December 2021 cloud-native news

Hello from all of us at Sysdig!

We’re saying goodbye to 2021 and wish our community a happy new year. As we look ahead to 2022, we anticipate another year of learning, growth, and exciting news for the cloud-native community.

With log4j being top of mind, we kick off this edition of Cloud Native news with CVE-2021-44228 resources. Then we reach into the vault to bring back past and current highlights that we found most interesting this year.

Sign up for our monthly Cloud-native News.

Ping us @sysdig or on our open-source Sysdig Slack group to share your feedback and suggest topics for future issues! Previous editions are in the archive.

Log4j vulnerability resources

A few days ago, we told you about a critical vulnerability found in log4j, a widely used logging library. Learn how to mitigate it with runtime-based Kubernetes Network Policies.

See below for information on how to sign up for our live webinar hosted today on how to address the log4j vulnerability in containers.

Sysdig’s top 10 highlights for 2021

Establishing a cloud security program

Learn from the experience of one security engineer. He shares advice on how to establish a cloud security program aimed at protecting a cloud-native offer that is container based and also service provider agnostic.

eBPF for cloud network infrastructure insight

Learn how Netflix uses eBPF for ingesting and enriching billions of TCP flow logs to provide visibility into their cloud ecosystem.

NSA & CISA Kubernetes security guidance review

Read this helpful review of the Cybersecurity Technical Report released by NSA and CISA, which analyzes the whole document and advises how it should be followed.

Docker changed the industry

Don’t miss this great article that puts into perspective how Docker, even though it didn’t invent them, made containers accessible to developers and changed the whole industry.

The race to secure Kubernetes at run time

Shift left is widely accepted, but take a look at this article about how containers require holistic protection throughout the entire life cycle and across disparate, often ephemeral environments.

Linkerd vs. Istio performance

Take a look at this benchmark comparison between the two leading service -mesh solutions for Kubernetes.

How to secure Kubernetes

Learn how to build a secure infrastructure in the times of infrastructure as code, infrom the words of Loris Degioanni (Sysdig) and Shlomi Wexler (Apolicy).

Cloud Native Security Survey: Kubernetes defaults too open

Check out this article covering respondents to a CNCF security survey that said default settings for the Kubernetes container orchestration platform are “too open.” Here’s the report.

Kubernetes co-founder interview

Don’t miss this interview with Joe Beda, Kubernetes co-founder, where he covers the origins of Kubernetes, as well as other cloud and software topics.

What database should I use?

Find the right database solution with this article from Google Cloud, which guides you through the different databases, both relational and non-relational, and use-cases to help you find the right one. It also includes a nice diagram summarizing the guide.

What’s New with Sysdig?

We raised $350 million in our latest fundraising round

This funding reflects investor conviction in our ability to be the dominant cloud and container security platform, and brings us closer to our vision of helping every organization to confidently run modern, cloud-native applications.

Kubernetes 1.23 is out

Kubernetes 1.23 was released and we told you about its 45 enhancements, with our classic editor’s pick.

Risk and compliance as code with Google Cloud

Sysdig has collaborated with Google Cloud to provide drift detection for GKE blueprinted environments to ensure compliance and reduce risk for customers who need to meet standards, such as FedRAMP, PCI, and NIST. Read more on the Google Cloud blog.

Visibility and security for GKE Autopilot

Sysdig has collaborated with Google Cloud to enable visibility and security for GKE Autopilot and your containers. Learn how to get started with the solution and what you can do to follow security best practices.

Security and visibility for SUSE Rancher

Sysdig and SUSE have launched a SUSE One Partner Solution Stack designed to help DevOps and security teams get started quickly with Sysdig Secure and SUSE Rancher. Read more about this partnership on our blog.

Recent releases and ecosystem updates

Most Sysdig products received updates in the last few days: Sysdig Secure and the Sysdig Cloud Connector, Sysdig Agents, our CLI and tools, and much more. Read all about the interesting new features and ecosystem updates on our blog.