Aqua Blog
Expert insight, best practices and advice on cloud native security, trends, threat intelligence and compliance
AWS

The 3 Riskiest Cloud Native AWS Configurations

With dozens of key security configurations possible for EC2 alone, the number of configuration options in AWS can be overwhelming at times. While the complexity is rising, properly – and securely - configured cloud accounts are critical to keeping pace with dynamic infrastructure requirements for a cloud native …

Continue reading ›
KubeSec Kubernetes security conference

KubeSec Enterprise Online North America Kicks Off!

Looking for a great start to the year? We got you covered! For the fifth time, Aqua will host the KubeSec Enterprise Summit, an industry event entirely dedicated to the security of cloud native applications. While we’re looking forward to connecting with you all in-person again someday, we are also, as was the case …

Continue reading ›
Rootless Containers

Boosting Container Security with Rootless Containers

If there is a single best practice for container security, it is to avoid running containers as root. Rootless containers are making this much easier – almost effortless, even. In this blog, I’ll talk about why you should be avoiding root in containers, what rootless containers are, and how they are going to help.

Continue reading ›
Cloud Security Posture Management

Infographic: What is CSPM and Why You Need It

As a major trend in 2020, enterprises have been increasingly adopting multi-cloud to elevate efficiency and maintain flexibility and independence. But multi-cloud environments are more complex and harder to secure, leading to more cloud service misconfigurations and breaches. Making matters worse, many …

Continue reading ›
Top Five Threat Alert Blogs

Aqua’s Top Five Threat Alerts for 2020

It has certainly been a rough year and just as life constantly evolves, so do cyber threats. So, here are a few blogs by our cyber security research group, Team Nautilus, that got the most attention from cloud native security professionals. These blogs highlight how attackers continue to get more creative over …

Continue reading ›
CVE-2020-15275 in containerd-shim API

CVE-2020-15275: New Vulnerability Exploits containerd-shim API

A year of challenges isn’t quite over yet, as a new vulnerability was found in containerd, CVE-2020-15257. When exploited, after providing a connection through the container to the host network, an attacker can gain root privileges on the host. This vulnerability was disclosed by Jeff Dileo of NCC Group, our …

Continue reading ›
Aqua Vulnerability Database AVD

Unveiling Aqua Vulnerability Database, Strengthen Your K8s Clusters

Published sources of vulnerabilities in cloud native environments are an important resource, but the information is often spread out across a variety of platforms. Since 80% of cloud native software is based on open source, this makes getting the most relevant and up-to-date vulnerability information a real …

Continue reading ›
Kubernetes RBAC Apolicy 5.3

Evaluating and Enforcing Least Privilege in Kubernetes with Aqua KSPM

This blog was co-authored with Maor Goldberg, Founder & CEO at Apolicy

Overly permissive defaults associated with roles and K8s subjects, such as service accounts, add risks to the attack surface of Kubernetes. And attempting to manually understand these risks and enforce least privilege rights in a Kubernetes …

Continue reading ›
Fileless Attack Blog Image

Threat Alert: Fileless Malware Executing in Containers

Our cyber research team detected a new type of attack that executes and runs malware straight from memory in containers, thus evading common defenses and static scanning. This malware is using a rootkit to hide its running processes, then hijacks resources by executing a crypto miner from memory — leaving a …

Continue reading ›
AWS EKS Security

Secure your Digital Transformation on Amazon EKS-Distro with Aqua

The cloud is fundamental for digital transformation, but for many organizations, a hybrid approach is preferred. This ideally allows you to use the very same foundational tools on-prem as your destination in the cloud. Well, now you can do just that with Amazon EKS-Distro (EKS-D), a new Kubernetes distribution that …

Continue reading ›
AWS Lambda Containers

Aqua Secures Container Image Support in AWS Lambda

Amazon continues to build new capabilities into its serverless operational mode and has launched container image support in AWS Lambda. It enables packaging and deploying Lambda functions as container images. Building on our strong partnership with AWS and our desire to offer the most complete cloud-native security …

Continue reading ›