What if you could prevent an attack like SolarWinds in a few easy steps? Since sophisticated software supply chain attacks usually hide in legitimate build processes and code updates, they’re often missed by regular code scanning tools. To counter these threats, we’re excited to announce pipeline integrity scanning —

RSA 2023 revealed a much-needed change in perception: cloud native security requires one integrated approach. Finally, a consensus. If you care about cloud security, you care about the lifecycle of your cloud applications. This lifecycle has two fundamental parts: building applications and running them. To secure your …

What if you were told that you had a misconfigured registry with hundreds of millions of software artifacts containing highly confidential and sensitive proprietary code and secrets exposed in your environment right now? This would be what you’d call a really bad day for security. Recently, the Aqua Nautilus research …

We have recently discovered the first-ever evidence that attackers are exploiting Kubernetes (K8s) Role-Based Access Control (RBAC) in the wild to create backdoors. The attackers also deployed DaemonSets to take over and hijack resources of the K8s clusters they attack. Our research suggests that this campaign is …

CIS (Center for Internet Security) compliance scanning is a standard in Kubernetes (K8s) security and is widely adopted across the industry with implementations in several security scanners. Kube-bench, an open source project developed by Aqua Security was one of the first projects to provide Kubernetes CIS compliance …

Right now, you can only see half of what is going on in your cloud. Do you want to see the other half?  At RSA this year we are going to show you how Aqua’s single platform provides real-time visibility and better prioritization for your cloud, so you see more and do less.

CNAPP is projected to be one of the biggest security categories ever – a $25 to $30B market. Why? Enterprises are continuing to move applications to the cloud while adopting cloud native practices, necessitating new security measures. At the same time, CISOs are under pressure to consolidate tools for better security …

Aqua Nautilus researchers have discovered a chain of critical vulnerabilities, dubbed CorePlague, in the widely used Jenkins Server and Update Center (CVE-2023-27898, CVE-2023-27905). Exploiting these vulnerabilities could allow an unauthenticated attacker to execute arbitrary code on the victim's Jenkins server, …

Finally, the long-lasting “agentless vs. agent” debate is over. The inevitable result? If you want great cloud workload security, you need an agent. While many security professionals knew this from the start, plenty were misled into believing in the overhyped promise of agentless security. Why is this news? Because …

This week, the White House released its updated National Cybersecurity Strategy detailing the comprehensive approach the U.S. Government’s Administration is taking to cybersecurity.