018

The year 2018 was a watershed for containers, container security, and Kubernetes. Tesla got hacked, the most critical Kubernetes vulnerability to date was discovered, IBM bought RedHat for $34 billion (in large part for OpenShift), VMware bought Heptio for more than $500 million, and investors poured money into container technology startups at an ever-increasing pace. The Following five blog articles capture and distill the big picture trends in container adoption and Kubernetes security in 2018.