July 2021 Summaries
7 posts from Sysdig
Filter
Month:
Year:
Post Summaries
Back to Blog
Sysdig offers a comprehensive platform for monitoring and securing Amazon Elastic Kubernetes Service (EKS), leveraging tools like Sysdig Monitor and Sysdig Secure to streamline the deployment, management, and scaling of containerized applications on AWS. The platform integrates cloud, container, and orchestration insights to identify vulnerabilities and performance issues in Kubernetes environments through technologies such as ImageVision, ContainerVision, ServiceVision, and CloudVision. Sysdig's approach includes auto-tagging events and metrics, offering detailed views of infrastructure and microservices, and facilitating real-time monitoring and security with features like dashboards, adaptive alerts, and system captures. The installation process is straightforward, utilizing a lightweight container-agent deployed as a DaemonSet to ensure comprehensive coverage as nodes are added or fail. Sysdig aims to provide critical performance, health, and security insights, supporting both cloud and on-premise AWS environments, and simplifying the management of containerized services.
Jul 31, 2021
1,158 words in the original blog post.
Kubernetes 1.22 introduces a significant number of enhancements to bolster security, improve performance, and streamline operations, with 56 new features compared to previous versions. Notably, this release focuses on security improvements by implementing a rootless mode, enabling Seccomp by default, and replacing Pod Security Policies with a new admission controller. Other key features include node swap support, Cgroups v2 for enhanced resource management, and improved container storage options. Additionally, Kubernetes 1.22 addresses several deprecations and removals of beta APIs, urging users to migrate to stable versions. The release also emphasizes enhancements in authentication, network handling, scheduling, and storage, providing a more robust and flexible platform for managing containerized applications. With these updates, Kubernetes aims to provide a more secure, efficient, and user-friendly experience for developers and administrators.
Jul 29, 2021
5,249 words in the original blog post.
The MITRE ATT&CK Framework for Cloud is a comprehensive knowledge base designed to help identify potential threats in cloud environments by analyzing tactics, techniques, and procedures (TTPs) used by advanced threat actors. It is not a compliance standard but serves as a foundation for threat models and methodologies, providing a head start on compliance standards by guiding cybersecurity teams to adopt best security practices. The framework includes various matrices, with the IaaS Matrix being a subset of the Enterprise Matrix, focusing specifically on cloud environments and infrastructure as a service. It categorizes threats into tactics such as Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Collection, Exfiltration, and Impact. Each category outlines specific techniques used by adversaries, ranging from exploiting vulnerabilities to stealing data and evading detection. The framework emphasizes the importance of securing cloud infrastructures through tools offered by cloud providers, open-source projects like Falco, and commercial solutions that provide comprehensive monitoring and threat detection. Overall, the MITRE ATT&CK Framework for Cloud is a valuable resource for strengthening cloud security by helping organizations identify and mitigate risks effectively.
Jul 28, 2021
3,075 words in the original blog post.
CVE-2021-33909, known as Sequoia, is a high-severity privilege escalation vulnerability affecting Linux's file system, primarily due to an out-of-bounds write in the Linux kernel's seq_file interface. Disclosed in July 2021, it impacts several Linux distributions, including Ubuntu, Debian, and Fedora, and allows low-level privileged users to escalate to root privileges, potentially compromising sensitive data and system integrity. Mitigation involves installing patches when available, using host scanning to detect vulnerabilities, and employing tools like Falco to monitor for suspicious post-exploitation activities. Falco, an open-source project, can detect unexpected application behavior and send alerts through customizable rules, enhancing security by identifying unauthorized actions within affected systems. While no public exploit has been released, the vulnerability's potential impact underscores the importance of proactive detection and remediation efforts to protect against unauthorized access and data breaches.
Jul 28, 2021
1,839 words in the original blog post.
In July 2021, Sysdig introduced several updates and enhancements to its cloud security and compliance offerings. Notably, Sysdig announced its intent to acquire Apolicy, aiming to bolster integrations and expand its capabilities. Sysdig extended compliance standards to AWS and introduced new ones, while also trimming excess rules to enhance security posture. The company enhanced its Sysdig Secure platform with support for CIS RedHat OpenShift Container Platform v4 Benchmark and released updates across its tools, including Sysdig Agent, which now supports installation in AWS ECS Anywhere and features improved console logging and defect fixes. The Sysdig Serverless Agent saw enhancements such as the introduction of the Captures feature in Fargate. Additionally, several updates were made to the Falco rules, Helm Charts, Node Analyzer, Inline Scanning Engine, Admission Controller, and various SDKs and tools, all aimed at improving security, compliance, and performance in cloud environments.
Jul 27, 2021
1,817 words in the original blog post.
Sysdig's acquisition of Apolicy is aimed at enhancing infrastructure as code (IAC) security and automating remediation to bolster Kubernetes and cloud security. This strategic move aligns with Sysdig's Secure DevOps vision by integrating Apolicy’s unique approach to address configuration risks from source to production, thereby enhancing DevOps efficiency and ensuring consistent remediation across production environments. The acquisition supports Sysdig's objectives of shift-left security, runtime security, and continuous compliance, which are critical in the modern software development landscape shaped by microservices, containers, and cloud services. Apolicy's capabilities, such as automated drift remediation and risk prioritization using policy as code, complement Sysdig’s existing solutions, including image scanning and threat detection, thereby fortifying Sysdig’s Kubernetes and Cloud Security Posture Management offerings. As containers and cloud adoption become priorities, addressing associated security risks is crucial, motivating Sysdig's rapid innovation to enable secure and compliant cloud application deployments.
Jul 20, 2021
948 words in the original blog post.
To foster a culture of Secure DevOps, organizations should consider implementing a "foreign exchange" program where members of DevOps and security teams spend time working with each other to break down silos, improve understanding, and foster collaboration. This initiative involves DevOps personnel spending a day a month with security teams and vice versa, promoting mutual learning and cultural integration. The program aims to enhance education without formal training, strengthen company culture by integrating security into the design and development processes, and increase engagement by involving security in all stages of product development. Although this approach requires a time investment, the long-term benefits include improved communication, automation of security processes, and the creation of a more cohesive and supportive workplace environment. The program is designed not to be a one-time effort but a continuous engagement to facilitate ongoing learning and relationship building, ultimately integrating security more deeply into DevOps practices and encouraging a shift-left strategy for security considerations.
Jul 16, 2021
2,310 words in the original blog post.