Aqua Blog

Application Security

Frost Radar for CNAPPs: Why is Aqua the Top Innovation Leader?

Frost Radar for CNAPPs: Why is Aqua the Top Innovation Leader?

Fifteen vendors. That’s the number of CNAPPs featured in analyst firm Frost & Sullivan’s recent radar for Cloud Native Application Protection Platforms, the first report to rank CNAPP solution providers to come out at this early stage of the market. Not surprisingly to us, Aqua came out on top (or rather, to the …

Continue reading ›
A Security Review of Docker Official Images: Which Do You Trust?

A Security Review of Docker Official Images: Which Do You Trust?

A key element in building secure containerized applications is to ensure that the base image that you use is well-maintained and secure. A common piece of advice is to use the Docker Official Images for this purpose. However, our research reveals that you need to be careful when using these images, as some are no …

Continue reading ›
Top 10 Kubernetes Application Security Hardening Techniques

Top 10 Kubernetes Application Security Hardening Techniques

One of the main challenges developers face is how to manage security risks when deploying applications to Kubernetes clusters. A great way to address this early is by applying security hardening to the application manifests during the development process. In this post, we run down 10 ways that developers can apply …

Continue reading ›
Supply Chain Attacks and Cloud Native: What You Need to Know

Supply Chain Attacks and Cloud Native: What You Need to Know

The past couple of years have seen a rise in software supply chain attacks, with the most salient example being the Solarwinds attack. As production environments have gained multiple layers of protection, and much of the attention of security teams, malicious actors have set their sights on “poisoning the well”, i.e., …

Continue reading ›
CVE-2021-3156 sudo Vulnerability Allows Root Privileges

CVE-2021-3156 sudo Vulnerability Allows Root Privileges

A new severe vulnerability was found in Unix and Linux operating systems that allows an unprivileged user to exploit this vulnerability using sudo, causing a heap overflow to elevate privileges to root without authentication, or even get listed in the sudoers file. In this blog, I’ll go over how this CVE can be …

Continue reading ›
Simplifying Access to the Aqua Platform with Okta

Simplifying Access to the Aqua Platform with Okta

Enterprise-grade solutions are expected to integrate with existing enterprise infrastructure, including providing SSO to authenticate users without requiring separate definitions of user identity and access credentials.

Continue reading ›
Enterprise Kubernetes Security at KubeCon + CloudNativeCon

Enterprise Kubernetes Security at KubeCon + CloudNativeCon

KubeCon + CloudNativeCon North America is just around the corner, and looks like it is going to break attendance records, becoming the largest gathering of the Kubernetes and cloud native community ever!

Such massive adoption by large organizations in their production deployments, brings with it security and …

Continue reading ›
Aqua Named 2018 Technology Pioneer by the World Economic Forum

Aqua Named 2018 Technology Pioneer by the World Economic Forum

Every year, the World Economic Forum, the same organization that assembles world leaders and business leaders in Davos, hand-picks a few dozen companies from all walks of technology (cleantech, medical, mobility, etc.) as Technology Pioneers. This year we are very proud to have been selected as one of only a handful …

Continue reading ›
Revisiting AWS Fargate with Aqua 3.0

Revisiting AWS Fargate with Aqua 3.0

A few months ago I was lucky enough to get my hands on Fargate when it was in preview in the run-up to AWS re:invent. It was immediately clear that it’s a pretty cool concept, and that it presents a new challenge for security solutions like Aqua, because of the lack of a “host” entity on which you can deploy your …

Continue reading ›
10 Key Security Terms DevOps Need to Know

10 Key Security Terms DevOps Need to Know

It’s no secret that DevOps and IT security, like oil and water, are hard to mix. After all, DevOps is all about going fast, while security is all about proceeding carefully. However, both DevOps and security serve a higher authority—the business—and the business will be served only if DevOps and security learn to get …

Continue reading ›
Aqua Integration with VMWare for Hybrid VM and Container Security

Aqua Integration with VMWare for Hybrid VM and Container Security

Last month at VMWorld we had the pleasure of being part of a next-generation security session given by VMWare’s SVP of Security Products, Tom Corn. 

Continue reading ›