ARMO

Jerusalem, Israel
2017
Apr 7, 2021   |  By Leonid Sandler
As you may have heard, a massive breach of Microsoft Exchange servers was revealed in the last several weeks. The attack is not over yet. We can always wait for another attack and blame another vendor, but when it comes to Microsoft, well, who can we rely on after that? SolarWinds, Centreon and now Microsoft Exchange… With almost 80% enterprise market share, the Exchange holds the biggest secrets of our times, and now nobody knows where they went.
Apr 3, 2021   |  By Ben Hirschberg
Kubernetes secrets are the nativere sources for storing and managing sensitive data, like passwords, cloud access keys, or authentication tokens. You need to distribute this information across your Kubernetes clusters and protect it at the same time. When sending your password to each node in your cluster, it’s critical to ensure that only authorized entities—users, services, or workloads—are able to access it.
Feb 2, 2021   |  By Amir Kaushansky
As a product manager, I am always concern about the value my customers will get from the product, and this is my main focus. In order to achieve this, I often meet with customers and talk about pain points, problems,offer a solution, see how the product can help. In the past few years, one of the items that get raised in these discussions is not related to any pain pointor feature requirement, it is the attachment method when dealing with K8s security.
Dec 6, 2020   |  By Shauli Rozen
Enabling enclaves-based security is key for enterprise cloud adoption General availability of Nitro Enclaves, recently announced by AWS, is Amazon’s way of delivering confidential computing to its customers. Following similar announcements by Microsoft Azure and Google Cloud, AWS announcement further confirms growing demand for additional runtime protection of customer’s data and other intellectual properties.
Oct 22, 2020   |  By Ben Hirshberg
The latest exploit in the series of issues with cloud infrastructure software is called “ContainerDrip” (CVE-2020-15157)and in some cases it can cause you to leak your registry secrets to an attacker. The attack is actually a kind of secret or password leak using request forgery. Your client unintentionally makes an HTTP API request to the attacker’s endpoint where this request contains the container image registry secret.
Sep 30, 2020   |  By Leonid Sandler
CVE-2020-14386 is yet another severe vulnerability that was recently discovered in the Linux kernel. It reminds us that the fight against vulnerabilities is not over. This particular one allows a regular application to escalate its privileges and gain root access to the machine. Indeed, it sounds scary.
Jul 29, 2020   |  By Shauli Rozen
In its latest announcement of Traffic Director’s support for gRPC Proxyless services in service mesh Google addresses the well-known (yet less spoken of) trade offs for using sidecars to handle networking on behalf of your applications.
Jul 28, 2020   |  By Shauli Rozen
Leonid Sandler, Co-Founder and CTO of Cyber Armor, set for an interview with Safety Detective’s Aviva Zacks on the inspiration behind the company.
Jun 4, 2020   |  By ARMO
The collaboration extends Cyber Armor's security technology to thousands of Red Hat enterprise customers.
Mar 23, 2020   |  By Shauli Rozen
March 2020, the Coronavirus is pretty much everywhere. As I am writing these lines, the number of cases worldwide is 341,334 and 192 different countries have experienced infections.The world is fighting this epidemic and travel limitations are widely used in order to control the spread of the disease. While some say these restrictions are critical, others claim it to be ineffective and redundant. I am not an epidemiologist and will leave that analysis to the experts.
Dec 2, 2019   |  By ITProTV
With the short week for the Thanksgiving holiday in the US, the Technado team decided to have a little fun by looking back at some of the dumbest tech headlines from 2019. Romanian witches online, flat-earthers, and fake food for virtual dogs - what a time to be alive. Then, Shauli Rozen joined all the way from Israel to talk about a zero-trust environment in DevOps. IT skills & certification training that’s effective & engaging. Binge-worthy learning for IT teams & individuals with 4000+ hours of on-demand video courses led by top-rated trainers. New content added daily.

ARMO closes the gap between development and security, giving development, DevOps, and DevSecOps the flexibility and ease to ensure high grade security and data protection no matter the environment – cloud native, hybrid, or legacy.

ARMO is driving a paradigm shift in the way companies protect their cloud native and hybrid environments. We help companies move from a “close-the-hole-in-the-bucket” model, installing firewalls, defining access control lists, etc. to a streamlined DevOps- and DevSecOps led model in which environments are deployed with inherent zero-trust.

Security at the Speed of DevOps:

  • Runtime workload identity and protection: Identifies workloads based on application code analysis, creating cryptographic signatures based on Code DNA to prevent unauthorized code from running in the environment to access and exfiltrate protected data. The patent-pending technology signs and validates workloads in runtime throughout the entire workload lifecycle.
  • Transparent data encryption: Transparent data encryption – keyless encryption – robustly and uniformly encrypts and protects files, objects, and properties, requiring no application changes, service downtime, or impact on functionality. It eases the adoption of encryption by removing the complexity of key management and providing an out-of-the-box solution for key protection in use, key rotations, and disaster recover procedures.
  • Identity-based communication tunneling: Transparent communication tunneling ensures only authorized and validated applications and services can communicate. Even if attackers steal valid access credentials, they are useless because the malicious code will be unsigned. Create API access polices to build identity-based policies and enforce correct workload behaviors.
  • Application-specific secret protection: Application-specific protection of secrets ensures cryptographic binding between continuously validated specific workload identities and their confidential data, delivering complete protection against access by unauthorized applications.
  • Visibility & compliance: Visibility and compliance monitoring provide granular details about workloads and running environments, including individual processes, file names and locations, open listening ports, actual connections, mapped volumes, opened files, process privilege levels, connections to external services, and more. Alerts can be used for continuous compliance verification.

Bringing Together Run-Time Workload And Data Protection To Seamlessly Establish Identity Based, Zero-Trust Service-To-Service Control Planes.