February has been a busy month in the cloud-native community. We, at Sysdig, are excited to announce a new version of the Sysdig Admission Controller that makes deployments secure by default. Don’t miss our cloud-native highlights!
Sign up for our monthly Cloud-native News.
Ping us @sysdig or on our open-source Sysdig Slack group to share your feedback and suggest topics for future issues! Previous editions are in the archive.
The news
- The CNCF announced that Open Policy Agent graduated.
- Open Policy Agent also released v0.26.0.
- The Cloud Security Alliance has released the initial version 4 of the CCM.
- Container Plumbing Days will take place March 9-10, 2021.
- HashiCorp is working on a Kubernetes provider for Terraform.
- Google Cloud released CIS 1.1.0 Benchmark Inspec Profile for GKE.
- Google Cloud started offering on-demand image scanning.
Industry buzz
Investments and dealmaking around Kubernetes
Kubernetes security is trendy and everyone wants a piece of the cake. We’re only two months into 2021 and there have been plenty of deals already.
DDoS attacks in 2020
The prevalence of Distributed DDoS attacks in 2020 grew by more than 50%. Check out this report from Azure, reviewing 2020’s trends and insights on this kind of attack.
Build pipelines attack
The software build process is often overlooked. Take a look at the U.S. government warnings and recommendations on the topic.
Check out a real example of how vulnerable development pipelines could compromise your organization.
Kubernetes in Nvidia’s GPU hardware
Nvidia has been using Kubernetes internally for years to apply the technology to intense GPU workloads.
Kubernetes attacks:
What your cluster is trying to tell you
Feb. 25 | 10am Pacific | 1pm Eastern
Community tips
Crypto-mining attacks are getting sophisticated
Read this astonishing story about a crypto-mining attack. It started as an innocent pull-request that silently triggered a Github action.
Building container images without Docker
Learn how to use go-containerregistry to build container images programmatically by using Go.
Making containers die faster
Check out this empiric scenario on how killing containers manually can lead to faster boot times and fewer blocked resources in our cluster.
Bad pods: Kubernetes pod privilege escalation
Review, with several scenarios, what the worst things that can happen are when you don’t follow the deployment security best practices.
How to detect sudo’s CVE-2021-3156 using Falco
A heap overflow vulnerability allows privilege escalation on sudo. Learn how it works and how to detect such an exploit with Falco.
Recently, Amazon released new versions of their Linux images shipping an updated kernel without this vulnerability.
Awesome Falco resources
Check out this curated list of Falco-related tools, frameworks, and articles on GitHub.
Pop and Falco on the Kubelist Podcast
Listen to this interview with Dan “Pop” Papandrea in which he talks about Falco and the importance of runtime monitoring for security.
Using Falco with Kubernetes audit logs
Check out how to integrate the Kubernetes audit logs with Falco to detect suspicious activity in your cluster.
What’s New with Sysdig?
New Admission Controller (beta)
We have released a new version of the Sysdig Admission Controller (still in testing stage) that enables you to not only detect and get security reports, but to take direct actions using a new user interface.
Take a look at this video explaining how the new user interface works.
If you want to learn more about Kubernetes Admission Controllers, we can tell you how it works in 5 minutes.
Detecting MITRE ATT&CK defense evasion
Learn how to stay ahead of attackers, detecting them when they try to bypass your defenses.
Runtime security in Azure Kubernetes Service
Already implemented image scanning, and want to take security on your Azure container infrastructure a bit further? Check how you can implement runtime security for AKS with Sysdig and Falco rules.
How to monitor AWS SQS with Prometheus
Don’t miss these topics on how to monitor AWS SQS, and how to use Prometheus to track all your cloud services in a single pane of glass.
Recent releases and ecosystem updates
Most Sysdig products received updates in the last few days: Sysdig Secure, Sysdig Monitor, our Falco rules, new PromCat.io resources, and much more. Read all about the interesting new features and ecosystem updates on our blog.
Stay safe. Meet us online:
Kubernetes attacks:
What your cluster is trying to tell you
Feb. 25 | 10am Pacific | 1pm Eastern
See Sysdig at Microsoft Ignite
Mar. 2 – 4, 2021
Container security best practices on Azure Kubernetes Service
Mar. 4 | 10am Pacific | 1pm Eastern
Accelerate your FedRAMP journey for container security
Mar. 11 | 10am Pacific | 1pm Eastern
