Category: Supply Chain Security

Four years on from the SolarWinds hack, supply chains should still be top of mind for businesses. Warnings from the NCSC have reinforced this message, but in the UK just 13% of business decision-makers describe supply chain security as a top priority.

Perhaps they don’t realise how fragile and vulnerable software supply chains can be? A report from ReversingLabs found almost 11,200 unique malicious packages across major free and open-source software (FOSS) platforms in 2023, thirteen times as many as 2020. With FOSS a common part of many commercial software products, organisations need to better understand this threat, and the strategies they can use to mitigate it. 

Understanding FOSS in supply chains

According to Synopsis, around 97% of commercial codebases use FOSS to some degree. Why, if it’s so vulnerable? The answer is that the benefits of FOSS can far outweigh the risks: it reduces the cost of ownership, maintenance, upgrades, and support fees, and reduces the problem of vendor lock-in. Many businesses not only use FOSS, they contribute too, part of the give-and-take that makes open-source so useful.

It’s unlikely that organisations will stop using open-source software, given they would need to rewrite many core components of their product. In order to protect against attacks, security professionals need to “know their enemy”. The most common tactics used to compromise FOSS include: 

  • Code injection—The threat actor inserts a backdoor into software updates. In most cases, malicious code is injected into a piece of software that is then distributed, allowing the attacker access to multiple organisations.

  • Code substitution—Attackers replace code with malicious code, either by compromising the source code repository or by tampering with the software distribution channel.

  • Code compromise—Exploitation of a vulnerability or a misconfiguration in the software development or delivery process, compromising the code. To illustrate, the NotPetya attack involved hackers exploiting a vulnerability in the M.E.Doc accounting software to deliver ransomware to Ukrainian organisations.

Creating a strategy for protection

Once they fully grasp the risks, security teams will need to do a lot of work to get a handle on the situation. However, it’s not an impossible task and in all likelihood, they’re not going to be starting from scratch—many will already have policies and tools in place that can be improved and built on. 

SBOMs: Software Bills of Materials (SBOMs) play an increasingly important role in enhancing supply chain security. SBOMs list the components and dependencies of a software product, such as open-source libraries, third-party software, and licences. It helps to identify and manage security risks in the software supply chain, such as vulnerabilities, malware, or outdated versions. It’s also necessary from a compliance perspective as the UK begins to enforce its cybersecurity strategy. 

Create a culture of security: It’s also necessary to establish a security-first culture and educate staff on risks and best practices. At a high level, this means understanding the risk an organisation faces, and a better appreciation for security. From a technical perspective, this includes how to use and deploy code safely, and how organisations can use authoritative sources and repositories to download or update open-source software to ensure security.

Patch, patch, patch: IT teams also need to be strict on their cyber hygiene, mainly in regards to patching. Everyone knows that patching is important but it’s also the bare minimum. To remain secure, organisations should work more proactively and regularly scan software components and dependencies for malicious code.

Limit access: A key component of Zero Trust is to never trust anyone and always verify. Dev teams can take this a step further and apply the “principle of least privilege” to software components and users, limiting their access to the minimum necessary resources and permissions. This can include implementing strong encryption and digital signatures to protect the confidentiality and integrity of software components and data is also imperative.

Stricter rules for vendors and suppliers: As an end user, third-party software audits should be a critical component of a strategy for protection. This includes performing due diligence on third-party vendors and suppliers and verifying their security policies and practices. It’s critical to establish clear contracts and service level agreements (SLAs) with third-party suppliers and define the roles and responsibilities in the supply chain.

 

It’s important to keep in mind that this is all reactive, a minimum of what should be done to keep organisations safe. Building on this with a more proactive approach will offer even better protection. This means continually monitoring and auditing the software supply chain for any suspicious activity. Only then can security teams be confident that they are doing enough to stay safe from supply chain attacks.

The post Mitigating the biggest threats in supply chain security appeared first on Cybersecurity Insiders.

The company also unveils seed investors, SBOM360, and distribution partnerships, validating approach to detecting software supply chain attacks

SARATOGA, Calif., February 7, 2023/BusinessWire/ – Lineaje, an emerging leader in software supply chain security management, today announced that it has closed a $7 million seed funding round led by Tenable Ventures, a corporate investment program of Tenable, the exposure management company. The round also includes participation from other industry-leading executives and cyber technology companies. The new injection of capital comes at a pivotal time as the company also announces SB0M360, a first-of-a-kind software supply chain management solution, as well as a new distribution partnership with Persistent Systems.

Setting the Stage for Growth, Secure Software Development and Better Runtime Security

Lineaje’s technology helps organizations secure their complete software supply chain whether they build, buy, or use software. Lineaje’s unique approach can determine the components of all software and expose each component’s multi-level dependency chain. Its cutting-edge fingerprinting technology can attest to the authenticity of the entire supply chain, eliminating supply chain compromises. Validating this approach, Tenable has selected Lineaje as one of three inaugural members of Tenable Ventures. Tenable Ventures is working with Lineaje to create shareable data models so that software supply chain data can create better runtime security that comprehends and secures built-in weaknesses in deployed software.

“Lineaje and Tenable share the same vision – to reduce customers’ exposure to attacks on their digital infrastructure,” said Matthew Olton, Senior Vice President, Tenable. “Lineaje’s ability to detect what’s in your software and assess and mitigate software supply chain risks gives organizations the assurance that the software they deploy to run their business will not be used to harm them.”

The round also includes participation from Dreamit Ventures, Veear Capital, Richard Clarke’s Belltower Fund Group, and other prominent cyber security executives. With the combined seed investment, Lineaje will accelerate its go-to-market strategy, invest in continued R&D, and expand its workforce.

“Developers trust open source and third-party packages that they include in their software assuming integrity of the software supply chain. Unfortunately, supply chain attacks have proven that this trust is misplaced,” said Lineaje CEO and Co-founder Javed Hasan. “Lineaje brings a trust but verify approach to the software supply chain by automatically attesting to the integrity of every component in your software and delivering high quality alerts when that verification is not achieved.”

Reducing Exposure with Assurance that Software is Built and Runs Securely

Gartner® predicts that “by 2025, 45% of organizations worldwide will experience attacks on their software supply chains, a three-fold increase from 2021.”  Lineaje’s flagship product, SBOM360, is the industry’s first software supply chain and software bill of materials (SBOM) manager. Customers can manage the software supply chain of all software – built or bought by a company. Using SBOM360:

  • Software Producers- CPOs, chief product security officers, open-source office managers and DevSecOps leaders – can create a fully managed and secure software supply chain, as well as publish accurate SBOMs with confidence.

  • Software Consumers – CISOs, CIOs, procurement officers – can evaluate all their vendors’ SBOMs and deploy third-party software with assurance. This enables them to create a managed and secure software supply chain.

  • Users can search ALL of their deployed software in seconds to find newly discovered vulnerabilities, indicators of compromise (IOCs) and deeply embedded components in seconds, reducing time to discovery and time to secure dramatically.

Lineaje has more than 150,000 SBOMs, managed by SBOM360, spanning custom applications, open source, packages, commercial off-the-shelf (COTS), mobile apps and containers, accelerating supply chain management progress for all its customers.

Expanding Software Supply Chain Protection Across Industries

Additionally, Lineaje is announcing new distribution agreements with Persistent Systems, a global digital engineering leader. Persistent Systems will resell SBOM360 and use SBOM360 to create and manage software supply chains of its customers.

“Lineaje’s SBOM360 is instrumental in assessing and managing the software supply chain of both new applications as well as legacy products. We are excited to take this first-of-its-kind offering to market globally,” said Nitish Shrivastava, SVP, Products, Persistent Systems. “In working with Lineaje, our goal is to spotlight how Persistent Systems ensures that components used in our built and managed software are secure.”

Gartner Press Release, Gartner Identifies Top Security and Risk Management Trends for 2022, March 7, 2022.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

About Lineaje

Lineaje provides Continuous Software Supply Chain Security Management to companies that build or use software. Destructive supply chain attacks, undetectable by existing cybersecurity tools, are growing rapidly, impacting thousands of companies through a single compromise. Lineaje secures companies from these attacks. Lineaje SBOM360 allows companies to centrally manage their entire software supply chain, which consists of applications they build or buy, thereby allowing them to govern SBOMs at an enterprise-wide level. SBOM360 also enables compliance with US Executive order 14028 and other international regulations that control the procurement of third-party software by federal agencies, defense departments and other government organizations.

Does your organization know ‘what’s in its software?’ Find out at https://www.lineaje.com/

Media Contact

Fabienne Dawson

Fabienne_dawson@lineaje.com

Touchdown PR

Alyssa Pallotti

lineaje@touchdownpr.com

The post Elite Roster of Cybersecurity Investors Backs Lineaje to Deliver Industry-first Supply Chain Security Solution appeared first on Cybersecurity Insiders.

What's Changed for Cybersecurity in Banking and Finance: New Study

Cybersecurity in financial services is a complex picture. Not only has a range of new tech hit the industry in the last 5 years, but compliance requirements introduce another layer of difficulty to the lives of infosec teams in this sector. To add to this picture, the overall cybersecurity landscape has rapidly transformed, with ransomware attacks picking up speed and high-profile vulnerabilities hitting the headlines at an alarming pace.

VMware recently released the 5th annual installment of their Modern Bank Heists report, and the results show a changing landscape for cybersecurity in banking and finance. Here's a closer look at what CISOs and security leaders in finance said about the security challenges they're facing — and what they're doing to solve them.

Destructive threats and ransomware attacks on banks are increasing

The stakes for cybersecurity are higher than ever at financial institutions, as threat actors are increasingly using more vicious tactics. Banks have seen an uptick in destructive cyberattacks — those that delete data, damage hard drives, disrupt network connections, or otherwise leave a trail of digital wreckage in their wake.

63% of financial institutions surveyed in the VMware report said they've seen an increase in these destructive attacks targeting their organization — that's 17% more than said the same in last year's version of the report.

At the same time, finance hasn't been spared from the rise in ransomware attacks, which have also become increasingly disruptive. Nearly 3 out of 4 respondents to the survey said they'd been hit by at least one ransomware attack. What's more, 63% of those ended up paying the ransom.

Supply chain security: No fun in the sun

Like ransomware, island hopping is also on the rise — and while that might sound like something to do on a beach vacation, that's likely the last thing the phrase brings to mind for security pros at today's financial institutions.

IT Pro describes island hopping attacks as "the process of undermining a company's cyber defenses by going after its vulnerable partner network, rather than launching a direct attack." The source points to the high-profile data breach that rocked big-box retailer Target in 2017. Hackers found an entry point to the company's data not through its own servers, but those of Fazio Mechanical Services, a third-party vendor.

In the years since the Target breach, supply chain cybersecurity has become an even greater area of focus for security pros across industries, thanks to incidents like the SolarWinds breach and large-scale vulnerabilities like Log4Shell that reveal just how many interdependencies are out there. Now, threats in the software supply chain are becoming more apparent by the day.

VMware's study found that 60% of security leaders in finance have seen an increase in island hopping attacks — 58% more than said the same last year. The uptick in threats originating from partners' systems is clearly keeping security officers up at night: 87% said they're concerned about the security posture of the service providers they rely on.

The proliferation of mobile and web applications associated with the rise of financial technology (fintech) may be exacerbating the problem. VMware notes API attacks are one of the primary methods of island hopping — and they found a whopping 94% of financial-industry security leaders have experienced an API attack through a fintech application, while 58% said they've seen an increase in application security incidents overall.

How financial institutions are improving cybersecurity

With attacks growing more dangerous and more frequent, security leaders in finance are doubling down on their efforts to protect their organizations. The majority of companies surveyed in VMware's study said they planned a 20% to 30% boost to their cybersecurity budget in 2022. But what types of solutions are they investing in with that added cash?

The number 1 security investment for CISOs this year is extended detection and response (XDR), with 24% listing this as their top priority. Closely following were workload security at 22%, mobile security at 21%, threat intelligence at 15%, and managed detection and response (MDR) at 11%. In addition, 51% said they're investing in threat hunting to help them stay ahead of the attackers.

Today's threat landscape has grown difficult to navigate — especially when financial institutions are competing for candidates in a tight cybersecurity talent market. In the meantime, the financial industry has only grown more competitive, and the pace of innovation is at an all-time high. Having powerful, flexible tools that can streamline and automate security processes is essential to keep up with change. For banks and finance organizations to attain the level of visibility they need to innovate while keeping their systems protected, these tools are crucial.

Additional reading:

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.


How to Strategically Scale Vendor Management and Supply Chain Security

This post is co-authored by Collin Huber

Recent security events — particularly the threat actor activity from the Lapsu$ group, Spring4Shell, and various new supply-chain attacks — have the security community on high alert. Security professionals and network defenders around the world are wondering what we can do to make the organizations we serve less likely to be featured in an article as the most recently compromised company.

In this post, we’ll articulate some simple changes we can all make in the near future to provide more impactful security guidance and controls to decrease risk in our environments.

Maintain good cyber hygiene

Here are some basic steps that organizations can take to ensure their security posture is in good health and risks are at a manageable level.

1.  Review privileged user activity for anomalies

Take this opportunity to review logs of privileged user activity. Additionally, review instances of changed passwords, as well as any other unexpected activity. Interview the end user to help determine the authenticity of the change. Take into consideration the types of endpoints used across your network, as well as expected actions or any changes to privileges (e.g. privilege escalation).

2. Enforce use of multifactor authentication

Has multifactor authentication (MFA) deployment stalled at your firm? This is an excellent opportunity to revisit deployment of these initiatives. Use of MFA reduces the potential for compromise in a significant number of instances. There are several options for deployment of MFA. Hardware-based MFA methods, such as FIDO tokens, are typically the strongest, and numerous options offer user-friendly ways to use MFA — for example, from a smartphone. Ensure that employees and third parties are trained not to accept unexpected prompts to approve a connection.

3. Understand vendor risks

Does your acquisition process consider the security posture of the vendor in question? Based on the use case for the vendor and the business need, consider the security controls you require to maintain the integrity of your environment. Additionally, review available security reports to identify security controls to investigate further. If a security incident has occurred, consider the mitigating controls that were missing for that vendor. Depending on the response of that vendor and their ability to implement those security controls, determine if this should influence purchase decisions or contract renewal.      

4. Review monitoring and alerts

Review system logs for other critical systems, including those with high volumes of data. Consider reviewing systems that may not store, process, or transmit sensitive data but could have considerable vulnerabilities. Depending on the characteristics of these systems and their mitigating controls, it may be appropriate to prioritize patching, implement additional mitigating controls, and even consider additional alerting.

Always make sure to act as soon as you can. It’s better to enact incident response (IR) plans and de-escalate than not to.

Build a more secure supply chain

Risks are inherent in the software supply chain, but there are some strategies that can help you ensure your vendors are as secure as possible. Here are three key concepts to consider implementing.

1. Enumerate edge connection points between internal and vendor environments

Every organization has ingress and egress points with various external applications and service providers. When new services or vendors are procured, access control lists (ACLs) are updated to accommodate the new data streams — which presents an opportunity to record simple commands for shutting those streams down in the event of a vendor compromise.

Early stages of an incident are often daunting, frustrating, and confusing for all parties involved. Empowering information security (IS) and information technology (IT) teams to have these commands ahead of time decreases the guesswork that needs to be done to create them when an event occurs. This frees up resources to perform other critical elements of your IR plan as appropriate.

One of the most critical elements of incident response is containment. Many vendors will immediately disable external connections when an attack is discovered, but relying on an external party to act in the best interest of your organization is a challenging position for any security professional. If your organization has a list of external connections open to the impacted vendor, creating templates or files to easily cut and paste commands to cut off the connection is an easy step in the planning phase of incident response. These commands can be approved for dispatch by senior leadership and immediately put in place to ensure whatever nefarious behavior occurring on the vendor’s network cannot pass into your environment.

An additional benefit of enumerating and memorializing these commands enables teams to practice them or review them during annual updates of the IRP or tabletop exercises. If your organization does not have this information prepared right now, you have a great opportunity to collaborate with your IS and IT teams to improve your preparedness for a vendor compromise.

Vendor compromises can result in service outages which may have an operational impact on your organization. When your organization is considering ways to mitigate potential risks associated with outages and other supply chain issues, review your business continuity plan to ensure it has the appropriate coverage and provides right-sized guidance for resiliency. It may not make business sense to have alternatives for every system or process, so memorialize accepted risks in a Plan of Action and Milestones (POAM) and/or your Risk Register to record your rationale and demonstrate due diligence.

2. Maintain a vendor inventory with key POCs and SLAs

Having a centralized repository of vendors with key points of contact (POCs) for the account and service-level agreements (SLAs) relevant to the business relationship is an invaluable asset in the event of a breach or attack. The repository enables rapid communication with the appropriate parties at the vendor to open and maintain a clear line of communication, so you can share updates and get critical questions answered in a timely fashion. Having SLAs related to system downtime and system support is also instrumental to ensure the vendor is furnishing the agreed-upon services as promised.

3. Prepare templates to communicate to customers and other appropriate parties

Finally, set up templates for communications about what your team is doing to protect the environment and answer any high-level questions in the event of a security incident. For these documents, it is best to work with legal departments and senior leadership to ensure the amount of information provided and the manner in which it is disclosed is appropriate.

  • Internal communication: Have a formatted memo to easily address some key elements of what is occurring to keep staff apprised of the situation. You may want to include remarks indicating an investigation is underway, your internal environment is being monitored, relevant impacts staff may see, who to contact if external parties have questions, and reiterate how to report unusual device behavior to your HelpDesk or security team.
  • External communication: Communication for the press regarding the investigation or severity of the breach as appropriate.
  • Regulatory notices: Work with legal teams to templatize regulatory notifications to ensure the right data is easily provided by technical teams to be shared in an easy-to-update format.

Complex software supply chains introduce a wide range of vulnerabilities into our environments – but with these strategic steps in place, you can limit the impacts of security incidents and keep risk to a minimum in your third-party vendor relationships.

Additional reading:

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.


InsightCloudSec Supports the Recently Updated NSA/CISA Kubernetes Hardening Guide

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) recently updated their Kubernetes Hardening Guide, which was originally published in August 2021.

With the help and feedback received from numerous partners in the cybersecurity community, this guide outlines a strong line of action towards minimizing the chances of potential threats and vulnerabilities within Kubernetes deployments, while adhering to strict compliance requirements and recommendations.

The purpose of the Kubernetes hardening guide

This newly updated guide comes to the aid of multiple teams — including security, DevOps, system administrators, and developers — by focusing on the security challenges associated with setting up, monitoring, and maintaining a Kubernetes cluster. It brings together strategies to help organizations avoid misconfigurations and implement recommended hardening measures by highlighting three main sources of compromise:

  • Supply chain risks: These often occur during the container build cycle or infrastructure acquisition and are more challenging to mitigate.
  • Malicious threat actors: Attackers can exploit vulnerabilities and misconfigurations in components of the Kubernetes architecture, such as the control plane, worker nodes, or containerized applications.
  • Insider threats: These can be administrators, users, or cloud service providers, any of whom may have special access to the organization’s Kubernetes infrastructure.

“This guide focuses on security challenges and suggests hardening strategies for administrators of National Security Systems and critical infrastructure. Although this guide is tailored to National Security Systems and critical infrastructure organizations, NSA and CISA also encourage administrators of federal and state, local, tribal, and territorial (SLTT) government networks to implement the recommendations in this guide,” the authors state.

CIS Benchmarks vs. the Kubernetes Hardening Guide

For many practitioners, the Center for Internet Security (CIS) is the gold standard for security benchmarks; however, their benchmarks are not the only guidance available.

While the CIS is compliance gold, the CIS Benchmarks are very prescriptive and usually offer minimal explanations. In creating their own Kubernetes hardening guidelines, it appears that the NSA and CISA felt there was a need for a higher-level security resource that explained more of the challenges and rationale behind Kubernetes security. In this respect, the two work as perfect complements — you get strategies and rationale with the Kubernetes Hardening Guide and the extremely detailed prescriptive checks and controls enumerated by CIS.

In other words, CIS Benchmarks offer the exact checks you should use, along with recommended settings. The NSA and CISA guide supplements these by explaining challenges and recommendations, why they matter, and detailing how potential attackers look at the attack. In version 1.1, the updates include the latest hardening recommendations necessary to protect and defend against today’s threat actors.

Breaking down the updated guidance

As mentioned, the guide breaks down the Kubernetes threat model into three main sources: supply chain, malicious threat actors, and insider threats. This model reviews threats within the Kubernetes cluster and beyond its boundaries by including underlying infrastructure and surrounding workloads that Kubernetes does not manage.

Via a new compliance pack, InsightCloudSec supports and covers the main sources of compromise for a Kubernetes cluster, as mentioned in the guide. Below are the high-level points of concern, and additional examples of checks and insights, as provided by the InsightCloud Platform:

  • Supply chain: This is where attack vectors are more diverse and hard to tackle. An attacker might manipulate certain elements, services, and other product components. It is crucial to continuously monitor the entire container life cycle, from build to runtime. InsightCloudSec provides security checks to cover the supply chain level, including:

    • Checking that containers are retrieved from known and trusted registries/repositories
    • Checking for container runtime vulnerabilities

  • Kubernetes Pod security: Kubernetes Pods are often used as the attacker’s initial execution point. It is essential to have a strict security policy, in order to prevent or limit the impact of a successful compromise. Examples of relevant checks available in InsightCloudSec include:

    • Non-root containers and “rootless” container engines
      • Reject containers that execute as the root user or allow elevation to root.
      • Check K8s container configuration to use SecurityContext:runAsUser specifying a non-zero user or runAsUser.
      • Deny container features frequently exploited to break out, such as hostPID, hostIPC, hostNetwork, allowedHostPath.
    • Immutable container file systems
      • Where possible, run containers with immutable file systems.
      • Kubernetes administrators can mount secondary read/write file systems for specific directories where applications require write access.
    • Pod security enforcement
      • Harden applications against exploitation using security services such as SELinux®, AppArmor®, and secure computing mode (seccomp).
    • Protecting Pod service account tokens
      • Disable the secret token from being mounted by using the automountServiceAccountToken: false directive in the Pod’s YAML specification.

  • Network separation and hardening: Monitoring the Kubernetes cluster’s networking is key. It holds the communication among containers, Pods, services, and other external components. These resources are not isolated by default and therefore could lead to lateral movement or privilege escalations if not separated and encrypted properly. InsightCloudSec provides checks to validate that the relevant security policies are in place:

    • Namespaces
      • Set up network policies to isolate resources. Pods and services in different namespaces can still communicate with each other unless additional separation is enforced.
    • Network policies
      • Set up network policies to isolate resources. Pods and services in different namespaces can still communicate with each other unless additional separation is enforced.
    • Resource policies
      • Use resource requirements and limits.
    • Control plane hardening
      • Set up TLS encryption.
      • Configure control plane components to use authenticated, encrypted communications using Transport Layer Security (TLS) certificates.
      • Encrypt etcd at rest, and use a separate TLS certificate for communication.
      • Secure the etcd datastore with authentication and role-based access control (RBAC) policies. Set up TLS certificates to enforce Hypertext Transfer Protocol Secure (HTTPS) communication between the etcd server and API servers. Using a separate certificate authority (CA) for etcd may also be beneficial, as it trusts all certificates issued by the root CA by default.
    • Kubernetes Secrets
      • Place all credentials and sensitive information encrypted in Kubernetes Secrets rather than in configuration files

  • Authentication and authorization: Probably the primary mechanisms to leverage toward restricting access to cluster resources are authentication and authorization. There are several configurations that are supported but not enabled by default, such as RBAC controls. InsightCloudSec provides security checks that cover the activity of both users and service accounts, enabling faster detection of any unauthorized behavior:

    • Prohibit the addition of the service token by setting automaticServiceAccountToken or automaticServiceAccounttoken to false.
    • Anonymous requests should be disabled by passing the --anonymous-auth=false option to the API server.
    • Start the API server with the --authorizationmode=RBAC flag in the following command. Leaving authorization-mode flags, such as AlwaysAllow, in place allows all authorization requests, effectively disabling all authorization and limiting the ability to enforce least privilege for access.

  • Audit logging and threat detection: Kubernetes audit logs are a goldmine for security, capturing attributed activity in the cluster and making sure configurations are properly set. The security checks provided by InsightCloudSec ensure that the security audit tools are enabled. In order to keep track of any suspicious activity:

    • Check that the Kubernetes native audit logging configuration is enabled.
    • Check that seccomp: audit mode is enabled. The seccomp tool is disabled by default but can be used to limit a container’s system call abilities, thereby lowering the kernel’s attack surface. Seccomp can also log what calls are being made by using an audit profile.

  • Upgrading and application security practices: Security is an ongoing process, and it is vital to stay up to date with upgrades, updates, and patches not only in Kubernetes, but also in hypervisors, virtualization software, and other plugins. Furthermore, administrators need to make sure they uninstall old and unused components as well, in order to reduce the attack surface and risk of outdated tools. InsightCloudSec provides the checks required for such scenarios, including:

    • Promptly applying security patches and updates
    • Performing periodic vulnerability scans and penetration tests
    • Uninstalling and deleting unused components from the environment

Stay up to date with InsightCloudSec

Announcements like this catch the attention of the cybersecurity community, who want to take advantage of new functionalities and requirements in order to make sure their business is moving forward safely. However, this can often come with a hint of hesitation, as organizations need to ensure their services and settings are used properly and don’t introduce unintended consequences to their environment.

In order to help our customers to continuously stay aligned with the new guidelines, InsightCloudSec is already geared with a new compliance pack that provides additional coverage and support, based on insights that are introduced in the Kubernetes Hardening Guide.

Want to see InsightCloudSec in action? Check it out today.

Additional reading: