This article explores how to secure production Kubernetes clusters with the help of open source tools. As a prerequisite, you’ll need to have basic beginner-level knowledge of Docker and Kubernetes. In a nutshell, Kubernetes is a container orchestration tool and Docker is a containerization platform. Some of the most famous Kubernetes clusters managed by cloud providers include AWS EKS, Azure AKS, and Google CKE.

We’ve said it before, and we’ll say it again: Security Orchestration, Automation and Response (SOAR) platforms are great tools for helping teams work smarter, faster, and more efficiently against security risks. But, used on their own, SOARs are far from perfect for meeting the full security needs of the modern organization.

The Project Calico community is one of the most collaborative and supportive communities in the open-source space. Our community has shown great engagement through the years, which has helped us maintain and grow the project. Thanks to our 200+ contributors from all over the world, Calico Open Source (the solution born out of the project) is powering 1.5M+ nodes daily across 166 countries.

AWS announced CloudTrail Lake on January 5th, 2022, as a fully-managed solution for storing and querying CloudTrail logs. At first glance, it is straightforward to set up, can be enabled for all your organization’s accounts with a radio button, and keeps data for up to seven years by default! It’s a huge time saver and headache eliminator for many, as getting CloudTrail from all organization accounts to a SIEM can be tedious and time-consuming. But all this comes with a cost.

Last week, a critical vulnerability identified as CVE-2022-0185 was disclosed, affecting Linux kernel versions 5.1 to 5.16.1. The security vulnerability is an integer underflow in the Filesystem Context module that allows a local attacker to run arbitrary code in the context of the kernel, thus leading to privilege escalation, container environment escape, or denial of service.

The security stack is a crucial part of any company’s IT infrastructure. However, Security teams increasingly report that traditional SIEM solution approaches are “costly, complex, and resource-consuming,” according to a recent ESG survey. Fortunately, there has been significant innovation in how firms approach cybersecurity with new cloud-native technologies stack and breaking free from vendor lock-in and giving themselves more flexibility, cost advantage, and future-proofing.

With the recent release of build.cfengine.com and cfbs I have been thinking about the process of converting a traditionally manged policy set. I consider a traditionally manged policy set one where you have a repo with the root of masterfiles being the root of the repository, or even having no repository at all and managing masterfiles by editing directly in the distribution point (e.g. /var/cfengine/masterfiles).

On January 25, 2022, Qualys announced the discovery of a local privilege escalation vulnerability that it identified as PwnKit. The PwnKit vulnerability affects PolicyKit’s pkexec, a SUID-root program installed by default on many Linux distributions. The same day of the announcement, a proof of concept (PoC) exploit was built and published by the security research community.