Service mesh architecture provides a rich set of features for controlling and securing communications among services. Encryption in transit is a feature that will be critical for financial institutions and other industries working within regulatory frameworks, including PCI, HIPAA, and others.
Join us for a day to dive into the foundational security approaches for multi-cloud environments!
Tetrate’s Zack Butcher’s recent AMA with the United States Air Force Chief Software Officer, Nicolas Chaillan highlighted some significant achievements as a result of the Department of Defense’s move to Open source technology and DevSecOps. Platform One is a group of Air Force software developers that build and secure technology tools used across the DoD, as part of the Enterprise DevSecOps Initiative. Tetrate is a partner DoD is working with, on their journey to modernization.
Software engineers working on a product that highly values security, whether they’re working on frontend, backend, or security features in particular, need to ensure that their web applications aren’t vulnerable to attack.
Tetrate is a service mesh company, providing infrastructure for enterprise customers, including financial institutions and federal agencies handling highly sensitive data. We are sharing our recent efforts in securing the UI for our product, Tetrate Service Bridge, which was aided in part by some pointers from penetration testing conducted by a large financial institution. This article walks you through that experience that may help others who are building a secure UI.
Security remains one of the primary drivers behind service mesh adoption today. In this virtual webinar to be held Oct. 21 at 11 a.m. (PDT), U.S. Air Force CSO Nicolas M. Chaillan will join Tetrate’s Zack Butcher to discuss “DevSecOps and IT Innovation with the Department of Defense.”
September 29, 2020 — The Envoy Product Security Team (PST) announced the availability of a security fix and a series of patches for Envoy versions 1.12,1.13, 1.14 and 1.15 to address two high-risk vulnerabilities related to header values and HTTP URL paths. In response to CVE-2020-25017. Additionally the Istio community recommends users to upgrade to 1.6.11+ for 1.6.x deployments or 1.7.3 or later for 1.7.x deployments.
Users of Istio and Envoy are strongly encouraged to upgrade to Istio 1.4.6 and Envoy 1.13.1 or 1.12.3 to address four newly discovered security vulnerabilities. The Envoy update is also available via GetEnvoy.io.
CVE-2020-8659 (CVSS score 7.5, High): Excessive CPU and/or memory usage when proxying HTTP/1.1 Envoy version 1.13.0 or earlier may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (e.g., 1 byte) chunks.
The Identity Management & Access Control for Multi-Cloud Conference co-hosted this January by Tetrate and NIST drew 300 attendees to Maryland and and some 600 more participants online. A major takeaway: a Zero Trust Architecture needs service mesh technologies (Istio and Envoy) and Next Generation Access Control (NGAC).
A Service Mesh is the only option for addressing a number of security requirements in service to service interactions in the modernized world of microservices and cloud-based applications, according to a NIST Special Publication that was released today.