Welcome to our monthly update on what’s new from Sysdig! This month is a little eclipsed by last month’s big launch of Essentials and our new SaaS regions, KubeCon EU, and many of us finishing off the summer holidays and getting the kids packed off back to school. Our teams are busy working on some big feature releases which we don’t want to reveal just yet, but I think you’re all going to really love them in the coming months!

Discover how Kube-apparmor-manager can help you manage AppArmor profiles on Kubernetes to reduce the attack surface of your cluster. AppArmor is a Linux kernel security module that supplements the standard Linux user and group-based permissions to confine programs to a limited set of resources. AppArmor can be configured for any application to reduce its potential attack surface and provide greater in-depth defense.

On September 14, CVE-2020-14386 was reported as a “high” severity threat. This CVE is a kernel security vulnerability that enables an unprivileged local process to gain root access to the system. CVE-2020-14386 is a result of a bug found in the packet socket facility in the Linux kernel. It allows a bad actor to trigger a memory corruption that can be exploited to hijack data and resources and in the most severe case, completely take over the system.

Today we announced that Sysdig has demonstrated successful integration of our monitoring and security software with AWS Outposts and achieved the AWS Outposts Ready designation. AWS Outposts provides a fully managed service that extends AWS infrastructure, services, APIs, and tools to your datacenter, co-location space or “edge” location to support on-prem and hybrid cloud use cases. AWS Outposts provides a hardware and software stack built on Amazon’s EC2 public cloud expertise.

Look out for these Kubernetes monitoring best practices when evaluating a Kubernetes monitoring solution. It will be easier to make sense of them if your tools are Kubernetes native. Let’s face it. Running containers in Kubernetes brings a number of advantages in terms of automation, segmentation, and efficiency. However, the ability to monitor performance and availability in an ever-changing infrastructure like Kubernetes can be a challenge.

If it wasn’t clear before the global pandemic, it is now: Cloud applications can keep businesses moving forward. During this time, people have been able to shop, connect with friends and, of course, work from home.

Sysdig is pleased to announce that the Sysdig Secure DevOps Platform is now available through Red Hat Marketplace.

Sysdig is pleased to support AWS today in their GA launch of Bottlerocket, a special-purpose operating system designed for hosting Linux containers. Orchestrated container environments run potentially hundreds of compute nodes. Operating general-purpose Linux on container hosts introduces complexity for IT teams who must patch and update packages across their clusters. Worse, features and packages that are not necessary for running containers, introduce unnecessary security exposure.

Organizations are turning in droves to Prometheus to monitor their container and microservice estates, but larger companies often run headlong into a wall: They face scaling challenges when they move beyond a handful of apps.

In this blog post, we are going to explain how to monitor Harbor container registry with Prometheus metrics. Harbor is an open-source container registry, originally developed by VMware and now under the CNCF umbrella. Although many of us typically use hosted container registries such as DockerHub, Quay, ECR, GCR, or ACR, when you need a self-hosted registry, Harbor is a great choice. Harbor provides great features such as RBAC, replication, and image scanning.