The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.
Welcome to another monthly update on what’s new from Sysdig. Eid Mubarak! Our team continues to work hard to bring great new features to all of our customers, automatically and for free! Most importantly, of course, was our recent funding round! I won’t repeat all the details as you can read more about what it means here. However, we are super excited about all the new feature improvements we can fund and bring to our customers!
Since Google first introduced Kubernetes, it’s become one of the most popular DevOps platforms on the market. Unfortunately, increasingly widespread usage has made Kubernetes a growing target for hackers. To illustrate the scale of the problem, a Stackrox report found that over 90% of respondents had experienced some form of security breach in 2020. These breaches were due primarily to poorly-implemented Kubernetes security.
Developers, network specialists, system administrators, and even IT helpdesk use audit log in their jobs. It’s an integral part of maintaining security and compliance. It can even be used as a diagnostic tool for error resolution. With cybersecurity threats looming more than ever before, audit logs gained even more importance in monitoring. Before we get to how you can use audit logs for security and compliance, let’s take a moment to really understand what they are and what they can do.
Understanding what to audit in a network can be chaotic and confusing. Building a complete network security checklist is crucial for organizations with computers connected to the internet or to each other. Think of it like an antivirus scan you might run on your computer to find Trojans or malware, except you’re scanning your entire network to find anything that may cripple it.
The CVE-2021-25737 low-level vulnerability has been found in Kubernetes kube-apiserver where an authorized user could redirect pod traffic to private networks on a Node. The kube-apiserver affected are: By exploiting the vulnerability, adversaries could be able to redirect pod traffic even though Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range.
In its mission to simplify building and running cloud-native applications for users, Amazon has announced the GA of AWS App Runner, a new purpose-built container application service. With security top of mind for most organizations shifting to the cloud, Sysdig has collaborated with AWS to enable threat detection for the new platform.
There is no doubt that a virtual RSA is not the same as catching up with colleagues and partners over great food, and of course meeting up at the W Bar. The good news is we all have or are adjusting to working remotely and we didn’t have to travel to hear what the industry luminaries think, or what our peers are saying they can do to keep the world safe.
Single sign-on (SSO) services provide a unified view into applications, logins and devices through a secure identity cloud. SSO allows users to access SaaS-based applications through one simple login process. We, at OnPage, are excited to announce that we’ve extended our integration catalog to include SSO services like Okta and OneLogin. Through a single sign-on process, OnPage enterprise-level users can access the OnPage dashboard from their Okta and OneLogin accounts.