CIS (Center for Internet Security) compliance scanning is a standard in Kubernetes (K8s) security and is widely adopted across the industry with implementations in several security scanners. Kube-bench, an open source project developed by Aqua Security was one of the first projects to provide Kubernetes CIS compliance …

Right now, you can only see half of what is going on in your cloud. Do you want to see the other half?  At RSA this year we are going to show you how Aqua’s single platform provides real-time visibility and better prioritization for your cloud, so you see more and do less.

CNAPP is projected to be one of the biggest security categories ever – a $25 to $30B market. Why? Enterprises are continuing to move applications to the cloud while adopting cloud native practices, necessitating new security measures. At the same time, CISOs are under pressure to consolidate tools for better security …

Aqua Nautilus researchers have discovered a chain of critical vulnerabilities, dubbed CorePlague, in the widely used Jenkins Server and Update Center (CVE-2023-27898, CVE-2023-27905). Exploiting these vulnerabilities could allow an unauthenticated attacker to execute arbitrary code on the victim's Jenkins server, …

Finally, the long-lasting “agentless vs. agent” debate is over. The inevitable result? If you want great cloud workload security, you need an agent. While many security professionals knew this from the start, plenty were misled into believing in the overhyped promise of agentless security. Why is this news? Because …

This week, the White House released its updated National Cybersecurity Strategy detailing the comprehensive approach the U.S. Government’s Administration is taking to cybersecurity. 

Supply chain security has made lots of headlines recently thanks to events like the SolarWinds breach. That and similar events highlight the importance of having a strategy in place to respond to zero-day attacks which can take advantage of vulnerable software components.

DevSecOps is an easy term to toss around. But what does it mean, exactly? What actually goes into an effective DevSecOps strategy? And how do cloud and DevOps impact DevSecOps processes? To find out, I participated in a conversation with Merritt Baer, principal in the AWS Office of the CISO, to discuss the best ways …

Containers as a Service (CaaS) like AWS Fargate have proven to be a valuable mechanism for DevOps teams to build and deploy complex applications at scale. By removing the need for infrastructure management and security, customers can also reduce development costs using AWS Fargate.

As reliance on software increases in both personal and professional contexts, security of the software supply chain has become a critical concern. Ensuring the security and quality of software is essential for protecting against digital attacks, data breaches, and other cyber threats. Two practices that play a key …