Cloud Native Security

In the four short years since we launched Aqua and started our cloud native journey, we have all experienced dramatic change. During this time, we brought several new products to market. We witnessed the rise of Docker, then its decline. We recognized the growing popularity of Kubernetes and pivoted our …

Enterprise environments often consist of multiple teams working on different cloud native projects and applications. Each such team will work on its own assets, such as container images or functions, and use separate CI pipelines, Yet in the end, they will often run on the same cloud infrastructure. When it comes …

Lately we’ve been witnessing a rise in the number of attacks that target container environments. We’ve been tracking an organized attack campaign that targets misconfigured open Docker Daemon API ports. This persistent campaign has been going on for months, with thousands of attempts taking place nearly on a daily …

To harness the power of a secure and mature Kubernetes platform, to increase their development teams’ productivity, and to lower costs, organizations choose to use Red Hat OpenShift. To achieve these goals, many deploy Red Hat OpenShift on-premise, which requires allocating resources to manage the infrastructure …

The Aqua Research team has identified a new attack vector that points to an evolution in attacks’ techniques and capabilities. In these attacks, the attackers leverage containers as an entry point to discover and spread to other resources used within cloud accounts. The attackers deployed a clean Ubuntu container, …

With cloud native technologies quickly evolving and with their high adoption rate, security practices are falling behind, are not being fully applied, and in some cases, applied too late. As a result, customers pay a high, albeit avoidable price. Aqua Cloud Native Security Platform uniquely addresses these …

With serverless functions architecture gaining in popularity, it is also becoming clear that the architecture is not without its security drawbacks. Overly permissive permissions, vulnerability in the functions’ code, and embedded secrets could all be exploited. Despite being event-triggered and ephemeral by …

With the continual leftward shifting movement of traditional DevOps responsibilities, organizations can now detect security issues earlier in the software development lifecycle (SDLC). Using CI/CD tools such as Jenkins, GoCD, or Bamboo, organizations can continually develop, test, and ship applications. As …

After four years of securing cloud native applications, our team at Aqua has learned a thing or two about applying best practices in the real world. We’ve seen many organizations succeed in establishing a sound process and tooling to achieve their security goals, and we’ve also seen those who struggle to prioritize …

The AWS Security Hub SecOps tool provides a comprehensive view of security and compliance alerts across various AWS accounts.  Security findings are collected and summarized on integrated dashboards, allowing security professionals to continuously monitor their environment using automated compliance checks. The …