Aqua Blog

Container Security

affecting RunC and Docker  BLOG 650_315

Mitigating High Severity RunC Vulnerability (CVE-2019-5736)

Yesterday it was disclosed that a new high severity (CVSS score 7.2) vulnerability (CVE-2019-5736) was found in runc, that allows an attacker to potentially compromise the container host. Patches are already available from most providers (see below). Aqua customers can also prevent this vulnerability from being …

Continue reading ›
Docker Security best practices

Top Docker Security Best Practices

While Docker provides an efficient development and deployment environment, compromised Docker components can infect your entire infrastructure. Docker containers can be used as an access point to other containers and host systems. This cheat sheet lists the unique issues posed by Docker containers, how to safeguard …

Continue reading ›
Amazon-ECS-Workloads-On-Demand-BLOG650_315_S.png

How to Secure Amazon ECS Workloads On Demand

In support of Amazon’s announcement this week at re:Invent surrounding the new AWS Container Marketplace, we’ve made the Aqua Container Security Platform available for on-demand consumption (pay as you go), via the newly minted AWS Container category in the Marketplace. 

We have several new listings in the AWS …

Continue reading ›
Securing Container Images

Securing ISV-Provided Container Images

Containers make it very easy to package and deliver applications, so it’s not surprising that many ISVs (Independent Software Providers) are leading the trend of packaging their software, whether it’s commercial off-the-shelf (COTS) or custom-developed code, as container images. These images are then fed into the …

Continue reading ›
Container Secuirty

Report by Gartner Highlights Maturing Options for Securing Containers

Gartner recently released a Technical Professional Advice report titled Container Security -- From Image Analysis to Network Segmentation, Options Are Maturing* (by Joerg Fritsch and Michael Isbitski, 28 August 2018), with a detailed analysis of the space, including open source tools and commercial solutions.

We're …

Continue reading ›
Kubernetes security

Kube-hunter - an open source tool for Kubernetes penetration testing

Aqua released a free tool called kube-hunter to help with Kubernetes SecurityYou give it the IP or DNS name of your Kubernetes cluster, and kube-hunter probes for security issues - it’s like automated penetration testing. 

Continue reading ›
Aqua Integrates with Google’s Cloud Security Command Center

Aqua Integrates with Google’s Cloud Security Command Center

Good news for those of you running container workloads on GCP - we now provide a nice integration with Google's Cloud Security Command Center. The Cloud SCC provides a centralized, single-pane-of-glass view of all security data for GCP applications, and providing actionable insights. It includes things like access …

Continue reading ›
Taking a Comprehensive Approach to Container Security in 2018

Taking a Comprehensive Approach to Container Security in 2018 

In late 2016 we enlisted the help of security analysts and thought leaders Securosis to perform an in-depth best practices analysis of what companies should do to build a security program around containers. In the 14 months that passed, many things have evolved in the container (and now, cloud-native) ecosystem. So …

Continue reading ›
Protecting Hybrid-Cloud Workloads Lessons from ESG Survey

Protecting Hybrid-Cloud Workloads? Lessons from ESG Survey

Today’s #1 Attack: Zero-day exploits of new and previously unknown vulnerability in apps and OSs

Container Security Top Challenges: Lack of adequate and disparate security tools, vulnerabilities in images, and the need for granular access-control between containers

Continue reading ›
Cryptocurrency Miners Abusing Containers

Cryptocurrency Miners Abusing Containers: Anatomy of an (Attempted) Attack

This isn't a story about a Docker vulnerability; it's a story about how hackers are looking for unsecured Docker deployments where they can mine cryptocurrency. You shouldn't leave your Docker daemon unsecured  any more than you would leave your mail server unsecured.

We’ve heard many accounts of attempted …

Continue reading ›
meltdown_bg.png

Do Containers Provide Better Protection Against Meltdown and Spectre?

About Meltdown and Spectre

Following the trend of ‘branding’ vulnerabilities, Meltdown and Spectre vulnerabilities (CVE-2017-5754, CVE-2017-5753, and CVE-2017-5715) are ‘brand’ names given to currently known variants of vulnerabilities of a similar nature, related to speculative execution. The general idea is …

Continue reading ›

Subscribe to Email Updates

Popular Posts