The most successful model for Kubernetes security will be one built on zero trust, one that embraces ephemeral JIT privileges, strong secrets governance and ZSP.
It feels like IT and security pros are tasked with the impossible job of operating business-critical applications in Infrastructure as a Service (IaaS) environments in the dark with no ability to monitor and protect them in runtime.
In a Security magazine webinar, Fairwinds President Kendall Miller and Solutions’ Architect, Ivan Fetch, discuss what you need to know about Kubernetes security.
Software intelligence company Dynatrace announced the findings of an independent global survey of 700 CISOs, which reveals the rising adoption of cloud-native architectures, DevOps, and agile methodologies has broken traditional approaches to application security. As organizations shift more responsibility "left" to developers to accelerate innovation, increasingly complex IT ecosystems and outdated security tooling can slow releases by leaving blind spots and forcing teams to manually triage countless alerts, many of which are false positives reflecting vulnerabilities in libraries that are not used in production.
Palo Alto Unit 42 researchers have detected a new malware campaign targeting Kubernetes clusters. The attackers gained initial access via a misconfigured kubelet that allowed anonymous access.