Aqua Blog
Expert insight, best practices and advice on cloud native security, trends, threat intelligence and compliance
Aqua open source license

Simplifying Our Open Source Contributor License Agreement

At Aqua, we develop leading open source security tools, which are widely adopted by the cloud native community and industry at large. To us, open sourcing our technology is more than just making its source code available, it’s about making the project widely used and encouraging people to participate. Beyond using …

Continue reading ›
NSA Kubernetes Hardening Guide

A Closer Look Into the NSA Kubernetes Hardening Guide

In August, the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) released their Kubernetes Hardening Guidance. As Kubernetes continues to rapidly gain adoption, it’s good to see government organizations, such as the NSA, providing guidance on how to secure this critical …

Continue reading ›
AWS EKS Anywhere

Securing Kubernetes Everywhere with EKS Anywhere

AWS has taken a major step toward reducing the management complexity of Kubernetes and simplifying deployment across on-premises data centers and public cloud with the general availability of EKS Anywhere. Aqua has worked to ensure that customers can take advantage of EKS Anywhere with holistic Kubernetes-native …

Continue reading ›
IBM Power10

Aqua Delivers Cloud Native Security for IBM Power10 Workloads

Designed to serve as a high-performance, scalable engine for containerization, IBM today launched its IBM Power10-based IBM Power E1080 server. In tandem, we are excited to announce that Aqua Security is the first cloud native security PartnerWorld partner for the IBM Power E1080.

Continue reading ›
CORE Tracee eBPF

Using CO:RE to Achieve Portable Tracee eBPF Code

One of the biggest challenges of eBPF development is distribution of your eBPF project. With so many different versions of the Linux kernel out in the wild, it seems like an impossible task to compile your eBPF program against all of them to ensure compatibility. However, by using CO:RE, a feature of libbpf, this …

Continue reading ›
Gartner Market Guide 2021

Gartner’s 2021 Market Guide to Cloud Workload Protection Platforms

Gartner recently published the updated Market Guide for Cloud Workload Protection Platforms*. It outlines the core capabilities and architectural considerations that buyers must evaluate when protecting cloud workloads, but crucially in this update Gartner has refined the scope of CWPP, added new key requirements, …

Continue reading ›
Advanced Persistent Threat Container Attacks

Advanced Persistent Threat Techniques Used in Container Attacks

This blog was co-authored with Itamar Maouda, security researcher at Aqua Security

Aqua’s Team Nautilus detected an intensive campaign targeting cloud native environments that uses advanced persistent threat (APT) techniques usually leveraged by nation-state threat actors. As part of the campaign, the attackers …

Continue reading ›
Docker official images

A Security Review of Docker Official Images: Which Do You Trust?

A key element in building secure containerized applications is to ensure that the base image that you use is well-maintained and secure. A common piece of advice is to use the Docker Official Images for this purpose. However, our research reveals that you need to be careful when using these images, as some are no …

Continue reading ›
Container runtime security

It’s About Time for Runtime: 2021 Cloud Native Security Survey

While container environments grow in size and complexity, many misconceptions persist about securing cloud native applications. Our latest survey reveals a huge knowledge gap around runtime security, with 97% of cloud native security practitioners still unaware of crucial container security principles. Here are the …

Continue reading ›
Kubernetes Hardening Techniques

Top 10 Kubernetes Application Security Hardening Techniques

One of the main challenges developers face is how to manage security risks when deploying applications to Kubernetes clusters. A great way to address this early is by applying security hardening to the application manifests during the development process. In this post, we run down 10 ways that developers can apply …

Continue reading ›
Cloud Native Security

Securing Cloud Native Applications: Your Checklist

Cloud native development brings tremendous benefits of speed and agility, but existing security approaches break down as organizations migrate their workloads to containers. What fundamental capabilities do you need to secure modern applications deployed in these increasingly dynamic environments? Use our cloud …

Continue reading ›

Subscribe to Email Updates

Popular Posts

Filter by Topic

Show more...