Aqua Blog

CSPM

Conquer Cloud Security Risk: Introducing Real-Time CSPM

Conquer Cloud Security Risk: Introducing Real-Time CSPM

What if someone handed you a static picture of a highway and asked you to drive using only the picture? Would you still drive even if you knew you could not see all the traffic around you? 

Yet traditional CSPM solutions show the state of your environment as a snapshot in time, usually once per day, only giving you …

Continue reading ›
Truth Revealed: Agentless Security is Not Real Security

Truth Revealed: Agentless Security is Not Real Security

Finally, the long-lasting “agentless vs. agent” debate is over. The inevitable result? If you want great cloud workload security, you need an agent. While many security professionals knew this from the start, plenty were misled into believing in the overhyped promise of agentless security. Why is this news? Because …

Continue reading ›
Triaging Trivy AWS Alerts with Postee and AWS Security Hub

Triaging Trivy AWS Alerts with Postee and AWS Security Hub

Security operators are getting overloaded with alerts and information coming from a variety of sources. Without proper automation and triage, this information often gets lost and unactioned upon. With Postee, this can be remediated with automating commonly taken operator actions ahead of time. 

Continue reading ›
Automate Cloud VM Compliance with Cloud Provider Tags and Labels

Automate Cloud VM Compliance with Cloud Provider Tags and Labels

Ensuring and monitoring compliance and security best practices policies at runtime can often be a barrier to both broader adoption of cloud native technologies and moving more cloud native applications into production at scale. Cloud provider attributes — tags, labels, and resource groups — are useful tools for …

Continue reading ›
What is a CNAPP and How to Choose the Right One

What is a CNAPP and How to Choose the Right One

A prospect’s CISO recently asked me: “I’m facing a growing stream of vulnerabilities coming from our CI/CD pipelines on the one hand, while our SecOps team is flooded with alerts and configuration issues from our production environment. How do I reconcile those separate streams and focus on what’s really important?

Continue reading ›
Key Requirements for CWPP (Cloud Workload Protection Platforms)

Key Requirements for CWPP (Cloud Workload Protection Platforms)

Cloud Workload Protection Platforms (CWPPs), now part of the emerging category of Cloud Native Application Protection Platforms (CNAPPs), are designed to secure different types of cloud workloads — such as VMs, containers, and serverless functions — deployed in public, hybrid, or multi-cloud environments. In this …

Continue reading ›
How Thoughtworks Manages Cloud Security and Container Vulnerabilities

How Thoughtworks Manages Cloud Security and Container Vulnerabilities

Many companies, in an effort to modernize their software and cloud tech stacks, are beginning to confront the challenges of managing security across multiple cross-functional, yet independent, teams - each with diverse tech stacks. One such example is Thoughtworks, a leading global technology consultancy that works …

Continue reading ›
Bridging the Cloud Native Security Gap: Why Darkbit Joined Aqua

Bridging the Cloud Native Security Gap: Why Darkbit Joined Aqua

With extensive hands-on experience in cloud native security, we founded Darkbit to help organizations address security risks in their ever-growing and changing cloud environments. As the next chapter in our journey, we’re now joining forces with Aqua to realize this shared vision, helping deliver best in class …

Continue reading ›
Cloud Misconfigurations on the Rise: 2021 Cloud Security Report

Cloud Misconfigurations on the Rise: 2021 Cloud Security Report

Insufficient access restrictions, permissive storage policies, and publicly exposed assets are only a few of the mistakes companies make when configuring their cloud infrastructure. The scale of the problem is mind-blowing, with 90% of organizations being vulnerable to security breaches due to cloud misconfigurations. …

Continue reading ›
Aqua CSPM Takes BYOK Further with Bring Your Own (Storage) Bucket

Aqua CSPM Takes BYOK Further with Bring Your Own (Storage) Bucket

BYOK (bring your own key) is a trusted method for restricting access to data through encryption keys provided by end-users. We took this concept to the next level by adding support for “bring your own bucket” (BYOB). This new model represents an innovative, cloud native approach for providing users with better control …

Continue reading ›
The Essential Guide to CSPM: Improve Your Cloud Security Posture

The Essential Guide to CSPM: Improve Your Cloud Security Posture

With 175 different services available on AWS alone, many enterprises are struggling to protect their large and increasingly complex cloud environments. To operate efficiently at scale, you need to continuously find and fix security issues across your entire cloud infrastructure. That’s where the concept of Cloud …

Continue reading ›