In our view, making security tools easy to use is one of the best ways to increase adoption and help end users improve the security of their deployments. One of the strengths of our open source vulnerability scanner for container images, Trivy, is that it’s very easy to install and to integrate into different …

Drift prevention is the cloud native answer to malware, worms and zero-day exploits. It’s also one of the best things to happen to security since the firewall, and finally a departure from the defeatist “we can’t really stop attacks so let’s not try” approach that’s been plaguing the mindset of security …

Our customers challenged us to add Oracle Cloud Infrastructure (OCI) security to the list of public clouds that Aqua CSPM (aka CloudSploit) covers – and make it seamless. That meant giving our customers a singular view into the public cloud platforms they use, while maintaining the same level of control with …

To harness the power of a secure and mature Kubernetes platform, to increase their development teams’ productivity, and to lower costs, organizations choose to use Red Hat OpenShift. To achieve these goals, many deploy Red Hat OpenShift on-premise, which requires allocating resources to manage the infrastructure …

osquery is a SQL powered operating system instrumentation, monitoring, and analytics tool that exposes an operating system as a relational database. Using SQL, you can run queries to gain the status of your entire infrastructure. What’s cool about osquery is how easy it is to use the SQL query interface. kube-query …

The Aqua Research team has identified a new attack vector that points to an evolution in attacks’ techniques and capabilities. In these attacks, the attackers focused on spreading into instances that were running in the cloud. The attackers deployed a clean Ubuntu container, mounted the host file system, which …

With cloud native technologies quickly evolving and with their high adoption rate, security practices are falling behind, are not being fully applied, and in some cases, applied too late. As a result, customers pay a high, albeit avoidable price. Aqua Cloud Native Security Platform uniquely addresses these …

With serverless functions architecture gaining in popularity, it is also becoming clear that the architecture is not without its security drawbacks. Overly permissive permissions, vulnerability in the functions’ code, and embedded secrets could all be exploited. Despite being event-triggered and ephemeral by …

With the continual leftward shifting movement of traditional DevOps responsibilities, organizations can now detect security issues earlier in the software development lifecycle (SDLC). Using CI/CD tools such as Jenkins, GoCD, or Bamboo, organizations can continually develop, test, and ship applications. As …

Aqua’s research team continuously investigates and analyzes the anatomy of new attacks in the wild. Recently, we identified attacks that exploited misconfigured open Docker daemons, where attackers were actively using this attack vector to hijack environments in order to launch targeted DDoS attacks. Each of the …