October 2021 Summaries
8 posts from Sysdig
Filter
Month:
Year:
Post Summaries
Back to Blog
Published on October 28, 2021, "Tales from the Crypt o' mine – Four spooky short stories" appears on LinkedIn and delves into the capabilities of Falco Feeds, a service that enhances the Falco open-source security tool. Falco Feeds provides open source-focused companies with access to expertly crafted, continuously updated security rules to address newly discovered threats, thereby extending Falco's effectiveness in cloud security. The post also highlights opportunities for readers to engage further with cloud security solutions by offering demonstrations guided by security experts.
Oct 28, 2021
81 words in the original blog post.
Cloud Infrastructure Entitlements Management (CIEM) is essential for maintaining secure cloud environments by preventing over-permissioned accounts, which are a common security misconfiguration. Sysdig Secure offers a CIEM feature that helps organizations implement the principle of least privilege by analyzing audit logs of cloud commands and correlating them with users, roles, and policies. It provides a detailed dashboard that highlights unused permissions, inactive users, and policies with excessive permissions, allowing users to strengthen their IAM security posture. The tool aids in visualizing actual permission usage, identifying over-permissioned situations, and suggests policy optimization to mitigate the risk of data breaches. By automating the analysis of access governance controls, Sysdig Secure enhances the security of cloud environments and facilitates the management of identity lifecycles.
Oct 27, 2021
1,410 words in the original blog post.
The Tsunami malware, a backdoor first identified years ago, has resurfaced with new capabilities targeting Jenkins and Weblogic services within Kubernetes clusters, exploiting vulnerabilities and misconfigurations to gain control over infected systems. Once a system is compromised, attackers can execute shell commands, download files, perform DDoS attacks, and even run cryptocurrency miners, leveraging IRC servers for command and control communication. Despite past patches for vulnerabilities like CVE-2020-14882, outdated container images remain susceptible, underscoring the importance of regular updates and vigilant security practices. To mitigate risks, Falco, a cloud-native runtime security tool, can detect suspicious activity by monitoring container environments and alerting users to potential threats. Keeping services updated and securing credentials are crucial steps in defending against such evolving threats.
Oct 26, 2021
1,246 words in the original blog post.
Sysdig's October 2021 update highlights several advancements, including a collaboration with Google Cloud to enhance cloud security and compliance controls, alongside improvements to their software-as-a-service platform. A notable feature is the technology preview of a new scanning engine, which is significantly faster and offers extended vulnerability data and enhanced remediation advice. Sysdig also expanded its monitoring capabilities with direct Prometheus integration, making it easier to manage and visualize workload metrics. Enhanced user experiences are introduced across Sysdig's interfaces, including an improved UI for monitoring integrations and dashboard enhancements. Additionally, updates to the Sysdig Agent and Serverless Agent address previous issues and provide better resource management and metadata reporting. The release also discusses improvements in the Sysdig CLI, Python SDK, and Terraform Provider, alongside new resources and integrations in their ecosystem.
Oct 26, 2021
2,386 words in the original blog post.
The blog post outlines a method for monitoring a Windows cluster using Prometheus by installing small Prometheus instances on each Windows machine to centralize metrics into a single Prometheus server. The author describes utilizing Prometheus remote write to send metrics directly to the server without intermediate storage, thus minimizing storage concerns by setting a one-day retention period for each instance. The process involves installing the Windows exporter to provide an HTTP endpoint for metrics collection and configuring Prometheus to scrape these endpoints. The author also emphasizes the importance of smart labeling for filtering metrics by various factors such as availability zone or environment and suggests adding external labels in the global configuration. The article concludes by inviting readers to share their monitoring approaches and offers a trial of Sysdig Monitor for enterprise-grade managed Prometheus services.
Oct 21, 2021
655 words in the original blog post.
ISO 27001:2013 certification is crucial for organizations seeking to protect their digital assets and build trust with customers by demonstrating a commitment to security best practices. This certification involves implementing a set of security controls to address potential threats such as data breaches and cyberattacks, ensuring compliance with legal and contractual obligations. Sysdig Secure offers support for organizations pursuing this certification by providing tools to assess security postures, manage risks, and ensure compliance with ISO 27001 standards. Through Sysdig's comprehensive compliance report and ongoing monitoring, companies can efficiently prepare for the certification audit, ultimately saving time and resources. With the increasing importance of data privacy, obtaining ISO 27001 certification can significantly benefit companies across various industries.
Oct 13, 2021
801 words in the original blog post.
The blog post explains how to set up a Kubernetes Horizontal Pod Autoscaler (HPA) using Prometheus metrics with the help of Keda, an open-source project that allows for more advanced scaling capabilities beyond the default Kubernetes metrics of CPU and memory. Keda facilitates the use of Prometheus queries and other scalers to scale Kubernetes pods, overcoming two main limitations of Kubernetes HPA: its inability to combine metrics and the limited metrics it exposes by default. The post details the installation of Keda via Helm and illustrates how Keda's ScaledObject Custom Resource Definition (CRD) can define scaling parameters using a Prometheus trigger. An example is provided to demonstrate how to scale the nginx-server deployment based on the nginx_connections_waiting metric, showcasing Keda's ability to use Prometheus queries to manage scaling. Additionally, Keda offers features such as scaling down to zero replicas, handling error connections, and secure connections with Prometheus endpoints, simplifying the process of creating and managing an HPA without extending the Kubernetes API metrics endpoint.
Oct 07, 2021
975 words in the original blog post.
In this article, readers are guided through the process of configuring Keda to deploy a Kubernetes Horizontal Pod Autoscaler (HPA) using metrics from Sysdig Monitor. Keda, an open-source project, allows the scaling of Kubernetes pods through Prometheus queries, and this article builds on previous knowledge of creating an HPA with standard Prometheus queries by utilizing Sysdig's managed Prometheus solution. The example scenario involves scaling an Nginx deployment from one to five replicas based on the nginx_connections_waiting metric. The article explains the necessary steps, including creating a secret with the Sysdig API token, setting up a TriggerAuthentication object, and creating a ScaledObject to manage the scaling process. The process demonstrates the integration of Sysdig Monitor with Keda to automate scaling decisions in a Kubernetes environment efficiently.
Oct 07, 2021
475 words in the original blog post.