Sep 20, 2021
Kubescape now checks if your K8s clusters are exposed to CVE-2021-25741 and verify that there are no pods in the cluster that attempt to use subPath function.
Sep 8, 2021
You have probably heard of Kubernetes role-based access control (RBAC). In this article, Amir Kaushansky will walk you through this method so that in the end, you will be able to determine whether RBAC is something you need to worry about, and if so, what you should do about it.
Sep 5, 2021
While Kubernetes offers a self-healing deployment platform, there is a fair chance a developer will run into issues that require deeper analysis and debugging to identify configuration problems. In this article, we’ll explore various techniques, best practices, and efficient tools for component-level debugging of a Kubernetes cluster.
Aug 18, 2021
ARMO is pleased to announce the first tool for testing if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by NSA and CISA.
Aug 9, 2021
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have published comprehensive recommendations for strengthening the security of an organization’s Kubernetes system to help companies make their Kubernetes environment more difficult to compromise. In this blog, we summarize all the must-know recommendations and action items.
Aug 4, 2021
Kubernetes 1.22, the latest release of Kubernetes, comes with bug fixes, enhancements, and new features that make the platform more stable, scalable, and user-friendly. There are a total of 56 improvements with different maturity levels and a considerable number of API removals. In this article, I’ll focus on the security-related changes in Kubernetes as well as a few other significant changes in Kubernetes API and usability
Jul 27, 2021
Kubernetes clusters take time and manpower to set up. That might mean a few minutes in the cloud or hours in a self-hosted version of Kubernetes. Ultimately, your ability to handle mammoth open-source projects is the biggest factor to consider when choosing managed over on-premises Kubernetes. If you choose to go it alone, you’ll need experts on your team who can handle such a large undertaking. Separately managing etcd, upgrades, high availability, and reliability requires far more expertise than running a managed Kubernetes cluster. For your managed solutions, there are a number of options.
Jul 13, 2021
In Kubernetes, the task of scheduling pods to specific nodes in the cluster is handled by the kube-scheduler. The default behavior of this component is to filter nodes based on the resource requests and limits of each container in the created pod. Feasible nodes are then scored to find the best candidate for the pod placement.
Jul 4, 2021
Service mesh technology emerged with the popularization of microservice architectures. Because service mesh facilitates the separation of networking from the business logic, it enables you to focus on your application’s core competency.Microservice applications are distributed over multiple servers, data centers, or continents, making them highly network dependent. Service mesh manages network traffic between services by controlling traffic with routing rules and the dynamic direction of packages between services.
Apr 20, 2021
K8s has a built-in object (sort of) for managing network security (NetworkPolicy). While it allows the user to define the relationship between pods with ingress and egress policies, it’s still quite basic and requires very precise IP mapping - for a solution that’s constantly changing, so most users I’ve talked to are not using it. Users need a simplified solution that protects their K8s networks to the max - a solution that makes network security in K8s a do-able task with the highest security level possible: mutual TLS between microservices and real zero trust deployment. And no, this is not a sidecar solution….
Apr 7, 2021
Supply chain software, unsafe toolkits, container vulnerabilities and the list go on.
Apr 3, 2021
Can you keep a secret? Hope so, because in this blog, I reveal the secrets of Kubernetes secrets. First, I dive into the mechanics of Kubernetes secrets and then move to how to protect them.
Feb 2, 2021
A brief overview of attachment methods when securing Kubernetes environments
Dec 6, 2020
ARMO announces native support for AWS Nitro Enclaves, making confidential computing readily available for DevOps use without requiring developers involvement, application re-architecting, code changes.
Oct 22, 2020
The latest exploit in the series of issues with cloud infrastructure software, “ContainerDrip” , reveals again the problems with basic HTTP authentication
Sep 30, 2020
CVE-2020-14386 reminds us that the fight against vulnerabilities is not over, luckily for ARMO customers, they were immune by design to such vulnerabilities. In this blog we discuss the exploitation of CVE-2020-14386 and why ARMO approach is not only immune to it but also future proof against yet unknown such vulnerabilities.
Jul 29, 2020
Cyber Armor takes a look at the latest announcement of Traffic Director’s support for gRPC Proxyless services in service mesh and what it means to developers and architects.
Jun 4, 2020
Cyber Armor has now achieved Red Hat Operator certification for OpenShift. The collaboration extends Cyber Armor’s security technology to thousands of Red Hat enterprise customers, enabling them to get one-click zero-trust on top of their OpenShift clusters and protect their microservices from CI/CD to Runtime
May 20, 2020
Leonid Sandler, Co-Founder and CTO of Cyber Armor, set for an interview with Safety Detective’s Aviva Zacks on the inspiration behind the company.
Mar 23, 2020
In many ways, software malware and biological viruses are similar, therefore it made sense for us to take a look at what happens in the world with the impact of the Coronavirus, compare it with how cloud environments are being protected, and see what we can learn from the comparison.
Feb 11, 2020
Two vulnerabilities found in Microsoft’s Azure cloud services have been recently published by researchers. These vulnerabilities prove once again that un-trusted workloads can come from many places in the cloud environment, including the out-of-your-control cloud infrastructure. Zero-trust environments can be created as a generic solution for such potential attacks.
Jan 23, 2020
A few fundamental security problems exist in the traditional microservices identity authentication Methods. These problems result in identity establishment, which is not always trustworthy, and enables potential attackers to pose as legitimate workloads. Adoption of multi-factor authentication for microservices can solve many of these challenges.
Jan 13, 2020
While the move to microservices-based architecture is relatively new, it is already mainstream. A majority of companies are choosing it as their default architecture for new development,and you are not cool if you are not using microservices. With regards to migrating legacy apps and breaking them down to microservices, companies are showing more conservatism, and rightly so. The move creates a lot of value, mainly around new features, time to market, and scalability, but it also has its complexities and trade offs.
Jan 13, 2020
Migrating our data to the cloud has never been easier in terms of technology. So why are so many companies still concerned with moving their data to the cloud? The answer lies in the fact that technology is a small part of moving to the cloud. Data cloud migration requires architectural changes and in many times - a mindshift.
Jan 13, 2020
Confidential Computing technology is an important step toward a safer digital space. Building the right tools and the right architectures around this technology to help companies utilize it is key. These technologies should provide strong confidential computing protection without requiring changing existing software components.
Dec 23, 2019
Certificate, private keys, encryption keys, and other secrets proliferate in a secured cloud native environment. Making sure these keys are protected in a scalable and secured way is becoming ever more critical and are a major part of establishing a real zero-trust environment.