Yesterday it was disclosed that a new high severity (CVSS score 7.2) vulnerability (CVE-2019-5736) was found in runc, that allows an attacker to potentially compromise the container host. Patches are already available from most providers (see …
Infrastructure protection, sandboxed containers, MicroVM hypervisors– these are interchangeable terms describing emerging technologies to isolate micro-services from their underlying infrastructure. These isolation technologies aim to protect the …
On Monday, “day 0” of this year’s KubeCon/CloudNativeCon, we held our first KubeSec Enterprise Summit event, co-located with KubeCon under the auspices of the CNCF. Aqua hosted the event together with our partners Red Hat and AWS. The event was …
This is the second in our series of blog posts on Istio, and will focus on Istio’s security features: what they are, how they work and how they help protect your workloads and your data.
Building, deploying and maintaining secure, cloud native …
Earlier this week, a severe vulnerability in Kubernetes (CVE-2018-1002105) was disclosed that allows an unauthenticated user to perform privilege escalation and gain full admin privileges on a cluster. The CVE was given the high severity score of …
KubeCon + CloudNativeCon North America is just around the corner, and looks like it is going to break attendance records, becoming the largest gathering of the Kubernetes and cloud native community ever!
Such massive adoption by large …
In support of Amazon’s announcement this week at re:Invent surrounding the new AWS Container Marketplace, we’ve made the Aqua Container Security Platform available for on-demand consumption (pay as you go), via the newly minted AWS Container …
In my previous blog, I discussed the serverless services spectrum and the unique security considerations of serverless functions. In this post, I’d like to elaborate on the importance of preliminary risk assessment checks and their contribution …
Istio, Google’s open source project for large scale, containerized application management was released in May 2017 and has undergone rapid development since then, culminating in the landmark 1.0 release in July 2018. In this blog post we will be …
In traditional cloud native environments, actions such as building and deploying applications will usually involve working directly with images hosted in one or more registries. Customers wishing to track changes in those images, in order to …
In the spectrum of deployment options available for cloud native applications, the most widely used option, at least presently, is running containers on VMs that use the Linux operating system (or less frequently, bare-metal servers running …