Automatically Visualize Kubernetes Ingress Traffic in the Upwind Topology Map

Illustration of a stylized Earth with blue continents and green oceans, surrounded by overlapping blue ovals radiating outward. The word upwind is in the top-left corner on a light gray background.

We are excited to announce a new capability in the Upwind platform, providing organizations with deep visibility into Kubernetes’ ingress traffic to identify exposures and risks. Traditional security systems often fall short in providing comprehensive visibility into how Kubernetes ingress services distribute incoming internet traffic within a cluster, leaving potential blind spots that malicious actors […]

Proactively Secure Kubernetes Workloads with Upwind’s Runtime-Powered KSPM

A blue circle with the Kubernetes logo inside is in the center. The background features multiple faded, overlapping Kubernetes logos on a white backdrop. The word upwind is in the top left corner.

With the rise of containerized environments and Kubernetes adoption, Kubernetes security posture management (KSPM) has risen to the forefront of cloud security posture initiates. KSPM generally requires the use of security tools or processes to help ensure the security of Kubernetes clusters, with most focusing on policies and configurations. However, this focus on static configuration […]

Easily Query Kubernetes Objects with Upwind’s Runtime Topology Map 

Abstract design featuring large overlapping circles in shades of blue, with hexagonal patterns and a grid background. The word Upwind is in the upper left corner.

We’re excited to introduce a powerful new container security capability that makes it easier than ever to view and query Kubernetes objects while exploring the entire exposure path with Upwind’s runtime topology map. Upwind has always provided deep visibility into containerized resources, showing traffic by port, process, and protocol, as well as details into an […]

Kubernetes Dashboard: Features, Security Concerns, and Best Practices

A geometric illustration featuring a large blue hexagon with a white abstract design in the center, surrounded by various pastel blue and red rectangles. The word Upwind is in the top left corner.

The Kubernetes Dashboard is a popular web-based interface designed to simplify the management of Kubernetes clusters. It provides an intuitive UI that allows users to view and manage cluster resources without needing to work directly with command-line tools. However, while convenient, the Kubernetes Dashboard also presents specific security risks that should be carefully managed, especially […]

Critical Kubernetes gitRepo Volume Vulnerability: CVE-2024-10220

White Kubernetes logo on a pink background with circular patterns. Text below reads, Arbitrary command execution through gitRepo volume (CVE-2024-10220).

A critical security vulnerability identified as CVE-2024-10220 has been discovered in Kubernetes’ deprecated gitRepo volume type. This vulnerability allows attackers with permissions to create pods using gitRepo volumes to execute arbitrary commands on the host node with root privileges, potentially leading to full system compromise. The gitRepo volume type was designed to clone Git repositories […]

Get Comprehensive Protection for Container-Optimized OS with Upwind

A blue and white graphic with a circular design in the center, featuring three interlocking geometric shapes. Lines radiate outward from the circle. The word upwind is in the top left corner.

We are excited to announce an addition to Upwind’s comprehensive container security, with support for Container-Optimized OS. What is Container-Optimized OS? Container-Optimized OS is a Google Cloud operating system image, and is the default node OS Image in Google Kubernetes Engine (GKE). It is primarily used for compute engine VMs and is optimized for running […]

Understanding Kubernetes Identities Part 2: Escalation Paths

Colorful illustration of six clownfish swimming among purple sea anemones on a blue background with bubbles. The word Upwind is displayed in white text in the top right corner.

In Kubernetes, understanding identity escalation paths is crucial for managing security risks effectively. This blog post delves into defining highly privileged identities and exploring potential privilege escalation paths using highly privileged permissions. Definition of a Highly Privileged Identity in Kubernetes In Kubernetes, a highly privileged identity refers to entities such as users or service accounts […]

Proactively Secure Your Kubernetes With Upwind’s Vulnerability Management

Illustration of a shipping container with a Kubernetes logo, labeled MyPod, illuminated by a spotlight. The scene has a digital, futuristic feel with a dark blue and white color scheme. The word Upwind is in the top right corner.

Upwind’s runtime vulnerability management leverages real-time, runtime insights and correlates them with CI/CD and DevOps context, giving you end-to-end visibility and protection for Kubernetes and associated workloads.  Upwind’s vulnerability management intelligently prioritizes your most critical vulnerabilities based on real environmental factors, cutting out around 95% of alert noise to focus on the risks that pose […]

Understanding Kubernetes Identities, Part 1

A cartoon clownfish swims through vibrant purple and blue coral in an underwater scene. Several other fish swim in the background, and light beams penetrate the water. The word Upwind is written in the top right corner.

When it comes to Kubernetes, managing identities is pivotal for ensuring secure and efficient cluster operations. These identities can be human users or machines, each requiring specific permissions to perform their tasks. In our latest research, we have explored what Kubernetes identities are, the default identities, the permissions they can have, how to configure these […]

Detect Exposed Kubernetes Dashboards

Diagram showing a central Kubernetes logo with various red and blue dashed arrows pointing towards and away from it. Some arrows have icons like a warning sign and container symbols. The upwind logo is in the top left corner.

We are excited to announce a new threat detection, with the ability to identify an exposed Kubernetes Dashboard. This threat detection will inform you when the Kubernetes dashboard for your cluster is exposed to the internet by a Load Balancer.  Exposing your dashboard to the internet makes the management interface of your cluster vulnerable to […]