Welcome to

The ARMO Blog

Oct 6, 2021

A Practical Guide to the Different Compliance Kubernetes Security Frameworks and How They Fit Together

Jonathan Kaftzan

VP Marketing & Business Development

Welcome to

THE ARMO BLOG

Sep 20, 2021

Use Kubescape to check if your Kubernetes clusters are exposed to the latest K8s Symlink vulnerability (CVE-2021-25741)

Kubescape now checks if your K8s clusters are exposed to CVE-2021-25741 and verify that there are no pods in the cluster that attempt to use subPath function.

Shauli Rozen

CEO & Co-founder

Sep 8, 2021

The complete guide of Kubernetes Role-Based Access Control (RBAC)

You have probably heard of Kubernetes role-based access control (RBAC). In this article, Amir Kaushansky will walk you through this method so that in the end, you will be able to determine whether RBAC is something you need to worry about, and if so, what you should do about it.

Amir Kaushansky

VP Product

Sep 5, 2021

Debugging in Kubernetes

While Kubernetes offers a self-healing deployment platform, there is a fair chance a developer will run into issues that require deeper analysis and debugging to identify configuration problems. In this article, we’ll explore various techniques, best practices, and efficient tools for component-level debugging of a Kubernetes cluster.

Ben Hirschberg

VP R&D & Co-founder

Aug 18, 2021

Kubescape: The First Open-Source Tool for Running NSA and CISA Kubernetes Hardening Tests

ARMO is pleased to announce the first tool for testing if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by NSA and CISA.

Ben Hirschberg

VP R&D & Co-founder

Aug 9, 2021

Kubernetes Hardening Guidance Summary

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have published comprehensive recommendations for strengthening the security of an organization’s Kubernetes system to help companies make their Kubernetes environment more difficult to compromise. In this blog, we summarize all the must-know recommendations and action items.

Jonathan Kaftzan

VP Marketing & Business Development

Aug 4, 2021

Kubernetes version 1.22 release – everything you should know

Kubernetes 1.22, the latest release of Kubernetes, comes with bug fixes, enhancements, and new features that make the platform more stable, scalable, and user-friendly. There are a total of 56 improvements with different maturity levels and a considerable number of API removals. In this article, I’ll focus on the security-related changes in Kubernetes as well as a few other significant changes in Kubernetes API and usability

Amir Kaushansky

VP Product

Jul 27, 2021

Which Managed Kubernetes Is Right for Me?

Kubernetes clusters take time and manpower to set up. That might mean a few minutes in the cloud or hours in a self-hosted version of Kubernetes. Ultimately, your ability to handle mammoth open-source projects is the biggest factor to consider when choosing managed over on-premises Kubernetes. If you choose to go it alone, you’ll need experts on your team who can handle such a large undertaking. Separately managing etcd, upgrades, high availability, and reliability requires far more expertise than running a managed Kubernetes cluster. For your managed solutions, there are a number of options.

Amir Kaushansky

VP Product

Jul 13, 2021

Advanced Kubernetes Pod to Node Scheduling

In Kubernetes, the task of scheduling pods to specific nodes in the cluster is handled by the kube-scheduler. The default behavior of this component is to filter nodes based on the resource requests and limits of each container in the created pod. Feasible nodes are then scored to find the best candidate for the pod placement.

Ben Hirschberg

VP R&D & Co-founder

Jul 4, 2021

Networking with a Service Mesh: Use Cases, Best Practices, and Comparison of Top Mesh Options

Service mesh technology emerged with the popularization of microservice architectures. Because service mesh facilitates the separation of networking from the business logic, it enables you to focus on your application’s core competency.Microservice applications are distributed over multiple servers, data centers, or continents, making them highly network dependent. Service mesh manages network traffic between services by controlling traffic with routing rules and the dynamic direction of packages between services. 

Amir Kaushansky

VP Product

Apr 20, 2021

The K8s network (security) effect

K8s has a built-in object (sort of) for managing network security (NetworkPolicy). While it allows the user to define the relationship between pods with ingress and egress policies, it’s still quite basic and requires very precise IP mapping - for a solution that’s constantly changing, so most users I’ve talked to are not using it. Users need a simplified solution that protects their K8s networks to the max - a solution that makes network security in K8s a do-able task with the highest security level possible: mutual TLS between microservices and real zero trust deployment. And no, this is not a sidecar solution….

Amir Kaushansky

VP Product

Apr 7, 2021

Time to rethink your security strategy

Supply chain software, unsafe toolkits, container vulnerabilities and the list go on.

Leonid Sandler

CTO & Co-founder

Apr 3, 2021

Revealing the Secrets of Kubernetes Secrets

Can you keep a secret? Hope so, because in this blog, I reveal the secrets of Kubernetes secrets. First, I dive into the mechanics of Kubernetes secrets and then move to how to protect them.

Ben Hirschberg

VP R&D & Co-founder

Feb 2, 2021

Don’t get attached to your attachment!

A brief overview of attachment methods when securing Kubernetes environments

Amir Kaushansky

VP Product

Dec 6, 2020

ARMO Announces Nitro Enclaves support - making it DevOps ready out of the box

ARMO announces native support for AWS Nitro Enclaves, making confidential computing readily available for DevOps use without requiring developers involvement, application re-architecting, code changes.

Shauli Rozen

CEO & Co-founder

Oct 22, 2020

ContainerDrip – Another Example of Why HTTP Basic Authentication is Flawed

The latest exploit in the series of issues with cloud infrastructure software, “ContainerDrip” , reveals again the problems with basic HTTP authentication

Ben Hirschberg

VP R&D & Co-founder

Sep 30, 2020

What makes ARMO customers immune - by design – against vulnerabilities like CVE-2020-14386?

CVE-2020-14386 reminds us that the fight against vulnerabilities is not over, luckily for ARMO customers, they were immune by design to such vulnerabilities. In this blog we discuss the exploitation of CVE-2020-14386 and why ARMO approach is not only immune to it but also future proof against yet unknown such vulnerabilities.

Leonid Sandler

CTO & Co-founder

Jul 29, 2020

ARMO for Google Traffic Director gRPC Proxyless Services

Cyber Armor takes a look at the latest announcement of Traffic Director’s support for gRPC Proxyless services in service mesh and what it means to developers and architects.

Shauli Rozen

CEO & Co-founder

Jun 4, 2020

ARMO Expands Opportunities with Red Hat Certified Operator for OpenShift

Cyber Armor has now achieved Red Hat Operator certification for OpenShift. The collaboration extends Cyber Armor’s security technology to thousands of Red Hat enterprise customers, enabling them to get one-click zero-trust on top of their OpenShift clusters and protect their microservices from CI/CD to Runtime

Shauli Rozen

CEO & Co-founder

May 20, 2020

Leonid Sandler, Founder and CTO, on the Inspiration behind ARMO

Leonid Sandler, Co-Founder and CTO of Cyber Armor, set for an interview with Safety Detective’s Aviva Zacks on the inspiration behind the company.

Shauli Rozen

CEO & Co-founder

Mar 23, 2020

What COVID-19 teaches us about Micro-segmentation and Run-time Cloud Workload Protection

In many ways, software malware and biological viruses are similar, therefore it made sense for us to take a look at what happens in the world with the impact of the Coronavirus, compare it with how cloud environments are being protected, and see what we can learn from the comparison.

Shauli Rozen

CEO & Co-founder

Feb 11, 2020

Recently found Azure vulnerabilities underline the importance of Zero-Trust for cloud workloads

Two vulnerabilities found in Microsoft’s Azure cloud services have been recently published by researchers. These vulnerabilities prove once again that un-trusted workloads can come from many places in the cloud environment, including the out-of-your-control cloud infrastructure. Zero-trust environments can be created as a generic solution for such potential attacks.

Ben Hirschberg

VP R&D & Co-founder

Jan 23, 2020

Do you trust your Microservices Identities?

A few fundamental security problems exist in the traditional microservices identity authentication Methods. These problems result in identity establishment, which is not always trustworthy, and enables potential attackers to pose as legitimate workloads. Adoption of multi-factor authentication for microservices can solve many of these challenges.

Shauli Rozen

CEO & Co-founder

Jan 13, 2020

The Migration Path to Microservices & Security Considerations, Of Course

While the move to microservices-based architecture is relatively new, it is already mainstream. A majority of companies are choosing it as their default architecture for new development,and you are not cool if you are not using microservices. With regards to migrating legacy apps and breaking them down to microservices, companies are showing more conservatism, and rightly so. The move creates a lot of value, mainly around new features, time to market, and scalability, but it also has its complexities and trade offs.

Shauli Rozen

CEO & Co-founder

Jan 13, 2020

Cloud Migration: Moving Your Security Mindset Along with Your Data

Migrating our data to the cloud has never been easier in terms of technology. So why are so many companies still concerned with moving their data to the cloud? The answer lies in the fact that technology is a small part of moving to the cloud. Data cloud migration requires architectural changes and in many times - a mindshift.

Ben Hirschberg

VP R&D & Co-founder

Jan 13, 2020

The Growth of Confidential Computing

Confidential Computing technology is an important step toward a safer digital space. Building the right tools and the right architectures around this technology to help companies utilize it is key. These technologies should provide strong confidential computing protection without requiring changing existing software components.

Leonid Sandler

CTO & Co-founder

Dec 23, 2019

The Chicken & Egg Secret Protection Problem in Micro-services

Certificate, private keys, encryption keys, and other secrets proliferate in a secured cloud native environment. Making sure these keys are protected in a scalable and secured way is becoming ever more critical and are a major part of establishing a real zero-trust environment.

Shauli Rozen

CEO & Co-founder

Product
IntegrationsKubernetes Fabric™️
Use Cases
Truly Secure Kubernetes Secrets in UseEffectively Protect Proprietary Data in 3rd Party SystemsKeep Each Tenant Protected in a Multi-Tenant Environment
Ensure Highest Levels of Data Protection & Privacy
Company
Contact UsCareersBlogGlossary
follow us
Privacy PolicyCookies Policy
Copyright © 2020, Armo Ltd.