Aqua Blog
Expert insight, best practices and advice on cloud native security, trends, threat intelligence and compliance
Self-securing-3

Achieving a Self-Securing Infrastructure in Public Clouds

One thing that most researchers look for when investigating security breaches is whether or not there’s a common element. In the case of security breaches, the kill-chain for almost every cloud security breach we looked at involved the exploitation of misconfigured or mismanaged cloud infrastructure settings. The …

Continue reading ›
cloud native security

Bringing Unconstrained Flexibility to Cloud Native Security

In the four short years since we launched Aqua and started our cloud native journey, we have all experienced dramatic change. During this time, we brought several new products to market. We witnessed the rise of Docker, then its decline. We recognized the growing popularity of Kubernetes and pivoted our …

Continue reading ›
Threat Alert Container Images

Threat Alert: Attacker Building Malicious Images Directly on Your Host

We at Team Nautilus - Aqua’s cyber security research team - discovered a new type of attack against container infrastructure. The attacker exploits a misconfigured Docker API port in order to build and run a malicious container image on the host. As far as we know, this is the first time that an attack in which the …

Continue reading ›
Risk_Based_Vulnerability_Management_v3

Risk-Based Vulnerability Management in Container Images

There’s an overwhelming number of vulnerabilities in container images – and the security of your deployments is probably suffering because of it. No matter the size of your organization, it’s a significant challenge to identify the biggest risks to your business and know what to tackle first. Merely classifying and …

Continue reading ›
Gartner Market Guide 2020

Gartner’s 2020 Market Guide to Cloud Workload Protection Platforms

If you’re looking for the reference on how to protect cloud resources, check out Gartner’s recently published Market Guide for Cloud Workload Protection Platforms* . It outlines the core capabilities and key architectural considerations that buyers must evaluate when protecting hybrid cloud workloads. In this …

Continue reading ›
Trivy VS Code Plugin

Using Trivy to Discover Vulnerabilities in VS Code Projects

For most of us developers, our container security protocol involves some sort of static image scan for vulnerabilities. Unfortunately, to do this usually involves jumping out of one type of software program, like a code editor, to open a completely separate tool to perform the scanning. Well, the open source team …

Continue reading ›
DzMLT Threat Alert

Threat Alert: An Attack Against a Docker API Leads To Hidden Cryptominers

Following an attack against a misconfigured Docker API port, the research team at Aqua Security performed an in-depth examination of the Docker Hub account from which the image was pulled. The examination was done by dynamically scanning for hidden threats in the container images hosted in that specific Docker Hub …

Continue reading ›
RBAC

Role-Based Access Control in Modern Cloud Native Security

Enterprise environments often consist of multiple teams working on different cloud native projects and applications. Each such team will work on its own assets, such as container images or functions, and use separate CI pipelines, Yet in the end, they will often run on the same cloud infrastructure. When it comes …

Continue reading ›
Aqua Risk Explorer

Visualize and Prioritize Risks in Kubernetes with Aqua Risk Explorer

If you’re running workloads on Kubernetes, one of the toughest things to understand is where you have security gaps. Yes, there are CIS benchmarks and configurations to tweak, but they are generalized and won’t highlight the risks in workloads that are actually running in your clusters. The Aqua Risk Explorer’s …

Continue reading ›
Starboard-blog650-315_2

Starboard: The Kubernetes-Native Toolkit for Unifying Security

There are lots of security tools in the cloud native world, created by Aqua and by others, for identifying and informing users about security issues in Kubernetes environments. However powerful and useful they might be, they tend to sit alongside Kubernetes, with each new product requiring users to learn a separate …

Continue reading ›
Saltstack-CVE-2020-11651

Mitigating High Severity CVEs Affecting SaltStack on Public Clouds

Two high-severity CVEs in the SaltStack platform were published last week by researchers at F-Secure. These vulnerabilities can enable remote code execution (RCE), which lets attackers remotely execute commands on the Salt leader node. This results in a full compromise of the host and can expose sensitive …

Continue reading ›