The Payment Card Industry Data Security Standard (PCI DSS) is a well-known compliance framework for any organization handling payment card data. However, translating the PCI DSS requirements into the world of containers and Kubernetes can be overwhelming. In this post, we break down how containerized applications …

Moving at the pace of innovation in cloud native infrastructure, Aqua is announcing container security support for the AWS Fargate serverless service now running on Amazon Graviton2 processors. The support for Fargate on Graviton2 container protection, security, and compliance builds on our existing workload …

For many years, threat actors have been using legitimate remote access tools (RATs) in their campaigns, tricking users into installing them to get full control over the victims’ systems. Similarly, in the cloud native world, attackers are increasingly targeting user interface (UI) tools to gain access to Docker and …

As an open source runtime security tool, Tracee provides a base rule set that can detect a variety of attacks. However, there’s often the need to add new rules either to contribute to the project or to provide specific rules for your environment. Because Tracee allows for new rules to be written in Rego and Golang, …

In late October, a supply chain attack affected a popular npm library, ua-parser-js, which put many companies at risk of compromise. In this blog, we will describe the attack and outline a few ways that organizations can mitigate similar threats. This is an example in a growing trend of cyberattacks that leverage …

A standard piece of security advice is to reduce the size of your container images, usually by using statically compiled binaries in a scratch or distroless container. However, that complicates container vulnerability scanning, because it becomes impossible to determine the versions of software installed in a …

Ensuring and monitoring compliance and security best practices policies at runtime can often be a barrier to both broader adoption of cloud native technologies and moving more cloud native applications into production at scale. Cloud provider attributes — tags, labels, and resource groups — are useful tools for …

Earlier this year, Aqua’s Team Nautilus detected a cryptocurrency mining campaign targeting our honeypots. As part of the campaign, the threat actors used a container escape technique that leverages the CGroup release_agent feature. This technique allows an attacker to break out from the container and compromise …

A great way to get started with runtime security in your Kubernetes environments is using Tracee, an open source runtime security and forensics tool for Linux. But as with any alerting and monitoring service, it’s necessary to send alerts to a central point to help operations teams keep track of what’s happening …

A prospect’s CISO recently asked me: “I’m facing a growing stream of vulnerabilities coming from our CI/CD pipelines on the one hand, while our SecOps team is flooded with alerts and configuration issues from our production environment. How do I reconcile those separate streams and focus on what’s really important?”