Kubernetes Security: Consider Your Threat Model

One of the questions that I've been asked on multiple occasions when presenting on Kubernetes security [1] is: "Which distribution should I install?" There are a bewildering number of options for deploying Kubernetes, with over 60 commercial products or open source projects providing methods of deploying it. Making an informed choice can therefore be a … Continue reading Kubernetes Security: Consider Your Threat Model

Setting a New Standard for Kubernetes Deployments

The Center for Internet Security (CIS) has recently released a new benchmark standard for Kubernetes deployments, providing a vendor-neutral benchmark to help companies assess against good security practices. Kubernetes is a key player in the containerisation technology market, seeking to help developers and IT staff effectively manage large fleets of containers. Like many products in … Continue reading Setting a New Standard for Kubernetes Deployments

The CIS Security Standard for Docker available now

This is just a short blog post to announce the availability of the new CIS Security Standard for Docker 1.12 which NCC Group was involved in co-authoring and contributing to. The Docker project (and containerisation as a concept in general) has become a hot topic in various aspects of IT over the last few years. … Continue reading The CIS Security Standard for Docker available now

CloudWatch: Amazon Web Services & Shellshock

Introduction As more of our services move to rented virtual servers, applying centralised protective monitoring becomes more of a challenge. Offerings such as Assuria’s Cloud Security Suite and Splunk’s Storm show the demand for elastic and easily configurable monitoring that can be deployed on cloud provisioned infrastructure. Amazon has responded to these services by creating … Continue reading CloudWatch: Amazon Web Services & Shellshock