Enhance Your Container Security with the MITRE ATT&CK Framework

By: Tricia Nagar
Apr 27, 2023

You are a self-professed cloud-native security warrior. You live to keep your containers and applications safe from the bad guys. Safe from the possibility of a cyberattack. Safe from a security breach. You are constantly evaluating the cloud threat...

The Case for Agentless Scanning for Simpler Cloud-Native Security

By: Tricia Nagar
Mar 30, 2023

As the cloud-native security space continues to evolve and expand, emerging concepts from the domain keep finding their way into mainstream industry vernacular. “Agentless” being one such concept. If you’ve never heard of agentless scanning be...

Emerging Technologies at the Inaugural CloudNativeSecurityCon Feb 1-2 

By: Kim McMahon
Jan 31, 2023

The inaugural CloudNativeSecurityCon (CNSC), hosted by Cloud Native Computing Foundation (CNCF), is happening February 1st and 2nd in Seattle, Washington and our team is excited to participate and support this event.  As more organizations s...

Protect Your Cloud-Native Apps from Common Security Failures

By: Tricia Nagar
Dec 6, 2022

The shift to cloud-native app development on Kubernetes is in full force. Today, cloud-native has become the strategy of choice in the software industry. There are plenty of reasons the industry is preferring cloud-native software development over l...

A New Open-Source Tool that Fills a Critical Serverless Security Gap 

By: Ariel Shuper
Nov 22, 2022

One of the main attractions of moving software to the cloud has always been the “shared responsibility model,” wherein the cloud provider deploys, protects, and maintains the underlying infrastructure and execution environment and the custom...

OpenSSL 3.0 Critical Vulnerabilities: Should You be Spooked?

By: Sarabjeet Chugh
Nov 1, 2022

Don’t be. Act now—use Panoptica to scan for OpenSSL vulnerabilities for free. On November 1, the OpenSSL Project team released a critical patch for OpenSSL 3.0. The patch—OpenSSL 3.0.7—will fix this vulnerability in the library affecting ...

Why Now Is the Time for CISOs to Embrace CNAPP for Cloud Native Security

By: Ran Ilany
Apr 20, 2022

“Breaking down silos” is a common phrase in the world of DevOps and DevSecOps. Ironically, though, if you look at how many DevOps and DevSecOps cloud native security tools actually work, you realize that the tools used are very siloed. In...

Cisco ET&I & Cloud Native Security – Pushing boundaries & making bold bets

By: Ran Ilany
Feb 7, 2022

Successful enterprises are good at what they do – so good, in fact, that it can become difficult for them to embrace new ideas. Instead, many choose to rest on the laurels of their existing products and services – Usually their successful produc...

Everything DevOps need to know about the NSA’s Kubernetes Security Guidance

By: Alexei Kravtsov
Nov 30, 2021

Kubernetes security is a complex topic. So complex that the National Security Agency recently issued a 59-page guidance document on Kubernetes security hardening. Yet, when you boil this advice down, you’ll find that most sources of compromis...

Hardening Kubernetes Containers Security with Seccomp

By: Erez Fishimer
Aug 13, 2021

Seccomps - An often overlooked way to harden Kubernetes containers’ security is by applying seccomp profiles. Customizing seccomp profiles, in effect, provides a deeply embedded line of defense that adds a layer of protection to your application i...