Operations | Monitoring | ITSM | DevOps | Cloud

Sysdig

What is the MITRE ATT&CK Framework for Cloud? | 10 TTPs You should know of

In any case, by using the MITRE ATT&CK framework to model and implement your cloud IaaS security, you will have a head start on any compliance standard since it guides your cybersecurity and risk teams to follow the best security practices. As it does for all platforms and environments, MITRE came up with an IaaS Matrix to map the specific Tactics, Techniques, and Procedures (TTPs) that advanced threat actors could possibly use in their attacks on Cloud environments.

How to mitigate CVE-2021-33909 Sequoia with Falco - Linux filesystem privilege escalation vulnerability

The CVE-2021-33909, named Sequoia, is a new privilege escalation vulnerability that affects Linux’s file system. It was disclosed in July, 2021, and it was introduced in 2014 on many Linux distros; among which we have Ubuntu (20.04, 20.10 and 21.04), Debian 11, Fedora 34 Workstation and some Red Hat products, too. This vulnerability is caused by an out-of-bounds write found in the Linux kernel’s seq_file in the Filesystem layer.

What's new in Sysdig - July 2021

Welcome to another monthly update on what’s new from Sysdig! Happy 4th of July to our American audience, and bonne Bastille to our French friends. It’s been heating up in the northern hemisphere, so we hope you’ve all been managing to stay cool and safe. Our team continues to work hard to bring great new features to all of our customers, automatically and for free! The big news this month is our intent to acquire Apolicy, which has everyone full of excitement.

Sysdig and Apolicy join forces to help customers secure Infrastructure As Code and automate remediation

Today, we announced that Sysdig is acquiring Apolicy to enable our customers to secure their infrastructure as code. I could not be more excited because the innovation that Apolicy brings to bear is unique and highly differentiated, allowing customers to strengthen their Kubernetes and cloud security and compliance by leveraging policy as code and automated remediation workflows that close the gap from source to production.

How to Establish a Culture of Secure DevOps

We’re constantly told to “Shift Left” and that Secure DevOps is the only way to have confidence in your cloud native applications. But speaking to end-users and industry colleagues, it’s clear that there are some major challenges in adopting Secure DevOps. If we read our history books, we know that DevOps wasn’t successfully adopted by buying tools, and a true cultural movement towards DevOps wasn’t established by having a small dedicated team of DevOps specialists.

Detecting new crypto mining attack targeting Kubeflow and TensorFlow

Microsoft has discovered a new large-scale attack targeting Kubeflow instances to deploy malicious TensorFlow pods, using them to mine Monero cryptocurrency in Kubernetes cluster environments. Kubeflow is a popular open-source framework often used for running machine learning tasks in Kubernetes. TensorFlow, on the other hand, is an open-source machine learning platform used for implementing machine learning in a Kubernetes environment.

Monitoring Availability Metrics with Blackbox exporter and Sysdig

The Prometheus Blackbox exporter allows endpoints exploration over several protocols, such as HTTP(S), DNS, TCP, and ICMP. This exporter generates multiple metrics on your configured targets, like general endpoint status, response time, redirect information, or certificate expiration dates. The Blackbox Exporter works out-of-the-box, as it just focuses on external visibility details. To get more detailed metrics, you can instrument your applications.

Vulnerability Management with Sysdig

Software is always changing and improving, and within this process, developers can unknowingly introduce vulnerabilities. Discover how Sysdig Secure provides a single vulnerability management solution for both containers and hosts. It allows you to validate compliance across your whole infrastructure. And it's so easy to deploy, that you will be scanning images and hosts in seconds.

What's new in Sysdig - June 2021

Welcome to another monthly update on what’s new from Sysdig! Happy Pride month! We hope you are celebrating safely, in whatever manner you choose. It’s been over 50 years since the Stonewall riots, but we continue to fight for equality and justice. Love is love, and we’re sending you all of ours! Thank you to Marsha P. Johnson, Brenda Howard, and countless others for fighting for the freedom that many of us today enjoy.

Top vulnerability assessment and management best practices

By implementing these vulnerability assessment and vulnerability management best practices you will reduce the attack surface of your infrastructure. We’re human, and many things we build aren’t perfect. That’s why we take our cars for a periodic inspection, or why we have organizations certifying that products are safe to use. Software is no different.