Virtualization & Cloud
Supply Chain Attacks in the Age of Cloud Computing: Risks, Mitigations, and the Importance of Securing Back EndsOctober 26, 2020A critical asset that enterprises should give careful security consideration to is their back-end infrastructure which, if compromised, could lead to supply chain attacks.
- October 14, 2020With Kubernetes’ popularity and high adoption rates, its security should always be prioritized. We provide vital tips and recommendations on keeping the master node, the API server, etcd, RBAC, and network policies secure.
- October 14, 2020Can your container image be trusted? Learn how Docker Content Trust (DCT) employs digital signatures for container image verification and manages trusted collections of content.
- October 08, 2020We outline security mitigations and settings that should be prioritized in a clustered environment. The second part of our security guide on Kubernetes clusters covers best practices related to worker nodes, the kubelet, pods, and audit logs.
- August 19, 2020In our monitoring of Docker-related threats, we came across a threat actor who uploaded malicious images to Docker Hub for cryptocurrency mining.
- August 11, 2020Serverless computing is not immune to risks and threats. Our security research provides a comprehensive analysis of the possible attack scenarios that could compromise serverless services and deployments.
- July 27, 2020Security issues often arise as a result of applications being rushed for deployment without adequate checks and protections. What are the top security risks to applications and what can organizations do to secure their DevOps pipeline?
- July 14, 2020Infrastructure as Code (IaC) is a key DevOps practice that bolsters agile software development. In this report, we identify security risk areas in IaC implementations and the best practices in securing them in hybrid cloud environments.
- May 27, 2020Cloud-native security adopts the defense-in-depth approach and divides the security strategies utilized in cloud-native systems into four different layers which are seen in “The 4Cs of Cloud-native Security.”