Tag: Security Posture
-
Defender for Containers (CWPP)
If you’re managing production-grade workloads on a major cloud platform, it’s essential to assess your security framework, particularly as you shift towards microservices and orchestration. A key yet often overlooked solution in this space is Microsoft Defender for Containers. Part of the broader Microsoft Defender for Cloud, this tool provides critical visibility and protection for…
-
AWS Config
Cloud operations with the control plane leverage a large amount of API’s and permissions behind the scenes abstracted from the end users. To continuously address these changes and states in your environment natively you can use AWS Config. Visually the set up for this in a simple configuration is shown below to illustrate the service…
-
KubeArmor Explored
KubeArmor is a cloud-native runtime security enforcement system that works with restricting behavior (this resides with execution, file access, and network operations) of pods, containers, and nodes (VM’s) at the system level. The way this tool works is by using Linux Security Modules which to no surprise are enamored in the Certified Kubernetes Security Specialist…
-
Otterize Intent Based Access Control in Kubernetes
Introduction Otterize is a organization that provides open-source CLI tool and a cloud-managed platform for managing kubernetes policies in a client-centric manner. In a nutshell, instead of mapping network policies depending on the CNI that you’re utilizing either Cilium, Calico, or Flannel this will alter the normal syntax you can put Intent-based for the workloads…
-
Conftest and authoring custom checks in Policy as Code
Introduction In the rapidly evolving world of Infrastructure as Code (IaC), ensuring compliance and security is paramount. How can we use tools that agnostically enforce guard rails uninformedly? One way to do this without incurring extravagant costs is using Conftest a wrapper of OPA. In this latest blog I’m going to cover how Conftest seamlessly…
-
Azure Kubernetes Service with Notary and Ratify
Introduction Azure Kubernetes Service while having many additions and capabilities continues to implement more native security controls and recently announced the use of signed images with leveraging the open-source project Ratify for a parameter known as ImageIntegrity. This is not only a step-forward of first party native capabilities but also a guard-rail that extends the…
-
Wazuh on Kubernetes
Wazuh is a open-source XDR and SIEM with cloud workload protection in this blog post we are covering the kubernetes deployment of resources for Wazuh in a cluster. For starters we are going to need to clone our repo to follow along mind you I’m hosting this in AKS. For clusters involving EKS in the…
-
Chaos Studio Experiments in AKS
Introduction Chaos Studio was presented as a service in Microsoft Azure that is to measure and understand your applications service resilience, I’ve wrote about using LitmusChaos previously in a blog but felt like I could create more on this topic as application resiliency is not only pivotal to organizations operations. Chaos Engineering is the practice…
-
Conftest in Terraform in Action
Introduction In today’s rapidly evolving technological landscape, ensuring the security and compliance of infrastructure has become paramount. Open Policy Agent (OPA) is a CNCF-graduated open-source project that utilizes rego policies for enforcement. With its ability to expand to multiple resources and its relatively easy-to-pick-up syntax, OPA has gained significant popularity. In this blog post, we…
-
Kubernetes v1.28.0 Validating Admission Policies
Kubernetes recently dubbed “Planternetes” with a large amount of enhancements, notably I’m covering some aspects of new releases in security features and Validating Admission Policies stood out to me. I’ve created a script using bash and kind with proper configuration for you to run this demo. I’m running on Ubuntu you can use macOS or…