Aqua Blog
Experts insight, best practices and advice on cloud native security, trends, threat intelligence and compliance
Serverless Security

Performance-Optimized Runtime Protection for Serverless Functions with Aqua

In order to protect serverless functions while they are running, you need to consider the very short execution times and ensure that you’re not slowing down applications or increasing cloud usage costs. In Aqua CSP 4.2, we’ve now introduced advanced runtime protection that does just that, while complementing our …

Continue reading ›
service mesh security

Securing AWS App Mesh With Aqua

We’re excited to be launch partners for AWS App Mesh, officially announced today at the Santa Clara AWS Summit. Aqua provides fine-grained protection to microservices-based applications that use AWS App Mesh, by ensuring that the microservices infrastructure conforms to the organization’s security policy, and by …

Continue reading ›
Amazon-ECS-Workloads-On-Demand-BLOG650_315_S.png

How to Secure Amazon ECS Workloads On Demand

In support of Amazon’s announcement this week at re:Invent surrounding the new AWS Container Marketplace, we’ve made the Aqua Container Security Platform available for on-demand consumption (pay as you go), via the newly minted AWS Container category in the Marketplace. 

We have several new listings in the AWS …

Continue reading ›
AWS Fargate security

Securing AWS Fargate with Sidecars

A few months ago we launched the Aqua MicroEnforcer, the first solution for providing runtime protection to a container running in Containers-as-a-Service platforms like AWS Fargate or Azure Container Instances. The mechanism I wrote about at the time involved building a protected version of a container image being …

Continue reading ›
AWS EKS Container Security

Creating and Securing an EKS Cluster: First Steps

Amazon’s managed Kubernetes service, EKS, recently went GA. Here are a few things I learnt spinning up an EKS cluster for the first time, and running the kube-bench tests on it.

Continue reading ›
Active_workload_blog_650x315_2-1

Active Workload Protection on AWS Fargate, and The Importance of Immutability

Back in March we announced Aqua MicroEnforcer, a new deployment technology that enabled us to secure runtime workload running on AWS Fargate and Azure Container Instances. Since then we’ve seen a lot of interest from customers who see these services not only as a way to deploy containers on demand for spillover …

Continue reading ›
Kubernetes Security AWS EKS

Securing Kubernetes Deployments on Amazon EKS with Aqua

AWS made its Elastic Container Services for Kubernetes (EKS) generally available today. We at Aqua had access to the preview version for some time, which allowed us to ensure that our container security platform works with EKS to provide its full spectrum of runtime protection capabilities. 

Continue reading ›
AWS Fargate CaaS microenforcer

Revisiting AWS Fargate with Aqua 3.0

A few months ago I was lucky enough to get my hands on Fargate when it was in preview in the run-up to AWS re:invent. It was immediately clear that it’s a pretty cool concept, and that it presents a new challenge for security solutions like Aqua, because of the lack of a “host” entity on which you can deploy your …

Continue reading ›
2017 container developments

2017 in Review: Major Developments in the Container Ecosystem

From a “humble” $762 million in 2016, containers are predicted to grow faster than any other technology this year (as well as the next) and are on the way to become a $2.7B industry by 2020.

Continue reading ›
AWS Fargate security

Securing Struts in AWS Fargate

Today at re:Invent, Amazon is announcing AWS Fargate, a container service that allows you to provision containers in AWS without having to worry about the VM instances for them to run on. We had an early preview, and the opportunity to see how Aqua’s Container Security Platform works to protect containers running …

Continue reading ›
blog AWS PrivateLink.png

Image Scanning in VPCs with Aqua and AWS PrivateLink

Amazon Web Services announced today at re:Invent an to a recent feature PrivateLink, that enables AWS Virtual Private Cloud customers to consume apps outside their VPCs through service endpoints, using their own private IP addresses and security groups. This is a non-trivial task since VPCs are made to be isolated, …

Continue reading ›