A Deep Dive Into Secrets Management

There’s a lot to think about when it comes to working with containers, Kubernetes, and secrets. You have to employ and communicate best practices around identity and access management in addition to choosing and implementing various tools. Whether you’re a SecOps professional at a startup, small business, or large enterprise, you need to make sure you have the right tools to keep your environments secure.

Recently, we sat down with Stenio Ferreira, Senior Solutions Engineer at HashiCorp. Armed with a degree in computer science and experience as a Java developer at a variety of companies, including IBM, Stenio migrated into a consulting role where he advised clients who wanted to start continuous integration / continuous delivery (CI/CD) pipelines and improve their automation workflow. That’s where he was exposed to HashiCorp, his current company.

According to Stenio, a secrets management solution is a must — and there are various reasons to use one (such as centralized authentication). Stenio explained the services offered at HashiCorp, and shared his perspective on containers, Kubernetes, open source solutions, and Vault. Read more “A Deep Dive Into Secrets Management”

Container Security: Winter is Coming — Dress in Layers!

Recently I had the pleasure of joining hundreds of DevOps pros, IT managers, and security engineers at the first ever Container Security event at LEGOLAND. Attendees discussed the newest technologies, scariest threats, and biggest trends in the evolving world of container security. If you weren’t lucky enough to be a part of the fun, here’s a quick recap of what Threat Stack’s Director of Product, Todd Morneau, spoke about. Read more “Container Security: Winter is Coming — Dress in Layers!”

Top 4 Questions to Ask About Compliance, Security, and Containers

Introducing containers into cloud infrastructure can lead to faster development cycles as well as more efficient use of infrastructure resources. With these kinds of competitive advantages, it’s no wonder why container orchestration platforms like Kubernetes are so popular. In fact, Gartner estimates that 50 percent of companies will use container technology by 2020 — up from less than 20 percent in 2017.

While the value and popularity of containers are undeniable, deployments have opened up a whole new set of infrastructure security concerns for Development and Operations teams. This is why more and more companies are focusing on container security to ensure that they don’t ship software with known vulnerabilities, to protect sensitive data, and to maintain compliance with industry-specific regulations such as HIPAA, PCI, or SOC 2. Resources like the Center For Internet Security (CIS) benchmark reports on Kubernetes or Docker provide comprehensive, objective guidelines for organizations transitioning to containers.

In this post, we’ll walk through some of the top questions you need to ask when thinking about establishing security and maintaining regulatory compliance in a container infrastructure environment. Read more “Top 4 Questions to Ask About Compliance, Security, and Containers”

50 Useful Docker Tutorials for IT Professionals (from Beginner to Advanced)

Containers bring many benefits to DevOps teams along with a number of security concerns. This post brings you details about 50 Docker training resources that are designed to train beginner, intermediate, and advanced practitioners on current knowledge about Docker.

Note: On Thursday, September 27, we’ll be holding our Builders of Tomorrow event, featuring industry experts who will be speaking about critical container security issues and best practices (see details below). We hope to see you there! Read more “50 Useful Docker Tutorials for IT Professionals (from Beginner to Advanced)”

Threat Stack Announces General Availability of Its Docker Containerized Agent

Last month we announced that a containerized version of the Threat Stack Agent was coming soon for customers who are using containers to deploy cloud workloads. Today, we are excited to announce that our Docker Containerized Agent is now generally available up on Docker Hub. As cloud infrastructure shifts more heavily towards containers, we are pleased to bring this option to market as a way to gain unmatched visibility into the entire infrastructure — hosts, containers, and the control plane — to ensure that our customers have the best cloud security monitoring and alerting in place across all their assets. Read more “Threat Stack Announces General Availability of Its Docker Containerized Agent”

Join Threat Stack at “Builders of Tomorrow”

Making a Secure Transition to Containers

September 27 | LEGOLAND | Somerville, MA

We’re super excited to announce our upcoming event — Builders of Tomorrow  — a container security meetup at LEGOLAND in Somerville, MA.

Come hear from a rockstar team of container security leaders including:

  • Todd Morneau, Director of Product at Threat Stack
  • Jay Vyas, core contributor to Kubernetes and technologist at Black Duck
  • Hemant Kapoor, Global Head of SRE at Wayfair
  • Kevin Landt, Director of Product Management, OpsGenie
  • Ryan Wallner, Technical Manager Portworx

We also have a surprise guest speaker you won’t want to miss!

This will be our first security-driven container event. Builders of Tomorrow is the only event that brings engineers, IT managers, SREs, and thought leaders together in a single forum to explore how teams can scale and secure modern applications in a transitioning world.  

Builders of Tomorrow

Where: LEGOLAND Discovery Center Boston: 598 Assembly Row, 2nd Floor, Somerville, MA

When: Thurs, September 27, 2018, 5:00 – 9:00 p.m. EDT

Registration: If you haven’t registered already, reserve your tickets now.

What to Expect

The event will feature a mix of thought provoking sessions, expert panels, and hands-on build workshops with industry leaders and hands-on practitioners alike.

Between sessions, attendees will have the opportunity to exchange ideas with their peers and network at one of the most exciting venues in the Boston area.

Did we mention we have access to all LEGOLAND exhibits/attractions including?

  • Build Center
  • Lego Themed Escape Room
  • Roller Coaster
  • Star Wars Episode 2 Exhibit
  • Full Catered Beer, Wine, and Food

Sign up today and we’ll see you on September 27!

Create a Security Risk Assessment for Containers in 5 Steps

When adopting containers, organizations need to create a risk profile for the types of threats and vulnerabilities they expect to experience. This type of analysis is especially important with containers, since the attack surface increases significantly, while the level of security visibility across hosts, containers, and the infrastructure control plane decreases.

For example, one of the most prominent attack scenarios in containers is the idea of blast radius. After the initial point of compromise, an attacker can escalate privileges quickly to gain control of other containers in the cluster. Since attackers are looking for the greatest returns for the least amount of effort, a vulnerable Kubernetes or Docker cluster may be a great place to strike quickly and do a lot of damage across a wide attack surface.

New, sophisticated attacks to cloud infrastructure emerge every day. But, if you follow the five steps outlined below to create a cybersecurity risk assessment, you can anticipate where your organization may be most vulnerable and strengthen your system’s security accordingly before an attacker gets the chance to strike. Read more “Create a Security Risk Assessment for Containers in 5 Steps”

How a DevOps Recruiter Hires for Containers and Serverless

A Q&A With Michael Race, Head of DevOps, Salt Digital Recruitment

When it comes to hiring for DevOps, there’s much to consider, especially if you’re looking for someone to manage containers and serverless infrastructure. There’s no doubt that it’s a talent-driven market — DevOps professionals are in demand.

In this competitive environment, how do you make the right choice about who to hire? According to Michael Race, Head of DevOps at Salt Digital Recruitment, patience is a must. But even if you’ve got time on your side, you still want to make hires that prioritize security, can advocate for tools and methodology, and have experience creating DevOps environments.

We sat down with Michael recently to get his perspective on hiring for containers and serverless. Michael — who’s helped dozens of companies fill DevOps roles — shared his thoughts on where security fits in, what he likes to see in a candidate, as well as red flags that may crop up. Read more “How a DevOps Recruiter Hires for Containers and Serverless”

Magic for DevOps Teams — Threat Stack Announces Containerized Agent

Every day, malicious actors are taking more complex routes into cloud infrastructure and leveraging increasingly covert traits to persist for longer periods of time. As Dark Reading put it in a recent article, “Attackers are abusing the characteristics of cloud services to launch and hide their activity as they traverse target networks.” With the rapid adoption of containers and orchestration tools as part of that infrastructure, organizations are presented with yet another layer to protect from these complex attacks.

Containers bring many advantages to DevOps such as easier write-test-deploy cycles, flexibility to explore new frameworks, and a simpler way to make updates to individual resources or a range of components in your applications. As more teams move towards containerized workloads, DevOps teams expect the security tools they leverage to keep pace without slowing them down.

To ensure alignment with those expectations, Threat Stack is excited to announce a containerized agent that will be available to customers next month. The containerized agent will provide the deployment and velocity benefits of containerization while concurrently monitoring and alerting on container activity across the entire infrastructure, no matter where customers fall on the container adoption spectrum. Read more “Magic for DevOps Teams — Threat Stack Announces Containerized Agent”

Lessons in Resilience: A Conversation on Security at REdeploy 2018

I spent last week out in San Francisco at REdeploy to learn about Resilience Engineering and what it means to build solid, sustainable infrastructures, organizations, and teams. This was the first conference of its type, and it did not disappoint.

While there was an incredible lineup of speakers, the real value, in my opinion, came from the engagement and discussions that took place after the on-stage talks. Not only did the speakers and attendees mingle at every break, but the conference organizers also hosted a speaker panel at the end of each day where attendees could ask questions, and the speakers themselves could discuss some of the themes presented throughout the day. I eagerly took advantage and sat down with a few people to find out what Security means for Resilience Engineering. Read more “Lessons in Resilience: A Conversation on Security at REdeploy 2018”