Enabling Customers with Visibility and Remediation at Scale As the pioneer in cloud native security, Aqua has been at the forefront of CNAPP innovation. Today, we are pleased to announce our integration with Amazon Security Lake. This integration allows customers the insights needed to determine their risk posture …
The move to cloud native changed the daily operations of security teams. This shift requires teams to monitor the risk embedded within cloud environments, which increases the noise level, and piles up thousands of security issues to handle. This new reality requires different measures to handle relevant incidents …
What if someone handed you a static picture of a highway and asked you to drive using only the picture? Would you still drive even if you knew you could not see all the traffic around you?
Yet traditional CSPM solutions show the state of your environment as a snapshot in time, usually once per day, only giving you …
What if you could prevent an attack like SolarWinds in a few easy steps? Since sophisticated software supply chain attacks usually hide in legitimate build processes and code updates, they’re often missed by regular code scanning tools. To counter these threats, we’re excited to announce pipeline integrity scanning —
RSA 2023 revealed a much-needed change in perception: cloud native security requires one integrated approach. Finally, a consensus. If you care about cloud security, you care about the lifecycle of your cloud applications. This lifecycle has two fundamental parts: building applications and running them. To secure your …
What if you were told that you had a misconfigured registry with hundreds of millions of software artifacts containing highly confidential and sensitive proprietary code and secrets exposed in your environment right now? This would be what you’d call a really bad day for security. Recently, the Aqua Nautilus research …
We have recently discovered the first-ever evidence that attackers are exploiting Kubernetes (K8s) Role-Based Access Control (RBAC) in the wild to create backdoors. The attackers also deployed DaemonSets to take over and hijack resources of the K8s clusters they attack. Our research suggests that this campaign is …
CIS (Center for Internet Security) compliance scanning is a standard in Kubernetes (K8s) security and is widely adopted across the industry with implementations in several security scanners. Kube-bench, an open source project developed by Aqua Security was one of the first projects to provide Kubernetes CIS compliance …
Right now, you can only see half of what is going on in your cloud. Do you want to see the other half? At RSA this year we are going to show you how Aqua’s single platform provides real-time visibility and better prioritization for your cloud, so you see more and do less.
CNAPP is projected to be one of the biggest security categories ever – a $25 to $30B market. Why? Enterprises are continuing to move applications to the cloud while adopting cloud native practices, necessitating new security measures. At the same time, CISOs are under pressure to consolidate tools for better security …
Aqua Nautilus researchers have discovered a chain of critical vulnerabilities, dubbed CorePlague, in the widely used Jenkins Server and Update Center (CVE-2023-27898, CVE-2023-27905). Exploiting these vulnerabilities could allow an unauthenticated attacker to execute arbitrary code on the victim's Jenkins server, …