Aqua Blog
Expert insight, best practices and advice on cloud native security, trends, threat intelligence and compliance
final-alpha

Securing the World’s Software Supply Chains: Why Argon Joined Aqua

Last year, Argon set out on an exciting mission to solve one of the industry’s most urgent problems: secure the way companies build and release software. Today, we’re thrilled to hit another milestone on this journey as we join forces with Aqua Security, the well-known leader in cloud native security. This …

Continue reading ›
PCI DSS compliance cloud native

What You Need to Know About PCI DSS Compliance in Cloud Native

The Payment Card Industry Data Security Standard (PCI DSS) is a well-known compliance framework for any organization handling payment card data. However, translating the PCI DSS requirements into the world of containers and Kubernetes can be overwhelming. In this post, we break down how containerized applications …

Continue reading ›
Advanced Workload Protection for AWS Services on Graviton2

Advanced Workload Protection for AWS Services on Graviton2

Moving at the pace of innovation in cloud native infrastructure, Aqua is announcing container security support for the AWS Fargate serverless service now running on Amazon Graviton2 processors. The support for Fargate on Graviton2 container protection, security, and compliance builds on our existing workload …

Continue reading ›
RATs in the Cloud: Kubernetes UI Tools Turn into a Weapon

RATs in the Cloud: Kubernetes UI Tools Turn into a Weapon

For many years, threat actors have been using legitimate remote access tools (RATs) in their campaigns, tricking users into installing them to get full control over the victims’ systems. Similarly, in the cloud native world, attackers are increasingly targeting user interface (UI) tools to gain access to Docker and …

Continue reading ›
Tracee Runtime Security Series:  Writing Custom Tracee Rules

Tracee Runtime Security Series: Writing Custom Tracee Rules

As an open source runtime security tool, Tracee provides a base rule set that can detect a variety of attacks. However, there’s often the need to add new rules either to contribute to the project or to provide specific rules for your environment. Because Tracee allows for new rules to be written in Rego and Golang, …

Continue reading ›
A Popular npm Library Compromised in a Supply Chain Attack: What to Do

A Popular npm Library Compromised in a Supply Chain Attack: What to Do

In late October, a supply chain attack affected a popular npm library, ua-parser-js, which put many companies at risk of compromise. In this blog, we will describe the attack and outline a few ways that organizations can mitigate similar threats. This is an example in a growing trend of cyberattacks that leverage …

Continue reading ›
Golang Scanning with Trivy: Detect Vulnerabilities Accurately

Golang Scanning with Trivy: Detect Vulnerabilities Accurately

A standard piece of security advice is to reduce the size of your container images, usually by using statically compiled binaries in a scratch or distroless container. However, that complicates container vulnerability scanning, because it becomes impossible to determine the versions of software installed in a …

Continue reading ›
Automate Cloud VM Compliance with Cloud Provider Tags and Labels

Automate Cloud VM Compliance with Cloud Provider Tags and Labels

Ensuring and monitoring compliance and security best practices policies at runtime can often be a barrier to both broader adoption of cloud native technologies and moving more cloud native applications into production at scale. Cloud provider attributes — tags, labels, and resource groups — are useful tools for …

Continue reading ›
Threat Alert: Threat Actors Using

Threat Alert: Threat Actors Using release_agent Container Escape

Earlier this year, Aqua’s Team Nautilus detected a cryptocurrency mining campaign targeting our honeypots. As part of the campaign, the threat actors used a container escape technique that leverages the CGroup release_agent feature. This technique allows an attacker to break out from the container and compromise …

Continue reading ›
Tracee Runtime Security Series: Centralizing Alerts with Aqua Postee

Tracee Runtime Security Series: Centralizing Alerts with Aqua Postee

A great way to get started with runtime security in your Kubernetes environments is using Tracee, an open source runtime security and forensics tool for Linux. But as with any alerting and monitoring service, it’s necessary to send alerts to a central point to help operations teams keep track of what’s happening …

Continue reading ›
what is CNAPP

What is a CNAPP and How to Choose the Right One

A prospect’s CISO recently asked me: “I’m facing a growing stream of vulnerabilities coming from our CI/CD pipelines on the one hand, while our SecOps team is flooded with alerts and configuration issues from our production environment. How do I reconcile those separate streams and focus on what’s really important?

Continue reading ›

Subscribe to Email Updates

Popular Posts

Filter by Topic

Show more...