Aqua Blog
Experts insight, best practices and advice on cloud native security, trends, threat intelligence and compliance
Container Security

“Thin OS” Security for Container Hosts

In the spectrum of deployment options available for cloud native applications, the most widely used option, at least presently, is running containers on VMs that use the Linux operating system (or less frequently, bare-metal servers running …

Continue reading ›
Container security

Securing ISV-Provided Container Images

Containers make it very easy to package and deliver applications, so it’s not surprising that many ISVs (Independent Software Providers) are leading the trend of packaging their software, whether it’s commercial off-the-shelf (COTS) or …

Continue reading ›
Container Secuirty

Report by Gartner Highlights Maturing Options for Securing Containers

Gartner recently released a Technical Professional Advice report titled Container Security -- From Image Analysis to Network Segmentation, Options Are Maturing* (by Joerg Fritsch and Michael Isbitski, 28 August 2018), with a detailed analysis of …

Continue reading ›
PCF Security

Security for Pivotal PAS and PKS

“When will Aqua support Pivotal Container Service (PKS)?” has become a recurring theme since we announced Aqua Security Scanner for PCF last spring. It seems many, many Pivotal Cloud Foundry PaaS customers are testing PKS, and more than a few are …

Continue reading ›
serverless2.png

Securing Serverless: Persistent Security for Ephemeral Environments

Cloud-native workloads terminology is used a lot these days to describe new technologies and deployment models of applications in the cloud universe. Serverless is a notable example of such cloud-native-workloads: it prioritizes simplicity and …

Continue reading ›
Kubernetes security

Kube-hunter - an open source tool for Kubernetes penetration testing

We just released a new free tool called kube-hunter. You give it the IP or DNS name of your Kubernetes cluster, and kube-hunter probes for security issues - it’s like automated penetration testing. 

Continue reading ›
Container compliance policies

Out-of the-Box Policies Simplify Container Compliance

One of the challenges organizations have in using cloud-native technologies is in figuring out how compliance requirements translate into actionable control points. Most regulations predate containers and serverless technologies and don’t have …

Continue reading ›
SystemCalls_Profiling_BLOG-315_650.png

Aqua 3.2: Preventing Container Breakouts with Dynamic System Call Profiling

Recently, IBM researchers weighed in on container isolation, having developed an algorithm for measuring how well it works, and reached the conclusion that "a Docker container with a well crafted seccomp profile (which blocks unexpected system …

Continue reading ›
Kubernetes Security

Aqua’s Consumption-Based Container Runtime Security Solution on GCP Marketplace

We’re pleased to announce that the Aqua Container Security Platform is now available on the Google Cloud Marketplace. This is the industry’s first consumption-based security solution for containers, enabled for Kubernetes, providing full …

Continue reading ›
AWS Fargate security

Securing AWS Fargate with Sidecars

A few months ago we launched the Aqua MicroEnforcer, the first solution for providing runtime protection to a container running in Containers-as-a-Service platforms like AWS Fargate or Azure Container Instances. The mechanism I wrote about at the …

Continue reading ›
AWS EKS Container Security

Creating and Securing an EKS Cluster: First Steps

Amazon’s managed Kubernetes service, EKS, recently went GA. Here are a few things I learnt spinning up an EKS cluster for the first time, and running the kube-bench tests on it.

Continue reading ›