Kubernetes is a popular DevOps tool thanks to its container-centric environment and portability across infrastructure providers. In 2018, Kubernetes had a big year, being the first project to graduate from the Cloud Native Computing Foundation (CNCF) and landing at #9 for commits and #2 for authors/issues on GitHub, coming in second only to Linux. “Three of the largest cloud providers offer their own managed Kubernetes services,” explains CNCF. “Furthermore, according to Redmonk, 71 percent of the Fortune 100 use containers and more than 50 percent of Fortune 100 companies use Kubernetes as their container orchestration platform.” CNCF also points out that Kubernetes is used in production at a massive scale by global companies like The New York Times, eBay, Uber, Goldman Sachs, Buffer, and others. Read more “16 Kubernetes Experts Share the Most Interesting Current Trends to Look for in Kubernetes”
Stratasan provides web-based software and professional services that are designed to help healthcare organizations maximize strategic growth through convenient access to useful information on healthcare markets. Healthcare providers, specifically hospitals and hospital systems, struggle to discover the best opportunities in their market for strategic growth, find the right patient populations in their service area, and track their performance and progress against their strategic growth goals.
By delivering intelligence through proprietary web-based software and a team of seasoned healthcare professionals, Stratasan establishes a foundation for growth in strategic planning, marketing, physician relations, and expansion. Partnering with nearly 1,000 hospitals across 40 states, Stratasan helps them achieve efficiency and effectiveness in their strategic planning initiatives.
This blog post outlines how Stratasan uses Threat Stack to gain the visibility, multiple tiers of monitoring, and auditable data, it needs to address its growing security and compliance needs. Read more “How Stratasan Addresses Its Growing Security & Compliance Needs for Healthcare IT and Services Using Threat Stack”
Developers have always been overworked. They face a constant flow of feature-focused work from the business and need to balance that with work involving performance, quality and reliability, and technical debt. While DevOps and highly automated CI/CD pipelines have made developers more productive by removing low-value non-development tasks, it has actually made the pressure to deliver even greater. According to the 2018 DORA Accelerate: State of DevOps report, high-performing DevOps teams have 46X more frequent code deploys than low-performing teams. That’s a lot more work for developers — more high-impact work, happily, but more work nonetheless. Read more “Stretching Left With Threat Stack Application Security Monitoring”
Threat Stack’s Application Security Monitoring
enables cloud security observability across the full stack & full lifecycle in a single solution
Kubernetes is a multi-functional, container-centric platform for managing workloads and services. Given the fact that containers and container orchestration can dramatically improve costs, flexibility, and resilience, it’s no mystery why Kubernetes has soared in popularity since Google open-sourced it in 2014.
On one hand, it’s a powerful orchestration tool; on the other, it’s not a silver bullet that will solve all your problems. In fact, at the same time that it helps to manage dynamic infrastructure, it also introduces new vulnerabilities that pose a threat to security. To understand the value of Kubernetes, how to integrate it in a way that improves operational efficiency, and how to guard against the new vulnerabilities that container orchestration introduces, it’s critical that you have more than a passing knowledge.
So if you’re ready to start diving into Kubernetes, you’ve come to the right place. Below, we’ve curated a list of 50 top quality tutorials to help you fully understand Kubernetes architecture and best practices. Read more “50 Best Kubernetes Architecture Tutorials”
When Threat Stack security analyst Ethan Hansen saw an alert in a customer’s environment that read /temp [RANDOM] cnrig, he knew his afternoon was about to get interesting. As part of his role in the Threat Stack Cloud SecOps Program℠, Ethan regularly monitors customer environments and proactively investigates alerts like this on the customer’s behalf. In this case, his suspicions were warranted, and Threat Stack had identified an active Docker cryptojacking attack.
Ethan and Threat Stack Security Solutions Engineer John Shoenberger recently sat down with “Your System Called: A Threat Stack Podcast” to recount this investigation into a Docker cryptojacking attack, his process of putting together a specific list of actionable recommendations, and how he worked with the customer within an hour of the alert to mitigate the threat.
Containers provide very important functionality: They package various software applications in “containers” to ensure that they are able to run correctly when moved from one computing environment to another.
The container model has all its dependencies packaged into virtual containers. A container not only contains an application but all supporting packages that are needed to run the application effectively. Thus, they provide flexibility, ease of use, and the ability to share resources. However, security is a primary concern when any new technology is pushed into production. Therefore, it is vital to focus on container security because poor security can put various applications and processes at risk for the entire enterprise. Threat Stack’s container security solutions monitor your containerized environments for risky and anomalous behavior and provide the visibility you need, no matter where your container strategy stands. You can deploy the Threat Stack agent on your host or even as a containerized agent to gain visibility into your containers. If you see risky behavior in a container, you’ll be able to follow the path of your attacker across your infrastructure.
Whether you’re using Docker or Docker with Kubernetes, security considerations must be paramount. Below, we discuss security tips and best practices that need to be incorporated for secure and safe utilization of containers. Read more “Container Security Tips and Best Practices”
Now is a good time to review Threat Stack’s Docker integration in the wake of the recent runc CVE. The headline reporting gets a little hyperbolic, but I still think we should use this as an opportunity to reflect. Containers represent a powerful abstraction for a unit of software. The container abstraction provides some isolation, facilitation, and control, but also some opaqueness. Threat Stack’s solution adds security visibility to your deployment, and our Docker integration provides visibility into your Docker containers.
Threat Stack announced the release of its Docker integration during Amazon’s 2015 re:Invent Conference and has continued to maintain and expand its capabilities in subsequent releases. This feature augments detected host events with Docker information when the Threat Stack agent identifies the event as originating from a container. Augmented information consists of the Docker container ID and the image name. We collect that data with a host-based agent that does not stick some additional agent into each container. Per-container agents would cause performance issues for typically small footprint containers. Our daemon runs in user space and does not hook into the kernel, allowing us to stay lean and lightweight. Let me to explain a bit about how this all works. Read more “How to Identify Threats Within Your Docker Containers”
Earlier this week security researchers Adam Iwaniuk and Borys Poplawski published details on a vulnerability in runC, the underlying container runtime for Docker, Kubernetes, cri-o, containerd, and other container-dependent programs. The vulnerability, CVE-2019-5736 allows malicious containers to overwrite the host runC binary and gain root-level code execution on the host. This would give attackers the ability to run any command as a root-level user including the ability to create new containers using an attacker-controlled image or attach executables into an existing container that they have write access to.
A patch has been issued for CVE-2019-5736, and all users should update to the latest version of all their container management programs as soon as possible.
Read more “How to Defend Against the runC Container Vulnerability”
Containerized environments are increasingly popular, and Docker remains the most popular container solution for developers. But the process of moving from virtual machines to containers is complex. If you’re just getting started with Docker, check out our list of 50 useful Docker tutorials for IT professionals, which includes tutorials for beginners, intermediate users, and advanced Docker pros.
It’s common to make mistakes during the transition from VMs to Docker containers, and it’s important to remember that Docker won’t fix all your problems in the cloud. There are also security issues you need to weigh in order to keep your environment fully secure both during and after the transition. Threat Stack’s Docker integration offers full visibility into your container environment, alerting you to internal and external threats — along with the context needed to understand what happened during a security event so you can take appropriate action.
Aside from failing to implement robust security measures for your containerized environment, people make other common mistakes make when switching to Docker containers. To gain some insight into the most common, we reached out to a panel of Docker experts and asked them to answer this question: