Aqua Blog
Experts insight, best practices and advice on cloud native security, trends, threat intelligence and compliance
Severe-Privilege--BLOG-650_315.png

Severe Privilege Escalation Vulnerability in Kubernetes (CVE-2018-1002105)

Earlier this week, a severe vulnerability in Kubernetes (CVE-2018-1002105) was disclosed that allows an unauthenticated user to perform privilege escalation and gain full admin privileges on a cluster. The CVE was given the high severity score of 9.8 (out of 10) and it affects all Kubernetes versions from 1.0 …

Continue reading ›
Kubernetes security

Enterprise Kubernetes Security at KubeCon + CloudNativeCon

KubeCon + CloudNativeCon North America is just around the corner, and looks like it is going to break attendance records, becoming the largest gathering of the Kubernetes and cloud native community ever!

Such massive adoption by large organizations in their production deployments, brings with it security and …

Continue reading ›
Amazon-ECS-Workloads-On-Demand-BLOG650_315_S.png

How to Secure Amazon ECS Workloads On Demand

In support of Amazon’s announcement this week at re:Invent surrounding the new AWS Container Marketplace, we’ve made the Aqua Container Security Platform available for on-demand consumption (pay as you go), via the newly minted AWS Container category in the Marketplace. 

We have several new listings in the AWS …

Continue reading ›
Serverless functions risk

Serverless Security: The Importance of FaaS Risk Assessment

In my previous blog, I discussed the serverless services spectrum and the unique security considerations of serverless functions. In this post, I’d like to elaborate on the importance of preliminary risk assessment checks and their contribution to an effective security strategy, based on lessons learned in …

Continue reading ›
Kubernetes Security

Istio: The Enterprise Upgrade Path to Microservices

Istio, Google’s open source project for large scale, containerized application management was released in May 2017 and has undergone rapid development since then, culminating in the landmark 1.0 release in July 2018. In this blog post we will be exploring what Istio is, how it works and how to adopt it. In …

Continue reading ›
Container Security Openshift

Streamline Image Vulnerability Management for OpenShift Image Streams

In traditional cloud native environments, actions such as building and deploying applications will usually involve working directly with images hosted in one or more registries. Customers wishing to track changes in those images, in order to identify security and compliance issues, would need to set up an automatic …

Continue reading ›
Container Security

“Thin OS” Security for Container Hosts

In the spectrum of deployment options available for cloud native applications, the most widely used option, at least presently, is running containers on VMs that use the Linux operating system (or less frequently, bare-metal servers running Linux).

Continue reading ›
Container security

Securing ISV-Provided Container Images

Containers make it very easy to package and deliver applications, so it’s not surprising that many ISVs (Independent Software Providers) are leading the trend of packaging their software, whether it’s commercial off-the-shelf (COTS) or custom-developed code, as container images. These images are then fed into the …

Continue reading ›
Container Secuirty

Report by Gartner Highlights Maturing Options for Securing Containers

Gartner recently released a Technical Professional Advice report titled Container Security -- From Image Analysis to Network Segmentation, Options Are Maturing* (by Joerg Fritsch and Michael Isbitski, 28 August 2018), with a detailed analysis of the space, including open source tools and commercial solutions.

We're …

Continue reading ›
PCF Security

Security for Pivotal PAS and PKS

“When will Aqua support Pivotal Container Service (PKS)?” has become a recurring theme since we announced Aqua Security Scanner for PCF last spring. It seems many, many Pivotal Cloud Foundry PaaS customers are testing PKS, and more than a few are already in production.

Having been on the security infrastructure …

Continue reading ›
serverless2.png

Securing Serverless: Persistent Security for Ephemeral Environments

Cloud-native workloads terminology is used a lot these days to describe new technologies and deployment models of applications in the cloud universe. Serverless is a notable example of such cloud-native-workloads: it prioritizes simplicity and agility over compatibility, control, and performance SLAs. It’s a …

Continue reading ›