Informatica + StackRox – Taking “Shared Responsibility” to a New Level to Enable DevSecOps
I’ve had the good fortune to get to know Pathik Patel, head of cloud security at Informatica, over the past 18 months since he became a StackRox customer, and today we’re sharing the news of our joint success story. Across our numerous conversations, he has repeatedly impressed me with his ... Read More
gRPC Anywhere
Many applications rely on gRPC to connect services, but a number of modern load balancers still do not support HTTP/2, and, in turn, gRPC. In an earlier blog post, we showed a way to take advantage of the gRPC-Web protocol to circumvent this issue. That solution works well for non-client-streaming ... Read More
What’s New in Kubernetes 1.19? New Features and Updates
The last several months have been a busy time for the Kubernetes community, and especially the Kubernetes release team, amid the challenges caused by the ongoing pandemic. The Kubernetes project itself has felt the impact, with the upcoming release of version 1.19 having been postponed and the project’s release schedule ... Read More
Launching StackRox in Europe – Why I’m joining the leader in Kubernetes-Native Container Security
I’m very pleased to announce the launch of StackRox’s EMEA business, with my new role as vice president, international. Why StackRox, why now? Having spent the first half of my career evangelising the Cloud and the second half Cyber Security, I’m super excited to help cloud-native companies to secure and ... Read More
Protecting Against Kubernetes Threats: Chapter 7 – Discovery
Part seven of our nine-part blog series – where we examine each of the nine MITRE ATT&CK tactics and techniques for Kubernetes – examines the technique known as Discovery. The tactics in this category are intended to help an attacker effectively explore a Kubernetes environment to achieve lateral movement and ... Read More
GKE Monitoring Best Practices for Better Security and Operability
This is the final installment of our four-part Google Kubernetes Engine (GKE) security blog series. Don’t forget to check out our previous blog posts in the series: Part 1: GKE Security Best Practices: Designing Secure Clusters Part 2: GKE Networking Best Practices for Security and Operation Part 3: Guide to ... Read More
Continuing our Fed Momentum with DHS
Right on the heels of last week’s news that we’re providing Kubernetes security for DoD’s Platform One software factory, we’re excited to share today that we’ve been awarded a Phase III contract with the Department of Homeland Security. In this stage of our partnership, we’re deploying our Kubernetes Security Platform ... Read More
Guide to GKE Runtime Security for GCP Workloads
This is part three of our four-part blog series on Google Kubernetes Engine (GKE) security. You can find the previous two parts below: GKE security best practices: designing secure clusters GKE networking best practices for security and operations Adhering to security best practices for running your workloads on GKE plays ... Read More
Protecting Against Kubernetes Threats: Chapter 6 – Credential Access
Part six of our nine-part blog series – where we examine each of the nine MITRE ATT&CK tactics and techniques for Kubernetes – covers Credential Access, a set of activities intended for stealing sensitive credentials such as application secrets, passwords, and tokens that may be used by either users or ... Read More
Hooah! StackRox Soars with the U.S. Air Force on Kube Security
StackRox is in the midst of our own “Fed ramp” of sorts, with news today that we’ve been awarded a Department of Defense SBIR Phase II Award, our long history with In-Q-Tel and multiple deployments in the U.S. Intelligence Community, and more news coming soon on additional Fed initiatives. We ... Read More
