Containers make it very easy to package and deliver applications, so it’s not surprising that many ISVs (Independent Software Providers) are leading the trend of packaging their software, whether it’s commercial off-the-shelf (COTS) or custom-developed code, as container images. These images are then fed into the …

Gartner recently released a Technical Professional Advice report titled Container Security -- From Image Analysis to Network Segmentation, Options Are Maturing* (by Joerg Fritsch and Michael Isbitski, 28 August 2018), with a detailed analysis of the space, including open source tools and commercial solutions.

We're …

After we made the Aqua Security Scanner for PCF announcement last spring, we started the process of supporting Pivotal Container Service (PKS).  Many Pivotal Cloud Foundry PAS customers have tested PKS and many are in production.  

Having been on the security infrastructure side of life for a couple decades, this …

Cloud native workloads terminology is used a lot these days to describe new technologies and deployment models of applications in the cloud universe. Serverless is a notable example of such cloud native-workloads: it prioritizes simplicity and agility over compatibility, control, and performance SLAs. It’s a …

Aqua released a free tool called kube-hunter to help with Kubernetes Security. You give it the IP or DNS name of your Kubernetes cluster, and kube-hunter probes for security issues - it’s like automated penetration testing. 

One of the challenges organizations have in using cloud native technologies is in figuring out how compliance requirements translate into actionable control points. Most regulations predate containers and serverless technologies and don’t have specific articles governing the use of such technologies.

We recently …

Recently, IBM researchers weighed in on container isolation, having developed an algorithm for measuring how well it works, and reached the conclusion that "a Docker container with a well crafted seccomp profile (which blocks unexpected system calls) provides roughly equivalent security to a hypervisor."

We’re pleased to announce that the Aqua Container Security Platform is now available on the Google Cloud Marketplace. This is the industry’s first consumption-based security solution for containers, enabled for Kubernetes, providing full lifecycle container security from development to production.

A few months ago we launched the Aqua MicroEnforcer, the first solution for providing runtime protection to a container running in Containers-as-a-Service platforms like AWS Fargate or Azure Container Instances. The mechanism I wrote about at the time involved building a protected version of a container image being …

Amazon’s managed Kubernetes service, EKS, recently went GA. Here are a few things I learnt spinning up an EKS cluster for the first time, and running the kube-bench tests on it.