Aqua Blog
Expert insight, best practices and advice on cloud native security, trends, threat intelligence and compliance
Kubernetes Pod Security policy

Kubernetes Pod Security Policy Deprecation: All You Need to Know

To improve your Kubernetes security, you need to control and limit what pods can be created and deployed in your environment. For this, Kubernetes has provided a beta feature called Pod Security Policy (PSP), which soon will be deprecated and replaced with a standard called Pod Security Standards (PSS). In this …

Continue reading ›
Kubernetes vulnerability scanning

Vulnerability Scanning for Kubernetes Applications: Why and How

If you’re looking to improve the security posture of your Kubernetes applications, you can get a lot of bang for your buck with vulnerability scanning. In this blog, I’ll talk about the fundamentals of scanning container images: how to pick a vulnerability scanner, when to use it in the application pipeline, and …

Continue reading ›
TeamTNT Campaign Docker images

Threat Alert: TeamTNT Pwn Campaign Against Docker and K8s Environments

Last week, TeamTNT launched a new campaign against Docker and Kubernetes environments. Using a collection of container images that are hosted in Docker Hub, the attackers are targeting misconfigured docker daemons, Kubeflow dashboards, and Weave Scope, exploiting these environments in order to steal cloud …

Continue reading ›
Neat Commerce Case Study

How Neat Commerce Ensures Regulatory Compliance with Aqua

The challenges of maintaining security and numerous compliance requirements are a very steep hill to climb for international business services providers. The latest example comes from an organization in Hong Kong called Neat, this financial services technology company has several offerings, including secure payment …

Continue reading ›

Acting on Cloud Native Security Data with Splunk

With no shortage of attacks targeting the cloud native stack, having a holistic view of your environment is paramount to contain and mitigate the attack, as well as to perform forensic analysis after the fact. In order to provide you with deeper insights into malicious and suspicious activity in your cloud native …

Continue reading ›
cloud native security myths

Debunking the Top Cloud Native Security Myths

There is no shortage of myths in cloud native security, and we made our own list of the top seven cloud native security myths. Achieving compliance in the cloud and cloud providers’ responsibilities are the top two from that list.
Continue reading ›
Starboard Operator

Automating Configuration Auditing with Starboard Operator By Aqua

Back in November 2020, we introduced the Starboard Operator, which automates vulnerability scanning in a Kubernetes environment. We’re now pleased to announce the latest release (release v0.9) which adds configuration auditing using Polaris. This means that the Operator can automatically check for weaknesses in the …

Continue reading ›
Aqua CSPM BYOK

Aqua CSPM Takes BYOK Further with Bring Your Own (Storage) Bucket

BYOK (bring your own key) is a trusted method for restricting access to data through encryption keys provided by end-users. We took this concept to the next level by adding support for “bring your own bucket” (BYOB). This new model represents an innovative, cloud native approach for providing users with better …

Continue reading ›
CVE-2021-3156 sudo Vulnerability

CVE-2021-3156 sudo Vulnerability Allows Root Privileges

A new severe vulnerability was found in Unix and Linux operating systems that allows an unprivileged user to exploit this vulnerability using sudo, causing a heap overflow to elevate privileges to root without authentication, or even get listed in the sudoers file. In this blog, I’ll go over how this CVE can be …

Continue reading ›
CSPM Guide Teaser blog image2-1

The Essential Guide to CSPM: Improve Your Cloud Security Posture

With 175 different services available on AWS alone, many enterprises are struggling to protect their large and increasingly complex cloud environments. To operate efficiently at scale, you need to continuously find and fix security issues across your entire cloud infrastructure. That’s where the concept of Cloud …

Continue reading ›
AWS

The 3 Riskiest Cloud Native AWS Configurations

With dozens of key security configurations possible for EC2 alone, the number of configuration options in AWS can be overwhelming at times. While the complexity is rising, properly – and securely - configured cloud accounts are critical to keeping pace with dynamic infrastructure requirements for a cloud native …

Continue reading ›