New Report - State of Container and Kubernetes Security Winter 2020 Download Now
{ .link_text }}

Posts under Kubernetes Security

How to Remediate Kubernetes Security Vulnerability: CVE-2019-11247

How to Remediate Kubernetes Security Vulnerability: CVE-2019-11247

A new Kubernetes security vulnerability was announced today, along with patch releases for the issue for Kubernetes versions 1.13, 1.14, and 1.15. CVE-2019-11247 discloses a serious vulnerability in the K8s API that could allow users to read, modify or delete cluster-wide custom resources, even if they only have RBAC permissions for namespaced resources. If your clusters aren’t using Custom Resource Definitions (CRDs), you aren’t affected. But CRDs have become a critical component of many Kubernetes-native projects like Istio, so many users are impacted.

StackRox Earns CRN’s Kudos as 2019 Emerging Vendor

StackRox Earns CRN’s Kudos as 2019 Emerging Vendor

Right on the heels of winning two CODiE awards, StackRox was just named a Computer Reseller News 2019 Emerging Vendor. StackRox and our Kubernetes-native container security platform were chosen for our ability to help organizations harden and secure Kubernetes environments at scale. DevOps practices and the cloud-native stack provide the channel with rich opportunities to help companies enable business transformation. The underlying technologies of containers and Kubernetes, however, wreak havoc with traditional security tooling and processes.

Kubernetes Security 101: Top challenges, risks, best practices

Kubernetes Security 101: Top challenges, risks, best practices

Kubernetes is by far the most widely used container orchestrator in the market, and Kubernetes adoption – especially in production environments – is taking off. According to Gartner, “by 2022, more than 75% of global organizations will be running containerized applications in production.” The explosion in Kubernetes adoption hasn’t been without its share of security concerns. Earlier this year, the runC vulnerability, which allows an attacker to gain host-level code execution by breaking out of a running container, was discovered.

Gartner: How-To Guide on Securing Containers

Gartner: How-To Guide on Securing Containers

This is the third article of a three-part blog series reviewing Gartner Security & Risk Management Summit 2019. Don’t forget to read article one titled Gartner’s Top 10 Security Projects for 2019 - Container Security Makes the List, and article two titled Gartner on Securing Cloud-Native Apps. We’ve been sharing the highlights of Gartner’s recent Security conference – the inclusion of container security in Gartner’s list of Top 10 Security Projects for 2019 and Best Practices for Securing Cloud-native Apps.

Getting started with Istio Service Mesh - What is it and what does it do?

Getting started with Istio Service Mesh - What is it and what does it do?

Anyone who has even a passing interest in Kubernetes and the cloud native ecosystem has probably heard of Istio. Getting a clear description of what exactly Istio is, what it can (and can’t) do, and whether it’s a technology you might need are all a little harder to find. Hopefully, this post will help clear up some of the confusion. The Istio Service Mesh What is a service mesh? The term “service mesh” can apply either to the set of overlapping network connections between services in a distributed application or to a set of tools used to manage that group of connected services.

How to Build Production-Ready Kubernetes Clusters and Containers

How to Build Production-Ready Kubernetes Clusters and Containers

Kubernetes is a powerful tool for building highly scalable systems. As a result, many companies have begun, or are planning, to use it to orchestrate production services. Unfortunately, like most powerful technologies, Kubernetes is complex. How do you know you’ve set things up correctly and it’s safe to flip the switch and open the network floodgates to your services? We’ve compiled the following checklist to help you prepare your containers and kube clusters for production traffic.

StackRox and Google Cloud Deliver Container Security as Cloud SCC goes GA

StackRox and Google Cloud Deliver Container Security as Cloud SCC goes GA

We’re excited to announce today that we’ve added support for the latest version of the Google Cloud Security Command Center (Cloud SCC). StackRox has collaborated with the Cloud SCC team as part of our Google Cloud partnership since Cloud SCC’s alpha release, and we’re excited that the platform is now generally available. The StackRox Kubernetes Security Platform enables customers to meet their security and compliance requirements across the container lifecycle, and we’ve integrated deeply with Kubernetes to deliver the key capabilities essential to an effective container security solution.

Kubernetes Network Policies - A Detailed Security Guide

Kubernetes Network Policies - A Detailed Security Guide

The container orchestrator war is over, and Kubernetes has won. With companies large and small rapidly adopting the platform, security has emerged as an important concern – partly because of the learning curve inherent in understanding any new infrastructure, and partly because of recently announced vulnerabilities. Kubernetes brings another security dynamic to the table – its defaults are geared towards making it easy for users to get up and running quickly, as well as being backward compatible with earlier releases of Kubernetes that lacked important security features.

New Kubernetes Security Vulnerabilities Disclosed: CVE-2019-1002101 and CVE-2019-9946

New Kubernetes Security Vulnerabilities Disclosed: CVE-2019-1002101 and CVE-2019-9946

Two Kubernetes security vulnerabilities were disclosed yesterday: CVE-2019-1002101, a high severity issue, and CVE-2019-9946, a medium severity issue. Read on for a description of the vulnerabilities and their impact, how to know whether you’re affected, and what the remediation steps are. CVE-2019-1002101: kubectl cp could replace or delete files on a user machine This vulnerability is in the kubectl binary – specifically, in the kubectl cp command. An attacker can exploit this vulnerability to write files to any path on the user’s machine, limited only by the system permissions of the local user.

11 Kubernetes admission controller best practices for security

11 Kubernetes admission controller best practices for security

Kubernetes provides several built-in security capabilities, including network security, resource isolation, access control, and logging and auditing. One of the more recent security capabilities is a group of plugins known as admission controllers. Admission controllers enable governance and enforcement of how clusters are used. Kubernetes ships with over 30 admission controllers, which are listed here along with their descriptions. This article assumes you have a basic understanding of admission controllers, but if you are unfamiliar with them, check out Kubernetes reference guide on admission controllers to learn more.

Winning When It Counts - the Prestigious SC Magazine Award

Winning When It Counts - the Prestigious SC Magazine Award

Like the “participation” trophy every kid on the soccer team wins in kindergarten, some industry awards just don’t carry much clout. The SC Magazine awards? Now that’s a different story. These awards, announced in conjunction with the RSA Conference every year, bestow a huge amount of prestige on the companies and technologies they celebrate. The award submissions are incredibly competitive, and I know of many companies who try year after year to win and fall short.

StackRox – Putting the Customer at the Center of Kubernetes Security

StackRox – Putting the Customer at the Center of Kubernetes Security

When we officially launched the StackRox Kubernetes Security Platform about 18 months ago, we highlighted that microservices, containers, and Kubernetes were the next stage in the evolution of application development in the cloud-native stack. While DevOps embraced microservices and its advantages in delivering unprecedented speed, efficiency, and portability, security teams were frequently left in the dark or brought in a little too late. Today, security teams are proactively working with DevOps to ensure that their organization’s security and compliance requirements are adequately addressed before new apps go live.

7 Critical Kubernetes Security Issues Resolved by Upgrading Your k8s

7 Critical Kubernetes Security Issues Resolved by Upgrading Your k8s

In 2018, we learned about several Kubernetes security vulnerabilities, with the latest Kubernetes security flaw being the most severe. The last few Kubernetes releases have both introduced new security features and also provided critical security patches to help resolve some of the most impactful Kubernetes security issues and shortcomings to date. As you start the new year, take a look at the version of your Kubernetes clusters. If you are still using an older version, we highly recommend you promptly upgrade to the latest release.

Top 5 Container and Kubernetes Security Posts of 2018

Top 5 Container and Kubernetes Security Posts of 2018

The year 2018 was a watershed for containers, container security, and Kubernetes. Tesla got hacked, the most critical Kubernetes vulnerability to date was discovered, IBM bought RedHat for $34 billion (in large part for OpenShift), VMware bought Heptio for more than $500 million, and investors poured money into container technology startups at an ever-increasing pace. The Following five blog articles capture and distill the big picture trends in container adoption and Kubernetes security in 2018.