Earlier this week a group of security researchers from Graz University of Technology, imec-DistriNet, KU Leuven, Worcester Polytechnic Institute, and Cyberus Technology identified and analyzed a vulnerability in Intel chips being called ZombieLoad (CVE-2018-12130) that allows sensitive data to be stolen from the processor. You can get all the details on ZombieLoad directly from the researchers here. Thankfully, researchers do not believe this exploit has been used in a real-life attack. Read more “How to Defend Against ZombieLoad”
Making the transition from virtual machines to containers is a complex process that can take some time, particularly for larger, more complex environments. Users are drawn to Kubernetes’ container-centric environment, as well as its ability to enable portability across infrastructure providers. Kubernetes also offers broad applicability; for the most part, an application that runs well in a container will run well on Kubernetes. These, along with myriad other benefits, are what make the transition to Kubernetes worthwhile for many applications. Not up-to-date on the ins and outs of Kubernetes? Check out our list of 50 Useful Kubernetes Tutorials for IT Professionals to get started.
Because the process can be both lengthy and complex, mistakes are common during a transition. First, it’s important to understand that Kubernetes is not a silver bullet. Organizations that adopt container orchestration platforms like Kubernetes before they really understand the technology are more vulnerable to configuration errors. There are also some important Kubernetes security considerations, such as blast radius (how far a malicious party can gain access beyond the initial point of compromise), that leave certain components of a cluster more vulnerable. That’s why it’s important to build security into your deployment as early as possible. To find out where your security maturity level stands, take our Cloud SecOps Maturity Assessment, and learn more about how Threat Stack can secure your containerized environments.
If you’re ready to get started with your infrastructure transformation, there are other pitfalls you’ll want to avoid. To help you get off on the right foot and avoid common mistakes, we reached out to a panel of developers and Kubernetes experts and asked them to answer this question:
“What’s the biggest mistake people make during the transition to Kubernetes?”
Technologies like Docker have made it easier to continuously deploy applications across any number of host servers. They eliminate the need for having your own virtual machine because all the code and configuration settings you need to run your app is packaged into one container.
Google created Kubernetes to automate a number of tasks and processes involved in managing containerized apps. You can use Kubernetes to automatically deploy, scale, and decommission containerized applications. Of course, Kubernetes is not a silver bullet, and Kubernetes deployments have opened up a new set of infrastructure security concerns for DevOps teams. That’s why it’s important to be well versed in how to work with Kubernetes, as well as the tactics and solutions you can employ to create a more secure environment. For instance, Threat Stack now provides security and IT leaders transitioning to container-based infrastructure with the expertise and enhanced security visibility necessary to effectively manage the addition of container-based cloud environments through our Threat Stack Cloud Security Platform® and Threat Stack Cloud SecOps Program℠.
If you are planning to take a systematic approach to learning Kubernetes, then you should be on the lookout for quality tutorials. The good news is that a lot of resources are available online. There are also more structured courses that sometimes offer certification — if you’re willing to pay, that is. Read more “50 Useful Kubernetes Tutorials for IT Professionals”
That’s right. The tl;dr is that Threat Stack is launching a podcast series called Your System Called — and I’ll be hosting it. You can access the podcast on iTunes, subscribe via RSS, or preview the first two episodes below. Read more “Introducing Threat Stack’s New Podcast: “Your System Called””
There’s a lot to think about when it comes to working with containers, Kubernetes, and secrets. You have to employ and communicate best practices around identity and access management in addition to choosing and implementing various tools. Whether you’re a SecOps professional at a startup, small business, or large enterprise, you need to make sure you have the right tools to keep your environments secure.
Recently, we sat down with Stenio Ferreira, Senior Solutions Engineer at HashiCorp. Armed with a degree in computer science and experience as a Java developer at a variety of companies, including IBM, Stenio migrated into a consulting role where he advised clients who wanted to start continuous integration / continuous delivery (CI/CD) pipelines and improve their automation workflow. That’s where he was exposed to HashiCorp, his current company.
According to Stenio, a secrets management solution is a must — and there are various reasons to use one (such as centralized authentication). Stenio explained the services offered at HashiCorp, and shared his perspective on containers, Kubernetes, open source solutions, and Vault. Read more “A Deep Dive Into Secrets Management”