Ready to get started? The following resources and tutorials will enhance your understanding of container network security and help you get started.
Analyst research
Get an independent analyst’s view on the state of container security:
Blogs
Many container network security experts are blogging about lessons learned and sharing their knowledge on how to secure mod- ern applications. Follow their conversations:
- Securing Modern Applications and APIs: Why and How?
- It’s Time to Rethink Security Across the Software Supply Chain
- Multi-Cloud Connectivity and Security Needs of Kubernetes Applications
- Announcing the General Availability of Container Security in VMware Carbon Black Cloud
- VMware to Help Customers Make Modern Apps More Secure with Intent to Acquire Mesh7
- Forging a Path to Continuous, Risk-based Security with VMware Tanzu Service Mesh
Courses and certifications
Developers and platform operators alike need to learn how to secure applications and platforms. Why not take a class to enrich your understanding? There are many free and low-cost options, including the following:
The Linux Foundation offers a Certified Kubernetes Security Specialist (CKS) program to provide assurance that a CKS has the skills, knowledge, and competence on a broad range of best practices for security container-based applications and Kubernetes platforms during build, deployment, and runtime. Learn more now.
Prep courses for the CKS certification include the following:
Demos and presentations
When you’re ready to take a deeper dive into container network security, why not get a demo from the technical experts to help you understand what’s going on “under the hood”? Take a look at the following demos:
View Tim Hockin’s illustrated guide to Kubernetes Networking. Tim is a co-founder of the Kubernetes project and a principal software engineer at Google; he gives talks on Kubernetes, networking, storage, node, multi-cluster, resource isolation, and cluster sharing. View now.
Documentation and product pages
When all else fails, read the manual! These links to official documentation and product pages will help you find the answers you need:
- Kubernetes Service
- Kubernetes Networking
- Antrea
- VMware Tanzu Service Mesh on Tanzu
- VMware Tanzu Service Mesh on VMware.com
- VMware Tanzu Service Mesh Documentation
- VMware Carbon Black
- VMware NSX Distributed IDS/IPS
- VMware NSX Advanced Load Balancer
- VMware NSX Advanced Threat Protection
- VMware Intrinsic Security
Frameworks
The MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. Refer to the MITRE ATT&CK framework for common exploits to the Linux platform by clicking here.
Special interest groups
Join the Kubernetes Special Interest Groups to post questions and connect with your fellow container network security engineers in the industry:
- Cloud Native Computing Foundation (CNCF) Special Interest Group on Security: Secure access, policy control, privacy, auditing, and more.
- CNCF Special Interest Group on Networking: Networking primitives, including load balancing, observability, authentication, authorization, policy, rate limiting, quality of service (QoS), mesh networks, legacy infrastructure bridging, and more.
Videos
You can find a wealth of videos on container network security from practitioners and trainers:
- New Security Features In Kubernetes 1.18, by Haim Helman, VMware
- Seccomp Security Profiles and You: A Practical Guide, by Duffie Cooley, VMware
- Service Mesh Security in a Nutshell, by Venil Noronha and Manish Chugtu, VMware
Webinars
Tune into webinars to get caught up on the latest trends on container network security from industry experts:
- Securing Containers and Kubernetes-Orchestrated Environments
- Achieve Application Scalability with Tanzu Service Mesh
- Deploy Secure, Scalable Kubernetes Apps with Tanzu Service Mesh and Ingress Services
- Securing and Accelerating the Kubernetes CNI Data Plane with Project Antrea and NVIDIA Mellanox ConnectX SmartNICs
- Zero Trust Security for Cloud Native Apps
VMworld sessions
Didn’t have a chance to catch VMworld? Or maybe you’re looking to re-watch some of your favorite sessions? Tune in to the instant replays below for all things container networking:
- Modern Kubernetes Apps, Part 1: Connecting, Securing, Scaling Across Clouds Demos of Key Use Cases
- Modern Kubernetes Apps, Part 2: Demo of Key Use Cases
- Bridge the Lab-to-Prod Gap for Kubernetes with Modern Apps Connectivity
- Implement Observability for Kubernetes Clusters and Workloads in Minutes
- Make Your Move to Multi-Cloud Kubernetes with VMware Tanzu
- Manage Kubernetes Across Multiple Clouds
- Why Adopt Containers and Kubernetes in Your Organization
- The Future of VM Provisioning – Enabling VM Lifecycle Through Kubernetes
- Secure the Software Supply Chain with Container Network Security
These are just a few out of many. To catch more VMworld session replays visit our on-demand video library
We know that there’s much more to container network security than these 11 kick-start tips. For the in-and-outs of it all in an easy-to-read guide, download the Container Network Security for Dummies® eBook now.
By Jennifer Schwager, VMware