Network segmentation is not a new concept in security. It’s been around for a while and is considered one of the most effective methods of limiting the “blast radius”, i.e., preventing extensive damage in case of an attack or a breach by limiting the attacker to a sealed-off segment of the network. In the era of APTs …

In our many conversations with customers, Docker secrets management has come up as a particularly thorny issue that seemed to lack an elegant, cross-platform solution for container environments. Not a new issue in the enterprise space, especially as pertains to large-scale DevOps environments, the challenges of …

DevOps professionals continue to believe they can’t do their jobs properly because security slows down operations. Security pros, meanwhile, have largely failed to integrate security measures into DevOps initiative, resulting in unproductive friction.

RunC Like the Wind

Recently, an interesting vulnerability was discovered (CVE-2016-9962) that enables container escape to the host. The vulnerability stems from a bug found in opencontainers' runc code, which is used by several container engines, including Docker.  

Cisco announced a few days ago that it discovered and fixed a critical vulnerability in its CloudCenter Orchestrator, whereby a misconfiguration caused the Docker Engine management port to be reachable outside of the CloudCenter Orchestrator system. An attacker could exploit this vulnerability by loading Docker …

It’s no secret that DevOps and IT security, like oil and water, are hard to mix. After all, DevOps is all about going fast, while security is all about proceeding carefully. However, both DevOps and security serve a higher authority—the business—and the business will be served only if DevOps and security learn to get …

2016 was a big year for the virtual container space, and 2017 looks even more promising. The industry saw tremendous growth and continues to evolve at a rapid pace. Containers, being still relatively new, present new challenges in security -- but this year has seen much progress in addressing those challenges.

Working with several customers who are "heavy" adopters of Docker containers, we've seen environments where thousands of Docker images are built on almost a daily basis. Organizations that fully commit to continuous integration often commit developer code into the image build process, which results in images being …

Last month we announced support for Windows containers and automating image scanning as a step in Microsoft VSTS. I'm happy to announce that Aqua supports the new (yet to be officially released) Azure Container Registry, or ACR.

There has been plenty of buzz lately regarding an old-new privilege escalation vulnerability, adorably named “Dirty COW” after the Copy-On-Write memory protection in the Linux kernel. The whole thing started roughly eleven years ago, when a kernel developer left a race condition issue opened: “This is an ancient bug …