One of the key challenges in container image scanning is understanding where a vulnerability originated in an image, and who can fix it. Image layers allow us to do that, and Aqua’s scanner now allows us to pinpoint discovered vulnerabilities to a specific layer.
In previous crypto-mining attacks, we observed hackers investing little to no effort in hiding their malicious activities. They just ran the malicious container with all of its scripts and configuration files in clear text. This made the analysis of their malicious intent fairly easy.
Sometimes life, a.k.a., the internet, throws us a bone when it comes to running demonstrations on security tools.
Managing known vulnerabilities in container images has been one of the first issues to get the attention of organizations that adopt containers. Knowing what vulnerabilities (CVEs) lurk in your image code is important, but fixing or patching the images that contain vulnerabilities has been a challenge, since it’s …
Enterprise-grade solutions are expected to integrate with existing enterprise infrastructure, including providing SSO to authenticate users without requiring separate definitions of user identity and access credentials.
Now that containers have been around for a few years and have had their share of disclosed vulnerabilities, it’s time to revisit some of the more interesting ones and see if there’s a recurring theme or any underlying trend to highlight.
In their recent research note, “Top 10 Security Projects for 2019”*, Gartner analysts highlighted ten initiatives that Security and Risk Management leaders should implement or improve in 2019. Container security is on this list.
Yesterday it was disclosed that a new high severity (CVSS score 7.2) vulnerability (CVE-2019-5736) was found in runc, that allows an attacker to potentially compromise the container host. Patches are already available from most providers (see below). Aqua customers can also prevent this vulnerability from being …
While Docker provides an efficient development and deployment environment, compromised Docker components can infect your entire infrastructure. Docker containers can be used as an access point to other containers and host systems. This cheat sheet lists the unique issues posed by Docker containers, how to safeguard …
In support of Amazon’s announcement this week at re:Invent surrounding the new AWS Container Marketplace, we’ve made the Aqua Container Security Platform available for on-demand consumption (pay as you go), via the newly minted AWS Container category in the Marketplace.
We have several new listings in the AWS …
Containers make it very easy to package and deliver applications, so it’s not surprising that many ISVs (Independent Software Providers) are leading the trend of packaging their software, whether it’s commercial off-the-shelf (COTS) or custom-developed code, as container images. These images are then fed into the …