Container Security

How to Hack a Kubernetes Container, Then Detect and Prevent It

By Dieter Reuter As we talked about before in this blog, containers are just vulnerable to be attacked as non-container workloads. Hackers can use many of their old tricks on new containers, such as application exploits, network attacks, or phishing scams. In this post and demo, I’ll show how to hack a Kubernetes container using… Read more »

Container Security

Shift Left, Then Right for Runtime Application Container Security

In this new Solution Showcase by Enterprise Strategy Group (ESG), Senior Analyst Doug Cahill reviews recent research on application container adoption trends, then outlines how to build security into the DevOps and SecOps use cases. Abstract: The broad adoption of application containers for both new applications and those being refactored into a microservices architecture has… Read more »

Container Security

Achieving PCI Compliance for Containers

Although microservices and containers are not explicitly mentioned in PCI-DSS for PCI compliance, organizations implementing these technologies must focus carefully on monitoring, securing, and governance. Microservices and containers offer some unique characteristics that support pci compliance. For example, microservices emphasize an architecture with one function per service/container. This aligns well with PCI-DSS 2.2.1, implementing only… Read more »

Docker Security

Delivering Shift-Left Security with NeuVector and JFrog Xray

Bringing Kubernetes app security insights to developers By Henrik Rosendahl & Craig Peters Kubernetes, the container and orchestration tool favored by enterprises, provides great benefit in automating many aspects of application deployment at scale. But, like any emerging technology, there are perils as well. Administrators are learning that deployments of these new cloud architectures can… Read more »

Container Security

NeuVector 2.0 Is Now Available!

We’re happy to announce that the 2.0 release of the NeuVector Container Security Platform is now generally available! The 2.0 release is a major expansion of the platform to include end-to-end vulnerability scanning, automated real-time security incident response, and enhanced multi-vector detection of container attacks. Cloud-native enterprise integration is also enhanced with OpenShift and Kubernetes… Read more »