cloud-native-security
Safeguard articles tagged "cloud-native-security" — guides, analysis, and best practices for software supply chain and application security.
25 articles
eBPF in Kubernetes
eBPF gives Kubernetes deep runtime visibility, but it only sees what a container does after it starts. Here's what Aqua's Tracee gets right, and where supply chain gaps remain.
What is Container Runtime Security
Container runtime security monitors running containers for malicious behavior that image scanning can't catch — here's how it works and why it matters.
What is Container Orchestration
Container orchestration automates how containers deploy, scale, and recover across clusters — and it's also one of the highest-value targets in the software supply chain.
What is Container Monitoring
Container monitoring tracks metrics, logs, and runtime behavior across ephemeral containers—here's what it covers, why it matters, and how it differs from VM monitoring.
What is Kubernetes Security
Kubernetes security spans four layers — cloud, cluster, container, code — and misconfiguration, not novel exploits, causes most real-world incidents.
What Are Kubernetes Network Policies
Kubernetes clusters default to flat, all-to-all pod networking. Here's how NetworkPolicy objects, CNI enforcement, and default-deny rules actually stop lateral movement.
What is Kubernetes Pod Security
Pod Security Standards replaced PodSecurityPolicy in Kubernetes 1.25. Here's what Kubernetes pod security means and how to enforce it in production.
What is Cloud Native Security
Cloud native security explained: what it is, the 4C's model, real breach examples, SBOM requirements, and the tools that secure containers and Kubernetes.
What is a CNAPP (Cloud Native Application Protection Platform)
CNAPP unifies CSPM, CWPP, and CIEM into one platform. Here's what it actually does, how it emerged, and where today's tools fall short.
5G network function virtualization (NFV) and Open RAN sof...
5G networks now run on open-source-heavy virtualized and Open RAN software stacks. Here's where the real supply chain risk hides, and how to manage it.
Kubernetes RBAC misconfiguration explained
RBAC misconfigurations like wildcard rules and default service account bindings have powered real cluster takeovers, from CVE-2018-1002105 to Siloscape.
Cloud-native Go services vulnerability landscape
A runc escape trilogy, a gRPC-Go bypass, and a lingering SSH auth flaw reveal how concentrated risk in Go now shapes the cloud native vulnerability landscape.