Blog Articles

Everything you need to become a Panoptica expert
Learn about what Panoptica can do for API security, vulnerability management, Kubernetes and service mesh manager security, and more, or read our launch blog.
API Security
Speed Versus Security: Tackling the “Developer’s Dilemma”
Speed Versus Security: Tackling the “Developer’s Dilemma”

Today’s developer just can’t win. It’s a continuous tug of war between business objectives—the boss who wants releases “faster, faster, faster!” and the security team, who keeps halting releases because of insecure code—with the developer in the middle.

by Rami H.

Securing Serverless Applications Against the Most Critical Risks
Securing Serverless Applications Against the Most Critical Risks

If you’re a developer working in a cloud environment, there’s a good chance that you’ve either started thinking about serverless computing or have already started to deploy it. And why not? Unlike VMs or container clusters, serverless functions allow you to delegate infrastructure management to the cloud provider, freeing you to do what you do best—development.

by Sarabjeet Chugh

Seeing the Unseen: Gaining Visibility into API Payload Encryption
Seeing the Unseen: Gaining Visibility into API Payload Encryption

When it comes to API security, end-to-end encryption presents something of a paradox.

by Alessandro Duminuco

5 Real-World API Security Breaches from 2021
5 Real-World API Security Breaches from 2021

It’s no exaggeration to say that, when it comes to API security, there are a lot of challenges. Let’s explore the top 5 API security breaches of 2021, and the lessons they teach us about modern API security.

by Ran Ilany

Securing API Calls in Kubernetes, a simple and effective Approach
Securing API Calls in Kubernetes, a simple and effective Approach

API authentication methods have involved a tradeoff between security and convenience. The solution - put the credentials in a vault and inject them in the pod at startup. Now the challenge is getting the secrets from the vault to the application - when accessed.

by Alessandro Duminuco

The 3 Pillars of API Security: Visibility, Risk Scoring & Enforcement
The 3 Pillars of API Security: Visibility, Risk Scoring & Enforcement

You can’t secure what you can’t see. APIs are no exception. This blog explains why API visualization and policy enforcement are critical elements of API security, and the roles they play in securing API calls.

by Alessandro Duminuco

Internal vs. External API Security: What to Know
Internal vs. External API Security: What to Know

Which type of API -- internal or external -- is subject to greater security risks? Here’s an overview of the different types of API security attacks that could impact both types of APIs, along with tips on why even internal APIs may be deeply insecure.

by Peter Bosch

API Security
API Security

Forrester dubbed API Insecurity "the lurking threat in your software." Understanding API security-specific risks is key to protecting your API and new ways of thinking about API security are emerging.

by Naor Shmuel

Cisco – the Bridge to an API-first, Cloud Native World
Cisco – the Bridge to an API-first, Cloud Native World

The traditional development of applications is giving way to a new era of modern application development.

by Liz Centoni

Vulnerability Management
Kubernetes & Service Mesh Manager Security
Why Now Is the Time for CISOs to Embrace CNAPP for Cloud Native Security
Why Now Is the Time for CISOs to Embrace CNAPP for Cloud Native Security

"Breaking down silos" is a common phrase in the world of DevOps and DevSecOps. That’s why we need a new approach to cloud native security – one rooted in a Cloud Native Application Protection Platform, or CNAPP, approach, instead of siloed, compartmentalized tools.

by Ran Ilany

Cisco ET&I & Cloud Native Security - Pushing boundaries & making bold bets
Cisco ET&I & Cloud Native Security - Pushing boundaries & making bold bets

Cisco's Emerging Technology and Incubation (ET&I) was established as a subsection of Cisco that focuses on developing and testing bold new products and concepts – even if they are risky and hardly guaranteed to succeed – ET&I injects an entrepreneurial spirit into Cisco’s enterprise culture.

by Ran Ilany

Everything DevOps need to know about the NSA’s Kubernetes Security Guidance
Everything DevOps need to know about the NSA’s Kubernetes Security Guidance

The key to securing Kubernetes is to address each of these categories of threat individually. This blog summarizes the NSA’s advice for managing these risks within the context of Kubernetes and gives you practical implementation tools.

by Alexei Kravtsov

Hardening Kubernetes Containers Security with Seccomp
Hardening Kubernetes Containers Security with Seccomp

An often overlooked way to harden Kubernetes containers’ security is by applying seccomp profiles. Customizing seccomp profiles, in effect, provides a deeply embedded line of defense that adds a layer of protection to your application in case of breach.

by Erez FishimerAlexei Kravtsov

What’s New in Kubernetes v1.21  and Istio 1.9  Releases and their implications on DevOps?
What’s New in Kubernetes v1.21 and Istio 1.9 Releases and their implications o...

Kubernetes and service mesh are increasingly interrelated, yet their new versions are released separately on different dates. Kubernetes and Istio’s last releases help to get a clearer understanding of the interplay between them and how one affects the other.

by Alexei KravtsovErez Fishhimer

A new MITRE ATT&CK security framework for Containers and Kubernetes
A new MITRE ATT&CK security framework for Containers and Kubernetes

Kubernetes is fast becoming the industry standard in cloud-native container orchestration, but simultaneously it’s also super complex, and not everyone really understands it well - understanding Kubernetes security starts with understanding how Kubernetes can be breached.

by Ariel Shuper

The most advanced cloud native security, now free for everyone
No credit card required

No credit card required

Get started in no time

Get started in no time

Up to 15 nodes, 1 cluster

Up to 15 nodes, 1 cluster

By continuing to use our website, you
acknowledge the use of cookies. Privacy Statement