Cloud-Native Security Archives

Edera’s Big Container Security Question: Am I Isolated?

Company releases ‘Am I Isolated’, an open source container security benchmark and Rust-based container runtime scanner ...

Adrian Bridgwater | November 11, 2024 | containers, kubernetes, security

TLS, certificates, Docker, vulnerabilities, supply chain, KubeCon, SigStore, Kubernetes TrapX container security

SigstoreCon Supply Chain Day 2024: Celebrating the Impact of Sigstore on Digital Signing and Supply Chain Security

As we approach SigstoreCon at KubeCon + CloudNativeCon, where experts will share their insights, let's reflect on Sigstore and its impact ...

Luke Hinds | November 4, 2024 | KubeCon

Unlocking the Full Potential of Container Vulnerability Scans

Given the complex dependencies of container images, which can rely on other container images with potential vulnerabilities, it is crucial for developers to proactively identify and address container security vulnerabilities before deployment ...

Daniel Helfand | November 4, 2024 | container security, KubeCon, vulnerabilities

Bad Actors Exploiting Docker Remote API Servers in Attacks

Researchers from cybersecurity vendor Trend Micro are urging developers to secure and monitor their Docker remote API servers after attacks by threat actors targeting the systems to install a Linux malware and ...

Jeff Burt | November 4, 2024 | cryptomining, Docker attack, malware campaign, remote API, Trend Micro

runtime, visibility, Chainguard, threat, cloud-native security, Venafi, security, sigstore, KubeCon, cloud-native, security, secure, Rubrik, Kubernetes, Cloud-Native Security Best Practices

How to Secure Cloud-Native Architectures Without Sacrificing Agility

The real question isn’t just about what risks you are missing, but how to secure your infrastructure without losing the agility offered by cloud-native architectures. ...

Akhil Mittal | October 2, 2024 | chaos engineering, cloud native security, cloud-native architectures, Resilience in cloud-native

devsecops, supply chain, Kubernetes, practices, DevSecOps, JFrog, DevSecOps, Snyk Cerbos DevSecOps authorization incident Deepfence misconfigured Kubernetes security

JFrog Adds Runtime Platform to Secure Cloud-Native Apps Running on Kubernetes

JFrog today at its swampUP 2024 conference revealed it has added an ability to automate real-time DevSecOps workflows spanning source code to binaries deployed in Kubernetes environments ...

Mike Vizard | September 10, 2024 | DevSecOps, kubernetes, workflows

metrics, agents, ai, cloud-native, cloud native, project, istio, ambient, architecture, modules, cloud native, CCoE Kubernetes Virtana CrowdStrike cloud native

Azure Flaw Highlights Need to Secure Kubernetes Cloud Clusters

A security flaw found by Mandiant in Microsoft's AKS service would have let attackers escalate privileges and steal data ...

Jeff Burt | August 22, 2024 | cybersecurity, Google Mandiant, kubernetes, Microsoft Azure Cloud

AI, containers, kuberneted, databases DH2i Postgres data Red Hat storage IBM Yugabyte Database

How Kubernetes and Containers Will Protect — and be Protected by — AI

As companies expand their use of predictive and generative AI in building new applications and services, the security of the underlying data becomes increasingly important — and challenging. Container-focused technologies — including ...

Kirsten Newcomer | July 30, 2024 | application development, cloud-native applications, containers, kubernetes, open source, red hat

Machines and Workloads Need Identities Too — Not Just Humans

If machine and workload identities are not being managed consistently across environments, they can pose an increased risk of compromise to your organization. ...

Matt Barker | July 16, 2024 | cloud native, machine identity, SPIFFE, workload identity, zero-trust