Aqua Blog
Experts insight, best practices and advice on cloud native security, trends, threat intelligence and compliance
container security

Vulnerabilities in the Container Ecosystem: A Brief History

Now that containers have been around for a few years and have had their share of disclosed vulnerabilities, it’s time to revisit some of the more interesting ones and see if there’s a recurring theme or any underlying trend to highlight.

Continue reading ›
Gartner--Container-Security2--BLOG-650_315

Gartner Names Container Security Among Top 10 Security Projects for 2019

In their recent research note, “Top 10 Security Projects for 2019”*, Gartner analysts highlighted ten initiatives that Security and Risk Management leaders should implement or improve in 2019. Container security is on this list.

Continue reading ›
affecting RunC and Docker  BLOG 650_315

Mitigating High Severity RunC Vulnerability (CVE-2019-5736)

Yesterday it was disclosed that a new high severity (CVSS score 7.2) vulnerability (CVE-2019-5736) was found in runc, that allows an attacker to potentially compromise the container host. Patches are already available from most providers (see below). Aqua customers can also prevent this vulnerability from being …

Continue reading ›
Amazon-ECS-Workloads-On-Demand-BLOG650_315_S.png

How to Secure Amazon ECS Workloads On Demand

In support of Amazon’s announcement this week at re:Invent surrounding the new AWS Container Marketplace, we’ve made the Aqua Container Security Platform available for on-demand consumption (pay as you go), via the newly minted AWS Container category in the Marketplace. 

We have several new listings in the AWS …

Continue reading ›
Container security

Securing ISV-Provided Container Images

Containers make it very easy to package and deliver applications, so it’s not surprising that many ISVs (Independent Software Providers) are leading the trend of packaging their software, whether it’s commercial off-the-shelf (COTS) or custom-developed code, as container images. These images are then fed into the …

Continue reading ›
Container Secuirty

Report by Gartner Highlights Maturing Options for Securing Containers

Gartner recently released a Technical Professional Advice report titled Container Security -- From Image Analysis to Network Segmentation, Options Are Maturing* (by Joerg Fritsch and Michael Isbitski, 28 August 2018), with a detailed analysis of the space, including open source tools and commercial solutions.

We're …

Continue reading ›
Kubernetes security

Kube-hunter - an open source tool for Kubernetes penetration testing

Aqua released a free tool called kube-hunter to help with Kubernetes SecurityYou give it the IP or DNS name of your Kubernetes cluster, and kube-hunter probes for security issues - it’s like automated penetration testing. 

Continue reading ›
Aqua Integrates with Google’s Cloud Security Command Center (7).png

Aqua Integrates with Google’s Cloud Security Command Center

Good news for those of you running container workloads on GCP - we now provide a nice integration with Google's Cloud Security Command Center. The Cloud SCC provides a centralized, single-pane-of-glass view of all security data for GCP applications, and providing actionable insights. It includes things like access …

Continue reading ›
Taking a Comprehensive Approach to Container Security in 2018 (1).png

Taking a Comprehensive Approach to Container Security in 2018 

In late 2016 we enlisted the help of security analysts and thought leaders Securosis to perform an in-depth best practices analysis of what companies should do to build a security program around containers. In the 14 months that passed, many things have evolved in the container (and now, cloud-native) ecosystem. So …

Continue reading ›
Protecting Hybrid-Cloud Workloads Lessons from ESG Survey

Protecting Hybrid-Cloud Workloads? Lessons from ESG Survey

Today’s #1 Attack: Zero-day exploits of new and previously unknown vulnerability in apps and OSs

Container Security Top Challenges: Lack of adequate and disparate security tools, vulnerabilities in images, and the need for granular access-control between containers

Continue reading ›
Cryptocurrency Miners Abusing Containers

Cryptocurrency Miners Abusing Containers: Anatomy of an (Attempted) Attack

This isn't a story about a Docker vulnerability; it's a story about how hackers are looking for unsecured Docker deployments where they can mine cryptocurrency. You shouldn't leave your Docker daemon unsecured  any more than you would leave your mail server unsecured.

We’ve heard many accounts of attempted …

Continue reading ›

Subscribe to Email Updates

Popular Posts