Avatar photo
By: Glen Kosaka

September 8, 2021 8:12 am

4,723 views

How to Use NeuVector with the Mitre Att&ck Framework

There are many attack vectors for cloud-native Kubernetes and container deployments, some new and some traditional. To help organizations learn about these and protect against them, MITRE has published a knowledge base of techniques and tactics in a new matrix focused on containers. The newly published ATT&CK® for Containers provides container-specific attack vectors […]

Read More


Avatar photo
By: Glen Kosaka

May 8, 2021 10:03 am

7,519 views

How to Use Terraform to Deploy Secure Infrastructure as Code

How to Ensure that the Infrastructure Remains Secure and Applications Are Secured Before Deployment (more…)[…]

Read More


Avatar photo
By: Glen Kosaka

April 17, 2021 10:21 am

8,044 views

An Introduction to Secure Infrastructure as Code (IaC) Using Terraform

A hot topic these days is Infrastructure as Code, or IaC, and how to use tools like Terraform to deploy IaC. There are tremendous benefits for following Infrastructure as Code principles, one of which is security, or Security as Code. What is Infrastructure as Code (IaC)?Infrastructure as Code enables modern infrastructures such as cloud […]

Read More


Avatar photo
By: Glen Kosaka

August 21, 2020 12:44 pm

3,664 views

Protect Kubernetes Containers on AWS Using the Shared Responsibility Model

Editor's note: This post was updated on August 17, 2022 Deploying an AWS container security solution is a critical requirement to protect your data and assets running on AWS, including EC2, EKS, ECS, Kubernetes, or RedHat OpenShift. In its ‘Shared Responsibility Model,’ AWS states that the security responsibility is shared between AWS and […]

Read More


Avatar photo
By: Glen Kosaka

May 14, 2020 12:15 pm

4,274 views

How to Protect Web Applications in Containers Using DPI and DLP

Protect Kubernetes Applications with Your Existing Threat Rules By Fei Huang The software security industry has grown very quickly in the past decades, and companies large and small are all using some type of network and endpoint security solution. These include solutions for anti-virus, anti-malware, web application firewall (WAF), layer 7 next generation firewall, penetration […]

Read More


Avatar photo
By: Glen Kosaka

February 25, 2020 12:26 pm

4,040 views

How to Optimize I/O Intensive Containers on Kubernetes

Understanding the Real-time Characteristics of Linux Containers By Jay Huang Highly threaded, I/O intensive Linux containers running on Kubernetes should be able to use the full extent of their CPU requests. But is this really possible? Understanding how the Linux operating system schedules tasks and allocates CPU time to tasks can help application developers optimize […]

Read More


Avatar photo
By: Glen Kosaka

November 6, 2019 12:30 pm

5,251 views

How to Create ‘Security Policy as Code’ to Automate Application Security Policies in the CI/CD Pipeline

DevOps and DevSecOps teams can now automatically deploy and update new applications securely using Kubernetes Custom Resource Definition (CRDs)   As DevOps teams integrate their toolchain to enable automated deployment of container-based applications, one aspect has always slowed down a modern cloud-native pipeline: security. And while automated vulnerability scanning is now standard practice, creating […]

Read More


Avatar photo
By: Glen Kosaka

August 1, 2019 12:38 pm

3,973 views

Container Security Monitoring with Prometheus and Grafana

Today, millions of applications are running in containers, with many millions more going into production.  It is not easy to manage and monitor a massive number of containers in any deployment at the same time. In order to better visualize and track container status, the combination of Prometheus and Grafana provides a simple, easy-to-deploy […]

Read More


Avatar photo
By: Glen Kosaka

April 22, 2019 2:33 pm

4,879 views

Using Admission Control to Prevent Unauthorized or Vulnerable Image Deployments in Kubernetes

Kubernetes Admission Control is a Critical Link in a Container CI/CD Pipeline An important security enforcement point to build into the container CI/CD pipeline is to prevent unauthorized or vulnerable images from being deployed into production Kubernetes clusters. While basic Kubernetes admission control provides some capabilities, preventing vulnerable images from being deployed requires extensions to […]

Read More