Aqua Blog
Expert insight, best practices and advice on cloud native security, trends, threat intelligence and compliance
Cloud Native Security

Cloud Native Security Best Practices: Using Kubernetes Admission Controller for Image Assurance

With cloud native technologies quickly evolving and with their high adoption rate, security practices are falling behind, are not being fully applied, and in some cases, applied too late. As a result, customers pay a high, albeit avoidable price. Aqua Cloud Native Security Platform uniquely addresses these …

Continue reading ›
Aqua CSP Secures AWS Lambda

What You Need to Know About AWS Lambda Functions Risk Mitigation

With serverless functions architecture gaining in popularity, it is also becoming clear that the architecture is not without its security drawbacks. Overly permissive permissions, vulnerability in the functions’ code, and embedded secrets could all be exploited. Despite being event-triggered and ephemeral by …

Continue reading ›
Cloud Native Security

Cloud Native Best Practices: Security Policies in CI/CD Pipelines

With the continual leftward shifting movement of traditional DevOps responsibilities, organizations can now detect security issues earlier in the software development lifecycle (SDLC). Using CI/CD tools such as Jenkins, GoCD, or Bamboo, organizations can continually develop, test, and ship applications. As …

Continue reading ›
threat alert exploiting open Docker daemons

Threat Alert: Exploiting Open Docker Daemons for DDoS Attacks

Aqua’s research team continuously investigates and analyzes the anatomy of new attacks in the wild. Recently, we identified attacks that exploited misconfigured open Docker daemons, where attackers were actively using this attack vector to hijack environments in order to launch targeted DDoS attacks. Each of the …

Continue reading ›
Aqua CSPM Google Cloud Security

Announcing General Availability of CloudSploit by Aqua for GCP

Aqua Security announced the general availability of CloudSploit by Aqua for Google Cloud Platform (GCP). This release comes after an extended beta program, during which we worked closely with our customers to develop and deliver a robust set of out-of-the-box policies for GCP. This release also includes a Center …

Continue reading ›
Container Security

A Brief History of Containers: From the 1970s Till Now

When we first published this blog post in 2017, the technology landscape for containers was quite different than it is today. Over the past two years, we have seen significant changes take place that affected, and continue to affect how Containers are adopted. As we enter the new decade, we want to recap the …

Continue reading ›
What is eBPF

A Deep Dive into eBPF: The Technology that Powers Tracee

Tracee, by Aqua Security, is an open source, lightweight, and easy to use container and system tracing utility. Tracee allows you to trace events that were generated within containers only, without needing to filter out other system processes.

Continue reading ›
BeerSecOps Podcast

BeerSecOps: Podcasts About Dev, Sec, Ops, and Everything in Between

Steve Giguere is a DevSecOps Architect and Evangelist for Aqua. He spends his days working with organizations adopting cloud native technologies and how they can effectively secure their applications in the (relatively) new world of microservices. The evangelist part of him enjoys educating and learning from other …

Continue reading ›
Vulnerability scanner for Harbor registry

Pluggable Image Vulnerability Scanners for Harbor

Harbor is an open source cloud native artifact registry, sponsored by the CNCF, that you can use as a repository for your container images. Harbor provides support for vulnerability scanning of images to make sure they are safe to deploy. We’ve been working with the Harbor team to extend its capabilities with …

Continue reading ›
Cloud Native Security Best Practices

Cloud Native Security Best Practices: Vulnerability Management

After four years of securing cloud native applications, our team at Aqua has learned a thing or two about applying best practices in the real world. We’ve seen many organizations succeed in establishing a sound process and tooling to achieve their security goals, and we’ve also seen those who struggle to prioritize …

Continue reading ›
What's New in Kubernetes 1.17

Kubernetes 1.17 Features and Enhancements

Kubernetes 1.17 is here, and includes new features, fixes, and improvements. In this post, we will focus on several new features that Kubernetes 1.17 offers, including the Topology Aware Service routing, the Pod shared PID Namespace, scalability improvements by a new endpoint API, and more.

Continue reading ›