Hello from all of us at Sysdig!
Summer is almost gone, but don’t worry. While you were enjoying your vacation, we collected all the cloud-native news for you. Don’t miss our cloud-native highlights!
Sign up for our monthly Cloud-native News.
Ping us @sysdig or on our open-source Sysdig Slack group to share your feedback and suggest topics for future issues! Previous editions are in the archive.
The news
- KEDA and OpenTelemetry become CNCF incubating projects.
- Terraform AzureAD Provider 2.0 announced.
- Google announced their new Identify Services APIs.
- Debian 11 bullseye released.
- Go 1.17 released.
- Falco Sidekick reached +1M downloads in Dockerhub.
Kubernetes 1.22 is out
In early August, Kubernetes 1.22 was released. Several old features are finally considered stable, like Server-side Apply and CSI Windows support. It also includes some exciting new enhancements, like enabling seccomp by default. Don’t miss our roundup of what’s new in Kubernetes 1.22?
Industry buzz
Defending against dependency confusion attacks
Learn how Twilio protected itself from a dependency confusion attack with a clean inventory of all the dependencies and by implanting new security controls.
Migrating to a Cloud-Edge Synergy architecture
Read this interesting story about how China Mobile deployed a KubeEdge cluster to ensure low network latency and a faster streaming data transmission. The article covers all the problems they faced and how they solved them.
What database should I use?
Find the right database solution with this article from Google Cloud, that guides you through the different databases, both relational and non-relational, and use-cases to help you find the right one. It also includes a nice diagram summarizing the guide.
Provide secure access to your internal applications
Don’t miss this inspiring story explaining how a SaaS company used AWS, Terraform, and Okta to build a highly secure application gateway for internal use that doesn’t require too much maintenance.
Community tips
Safely storing Kubernetes secrets in Git
Take a look at how easy it is to encrypt (and decrypt) your Kubernetes secrets using Mozilla SOPS.
Understand Kubernetes CVE-2020-8562
Read this interesting article explaining a Kubernetes vulnerability that allows access to restricted networks. It includes diagrams and examples, and a temporary mitigation.
Configure your Docker image to access private resources
Learn how to safely use restricted information within Docker containers with Docker BuildKit, and how you can prevent the leaking of credentials used to configure your containers.
Use mutation policies in Kubernetes with Gatekeeper
Discover how to use this recent Gatekeeper feature (still in Alpha) to define a policy that can change Kubernetes resources based on different criteria.
Audit and secure an AWS account
Check out this exhaustive step-by-step guide on how to audit and secure an AWS account. It’s very well explained and full of examples.
What’s New with Sysdig?
Apolicy, welcome to the Sysdig family!
Sysdig has completed the acquisition of Apolicy to enable our customers to secure their infrastructure as code. We are very pleased to see the Apolicy team become part of the Sysdig family, bringing rich security DNA to our company.
Simplifying the Prometheus experience
Prospects:
This month, we announced several new and innovative features for our managed Prometheus service that can save you time and headache, including:
Clients:
Our managed Prometheus service can save you time and headache, and includes:
- A new Prometheus integrations manager that automatically detects services running in a customer’s environment, and guides the user through their configuration.
- Prometheus Remote Write support, enabling users to use our managed Prometheus service as a long-term storage solution for their metrics.
OpenTelemetry for pushing metrics to Prometheus Remote Write
Learn how OpenTelemetry can be a great solution to send metrics to a Prometheus remote write endpoint, without needing to install and configure a service Prometheus instance.
Sysrv-Hello Botnet targeting WordPress pods
A WordPress container with default credentials. What could go wrong? Check how the Sysrv-Hello botnet targets these setups to crypto mine.
Securing AWS IAM with Sysdig Secure
IAM holds the keys to your AWS account. If it gets compromised, your whole cloud account will shortly follow. Discover how easy it is to secure this service with Sysdig.
Recent releases and ecosystem updates
Most Sysdig products received updates in the last few days: Sysdig Secure and the Sysdig Cloud Connector, Sysdig Agents, our CLI and tools, and much more. Read all about the interesting new features and ecosystem updates on our blog.Stay safe. Meet us online:
Securing Infrastructure as Code
via Open Policy Agent (OPA)
Sept. 23 | 10am Pacific | 1pm Eastern
