Aqua Blog

CNAPP

Aqua, HashiCorp Enable Cloud Native Security, Zero-Trust Approaches

Aqua, HashiCorp Enable Cloud Native Security, Zero-Trust Approaches

We’re delighted to announce our recent achievement of Premier tier status in HashiCorp’s partner ecosystem – a significant milestone in helping our mutual customers automate security and compliance as part of the cloud journey, and more effectively manage risk by shifting security left, securing the software supply …

Continue reading ›
Trivy: The Universal Scanner to Secure Your Cloud Migration

Trivy: The Universal Scanner to Secure Your Cloud Migration

Application security teams are challenged today with the need for a centralized view of exposure to security issues like Log4j and Spring4Shell. But an exploding set of artifacts and security tools makes it prohibitively difficult to secure the development life cycle. A universal scanner drastically reduces this …

Continue reading ›
Threat Alert: Phishing as a Service to Ramp Up Supply Chain Attacks

Threat Alert: Phishing as a Service to Ramp Up Supply Chain Attacks

Threat actors are ramping up their game by deploying Phishing as a Service (PhaaS) to code and package managers (such as GitHub, PyPI, Ruby, NPM). This tactic circumvents Multi-Factor Authentication (MFA) mechanisms leading to session cookie hijacks and account takeovers. As we’ve learned in recent years, account …

Continue reading ›
Protecting Workloads Against Real-World Attacks With Ease

Protecting Workloads Against Real-World Attacks With Ease

Attackers are sophisticated, there is always a lag between zero days and mitigation, and production workloads are critical. So why is the adoption of runtime security for cloud native applications still lower than shift-left security practices for the same applications? 

Continue reading ›
Looking Ahead: 7 Cloud Native Security Predictions for 2022

Looking Ahead: 7 Cloud Native Security Predictions for 2022

It’s been an incredibly busy year for cloud native and security practitioners! As we wrap up 2021, it’s time to look at what will shape our industry in the year ahead. In that spirit, we asked experts from across the company to share their take on what’s coming next for cloud native security and what to expect in …

Continue reading ›
What is a CNAPP and How to Choose the Right One

What is a CNAPP and How to Choose the Right One

A prospect’s CISO recently asked me: “I’m facing a growing stream of vulnerabilities coming from our CI/CD pipelines on the one hand, while our SecOps team is flooded with alerts and configuration issues from our production environment. How do I reconcile those separate streams and focus on what’s really important?

Continue reading ›