Recent articles

A New Open-Source Tool that Fills a Critical Serverless Security Gap 

By: Ariel Shuper
Nov 22 2022

One of the main attractions of moving software to the cloud has always been the “shared responsibility model,” wherein the cloud provider deploys, protects, and maintains the underlying infrastructure and execution environment and the custom...

OpenSSL 3.0 Critical Vulnerabilities: Should You be Spooked?

By: Sarabjeet Chugh
Nov 1 2022

Don’t be. Act now—use Panoptica to scan for OpenSSL vulnerabilities for free. On November 1, the OpenSSL Project team released a critical patch for OpenSSL 3.0. The patch—OpenSSL 3.0.7—will fix this vulnerability in the library affecting ...

API Security

OpenClarity: A Community-Led Approach to Cloud-Native Application Security

By: Tim Miller
Oct 27 2022

Developing decentralized applications is simultaneously freeing and scary. The freedom comes from being able to develop, release, and upgrade application components without being bound by a huge, monolithic release cycle. And if something goes wrong...

FunctionClarity: The Key to Secure Serverless Computing

By: Tim Miller
Oct 27 2022

Serverless computing frees developers to focus on developing and deploying cloud-native features and services faster, without having to manage infrastructure. Untethered from platform and operating-system management, these functions allow developers...

Speed Versus Security: Tackling the “Developer’s Dilemma”

By: Rami H.
Sep 19 2022

Today’s developer just can’t win. It’s a continuous tug of war between business objectives—the boss who wants releases “faster, faster, faster!” and the security team, who keeps halting releases because of insecure code—with the develo...

Securing Serverless Applications Against the Most Critical Risks

By: Sarabjeet Chugh
Sep 19 2022

If you’re a developer working in a cloud environment, there’s a good chance that you’ve either started thinking about serverless computing or have already started to deploy it. And why not? Unlike VMs or container clusters, serverless function...

Seeing the Unseen: Gaining Visibility into API Payload Encryption

By: Alessandro Duminuco
Jun 7 2022

When it comes to API security, end-to-end encryption presents something of a paradox. On one hand, encryption secures the data that is exchanged during transactions. This is, of course, a good thing. But there’s a drawback: When you use end-...

Introducing Panoptica, The Cisco Secure Application Cloud

By: Rich Gold
May 19 2022

Enabling DevSecops for cloud native applications through security automation “From the acquisition of Portshift, the Cisco Emerging Technology and Incubation team has been on a mission to enable secure software development for cl...

5 Real-World API Security Breaches from 2021

By: Ran Ilany
Apr 14 2022

It’s no exaggeration to say that, when it comes to API security, there are a lot of challenges. Not only are attacks that exploit vulnerabilities in APIs on the rise, but there is good reason to believe that API vulnerabilities will be am...

Securing API Calls in Kubernetes, a simple and effective Approach

By: Alessandro Duminuco
Apr 13 2022

Historically, API authentication methods have involved a tradeoff between security and convenience. Today, with cloud native applications and Kubernetes, there are several options, but security tradeoffs remain: You could hardcode credentials, wh...

The 3 Pillars of API Security: Visibility, Risk Scoring & Enforcement

By: Alessandro Duminuco
Oct 20 2021

You can’t secure what you can’t see. APIs are no exception. Whether your application uses internal APIs to manage interactions between microservices, external APIs to integrate with third-party services, or both, you need to be able to visual...

Internal vs. External API Security: What to Know

By: Peter Bosch
Oct 6 2021

Every API falls into one of two categories: Internal or external. External APIs are APIs that developers use to integrate their applications with a third-party resource, such as a public cloud service or a SaaS application. This type of API is pr...

API Security - The Challenges & Latest Developments

By: Naor Shmuel
Jul 23 2021

Forrester dubbed API Insecurity "the lurking threat in your software." Understanding API security-specific risks is key to protecting your API. New ways of thinking about API security are emerging. Using external services through APIs is routinel...

Cisco – the Bridge to an API-first, Cloud Native World

By: Liz Centoni
Apr 30 2021

The traditional development of applications is giving way to a new era of modern application development. Modern apps are on a steep rise. Increasingly, the application experience is the new customer experience. Faster innovation velocity is need...

Vulnerability Management

A New Open-Source Tool that Fills a Critical Serverless Security Gap 

By: Ariel Shuper
Nov 22 2022

One of the main attractions of moving software to the cloud has always been the “shared responsibility model,” wherein the cloud provider deploys, protects, and maintains the underlying infrastructure and execution environment and the custom...

How Panoptica Secures GitOps to Protect CI/CD Pipeline Tools

By: Tomer Dvir
Jun 8 2022

If you work in software development or IT, you’ve likely heard about – and perhaps are even practicing – GitOps, the latest, greatest way to accelerate software delivery. GitOps uses Git, the version control system, to centralize and stan...

Leveraging Gitops to Deploy Cloud Native Security

By: Tomer Dvir
Nov 8 2021

GitOps is increasingly popular among developers as it accelerates development, but as security requirements grow, a new approach is needed. GitOps security needs to shift left. Here’s how to secure your GitOps repository. GitOps is gaining trac...

Automated Policy for developers using CI/CD (Terraform) tools

By: Tomer Dvir
Aug 16 2021

Automated Policy - Infrastructure as code is a core element of today’s CI/CD pipeline and led to the emergence of Continuous Configuration Automation (CCA) tools, such as Terraform, a leading declarative push CCA solution launched by HashiCorp in ...

Kubernetes

A New Open-Source Tool that Fills a Critical Serverless Security Gap 

By: Ariel Shuper
Nov 22 2022

One of the main attractions of moving software to the cloud has always been the “shared responsibility model,” wherein the cloud provider deploys, protects, and maintains the underlying infrastructure and execution environment and the custom...

OpenSSL 3.0 Critical Vulnerabilities: Should You be Spooked?

By: Sarabjeet Chugh
Nov 1 2022

Don’t be. Act now—use Panoptica to scan for OpenSSL vulnerabilities for free. On November 1, the OpenSSL Project team released a critical patch for OpenSSL 3.0. The patch—OpenSSL 3.0.7—will fix this vulnerability in the library affecting ...

Why Now Is the Time for CISOs to Embrace CNAPP for Cloud Native Security

By: Ran Ilany
Apr 20 2022

“Breaking down silos” is a common phrase in the world of DevOps and DevSecOps. Ironically, though, if you look at how many DevOps and DevSecOps cloud native security tools actually work, you realize that the tools used are very siloed. In...

Cisco ET&I & Cloud Native Security - Pushing boundaries & making bold bets

By: Ran Ilany
Feb 7 2022

Successful enterprises are good at what they do – so good, in fact, that it can become difficult for them to embrace new ideas. Instead, many choose to rest on the laurels of their existing products and services – Usually their successful produc...

Everything DevOps need to know about the NSA’s Kubernetes Security Guidance

By: Alexei Kravtsov
Nov 30 2021

Kubernetes security is a complex topic. So complex that the National Security Agency recently issued a 59-page guidance document on Kubernetes security hardening. Yet, when you boil this advice down, you’ll find that most sources of c...

Hardening Kubernetes Containers Security with Seccomp

By: Erez Fishimer
Aug 13 2021

Seccomps - An often overlooked way to harden Kubernetes containers’ security is by applying seccomp profiles. Customizing seccomp profiles, in effect, provides a deeply embedded line of defense that adds a layer of protection to your application i...

What’s New in Kubernetes v1.21 and Istio 1.9 Releases and their implications on DevOps?

By: Alexei Kravtsov
Jul 22 2021

Kubernetes and service mesh are increasingly interrelated, yet their new versions are released separately on different dates. Kubernetes and Istio’s last releases help to get a clearer understanding of the interplay between them and how one affect...

A new MITRE ATT&CK security framework for Containers and Kubernetes

By: Ariel Shuper
May 7 2021

Last week (April 29th) the MITRE org released the ATT&CK matrix for Containers. The release marks the culmination of a research project investigating the viability of container-related techniques into an ATT&CK matrix. Based on extensiv...

API Security

OpenClarity: A Community-Led Approach to Cloud-Native Application Security

By: Tim Miller
Oct 27 2022

Developing decentralized applications is simultaneously freeing and scary. The freedom comes from being able to develop, release, and upgrade application components without being bound by a huge, monolithic release cycle. And if something goes wrong...

FunctionClarity: The Key to Secure Serverless Computing

By: Tim Miller
Oct 27 2022

Serverless computing frees developers to focus on developing and deploying cloud-native features and services faster, without having to manage infrastructure. Untethered from platform and operating-system management, these functions allow developers...

Speed Versus Security: Tackling the “Developer’s Dilemma”

By: Rami H.
Sep 19 2022

Today’s developer just can’t win. It’s a continuous tug of war between business objectives—the boss who wants releases “faster, faster, faster!” and the security team, who keeps halting releases because of insecure code—with the develo...

Securing Serverless Applications Against the Most Critical Risks

By: Sarabjeet Chugh
Sep 19 2022

If you’re a developer working in a cloud environment, there’s a good chance that you’ve either started thinking about serverless computing or have already started to deploy it. And why not? Unlike VMs or container clusters, serverless function...

Seeing the Unseen: Gaining Visibility into API Payload Encryption

By: Alessandro Duminuco
Jun 7 2022

When it comes to API security, end-to-end encryption presents something of a paradox. On one hand, encryption secures the data that is exchanged during transactions. This is, of course, a good thing. But there’s a drawback: When you use end-...

Introducing Panoptica, The Cisco Secure Application Cloud

By: Rich Gold
May 19 2022

Enabling DevSecops for cloud native applications through security automation “From the acquisition of Portshift, the Cisco Emerging Technology and Incubation team has been on a mission to enable secure software development for cl...

5 Real-World API Security Breaches from 2021

By: Ran Ilany
Apr 14 2022

It’s no exaggeration to say that, when it comes to API security, there are a lot of challenges. Not only are attacks that exploit vulnerabilities in APIs on the rise, but there is good reason to believe that API vulnerabilities will be am...

Securing API Calls in Kubernetes, a simple and effective Approach

By: Alessandro Duminuco
Apr 13 2022

Historically, API authentication methods have involved a tradeoff between security and convenience. Today, with cloud native applications and Kubernetes, there are several options, but security tradeoffs remain: You could hardcode credentials, wh...

The 3 Pillars of API Security: Visibility, Risk Scoring & Enforcement

By: Alessandro Duminuco
Oct 20 2021

You can’t secure what you can’t see. APIs are no exception. Whether your application uses internal APIs to manage interactions between microservices, external APIs to integrate with third-party services, or both, you need to be able to visual...

Internal vs. External API Security: What to Know

By: Peter Bosch
Oct 6 2021

Every API falls into one of two categories: Internal or external. External APIs are APIs that developers use to integrate their applications with a third-party resource, such as a public cloud service or a SaaS application. This type of API is pr...

API Security - The Challenges & Latest Developments

By: Naor Shmuel
Jul 23 2021

Forrester dubbed API Insecurity "the lurking threat in your software." Understanding API security-specific risks is key to protecting your API. New ways of thinking about API security are emerging. Using external services through APIs is routinel...

Cisco – the Bridge to an API-first, Cloud Native World

By: Liz Centoni
Apr 30 2021

The traditional development of applications is giving way to a new era of modern application development. Modern apps are on a steep rise. Increasingly, the application experience is the new customer experience. Faster innovation velocity is need...

Vulnerability Management

A New Open-Source Tool that Fills a Critical Serverless Security Gap 

By: Ariel Shuper
Nov 22 2022

One of the main attractions of moving software to the cloud has always been the “shared responsibility model,” wherein the cloud provider deploys, protects, and maintains the underlying infrastructure and execution environment and the custom...

How Panoptica Secures GitOps to Protect CI/CD Pipeline Tools

By: Tomer Dvir
Jun 8 2022

If you work in software development or IT, you’ve likely heard about – and perhaps are even practicing – GitOps, the latest, greatest way to accelerate software delivery. GitOps uses Git, the version control system, to centralize and stan...

Leveraging Gitops to Deploy Cloud Native Security

By: Tomer Dvir
Nov 8 2021

GitOps is increasingly popular among developers as it accelerates development, but as security requirements grow, a new approach is needed. GitOps security needs to shift left. Here’s how to secure your GitOps repository. GitOps is gaining trac...

Automated Policy for developers using CI/CD (Terraform) tools

By: Tomer Dvir
Aug 16 2021

Automated Policy - Infrastructure as code is a core element of today’s CI/CD pipeline and led to the emergence of Continuous Configuration Automation (CCA) tools, such as Terraform, a leading declarative push CCA solution launched by HashiCorp in ...

Kubernetes

A New Open-Source Tool that Fills a Critical Serverless Security Gap 

By: Ariel Shuper
Nov 22 2022

One of the main attractions of moving software to the cloud has always been the “shared responsibility model,” wherein the cloud provider deploys, protects, and maintains the underlying infrastructure and execution environment and the custom...

OpenSSL 3.0 Critical Vulnerabilities: Should You be Spooked?

By: Sarabjeet Chugh
Nov 1 2022

Don’t be. Act now—use Panoptica to scan for OpenSSL vulnerabilities for free. On November 1, the OpenSSL Project team released a critical patch for OpenSSL 3.0. The patch—OpenSSL 3.0.7—will fix this vulnerability in the library affecting ...

Why Now Is the Time for CISOs to Embrace CNAPP for Cloud Native Security

By: Ran Ilany
Apr 20 2022

“Breaking down silos” is a common phrase in the world of DevOps and DevSecOps. Ironically, though, if you look at how many DevOps and DevSecOps cloud native security tools actually work, you realize that the tools used are very siloed. In...

Cisco ET&I & Cloud Native Security - Pushing boundaries & making bold bets

By: Ran Ilany
Feb 7 2022

Successful enterprises are good at what they do – so good, in fact, that it can become difficult for them to embrace new ideas. Instead, many choose to rest on the laurels of their existing products and services – Usually their successful produc...

Everything DevOps need to know about the NSA’s Kubernetes Security Guidance

By: Alexei Kravtsov
Nov 30 2021

Kubernetes security is a complex topic. So complex that the National Security Agency recently issued a 59-page guidance document on Kubernetes security hardening. Yet, when you boil this advice down, you’ll find that most sources of c...

Hardening Kubernetes Containers Security with Seccomp

By: Erez Fishimer
Aug 13 2021

Seccomps - An often overlooked way to harden Kubernetes containers’ security is by applying seccomp profiles. Customizing seccomp profiles, in effect, provides a deeply embedded line of defense that adds a layer of protection to your application i...

What’s New in Kubernetes v1.21 and Istio 1.9 Releases and their implications on DevOps?

By: Alexei Kravtsov
Jul 22 2021

Kubernetes and service mesh are increasingly interrelated, yet their new versions are released separately on different dates. Kubernetes and Istio’s last releases help to get a clearer understanding of the interplay between them and how one affect...

A new MITRE ATT&CK security framework for Containers and Kubernetes

By: Ariel Shuper
May 7 2021

Last week (April 29th) the MITRE org released the ATT&CK matrix for Containers. The release marks the culmination of a research project investigating the viability of container-related techniques into an ATT&CK matrix. Based on extensiv...