Insights
Deep dives on policy-driven egress, operational pitfalls, and the tech stack that makes a firewall practical at cloud scale.
Binding DNS context to packet filters turns raw IP blocking into policy you can actually reason about.
Traditional firewalls only see IPs, while modern policy is written in hostnames, services, and intent. A DNS-aware enforcement layer bridges that gap by translating name resolution events into dynamic rulesets. It takes careful cache design, timing control, and observability to keep that mapping reliable.
Read moreDefault network policies stop east-west traffic, but the outbound path is usually wide open and full of blind spots.
Kubernetes makes it easy to ship workloads, and just as easy to ship data somewhere it should never go. Many clusters rely on network policies that only control pod-to-pod traffic, while outbound access remains governed by egress rules that live elsewhere. When DNS, NAT, and firewall ownership is fragmented, data exfiltration becomes an accident waiting to happen.
Read moreEvery platform says zero-trust, yet egress policy is still held together with brittle allow lists and last-minute exceptions.
Cloud-native stacks scale faster than the security models that try to contain them. Teams bolt on sidecars, NAT gateways, and DNS filters, but still end up with sprawling allow lists and emergency overrides that quietly undo policy intent. The result is a maze of controls that look strict on paper yet leak in practice. This piece looks at why egress governance remains messy.
Read more