With extensive hands-on experience in cloud native security, we founded Darkbit to help organizations address security risks in their ever-growing and changing cloud environments. As the next chapter in our journey, we’re now joining forces with Aqua to realize this shared vision, helping deliver best in class …
Insufficient access restrictions, permissive storage policies, and publicly exposed assets are only a few of the mistakes companies make when configuring their cloud infrastructure. The scale of the problem is mind-blowing, with 90% of organizations being vulnerable to security breaches due to cloud misconfigurations. …
BYOK (bring your own key) is a trusted method for restricting access to data through encryption keys provided by end-users. We took this concept to the next level by adding support for “bring your own bucket” (BYOB). This new model represents an innovative, cloud native approach for providing users with better control …
With 175 different services available on AWS alone, many enterprises are struggling to protect their large and increasingly complex cloud environments. To operate efficiently at scale, you need to continuously find and fix security issues across your entire cloud infrastructure. That’s where the concept of Cloud …
With dozens of key security configurations possible for EC2 alone, the number of configuration options in AWS can be overwhelming at times. While the complexity is rising, properly – and securely - configured cloud accounts are critical to keeping pace with dynamic infrastructure requirements for a cloud native …
As a major trend in 2020, enterprises have been increasingly adopting multi-cloud to elevate efficiency and maintain flexibility and independence. But multi-cloud environments are more complex and harder to secure, leading to more cloud service misconfigurations and breaches. Making matters worse, many organizations …
Each day, Aqua monitors millions of cloud infrastructure changes for misconfigurations, and control-plane events for security issues or malicious activity in our users’ cloud accounts. But we’ve learned that just identifying misconfigurations is not enough to protect cloud assets in a modern fast-paced environment. …
One thing that most researchers look for when investigating security breaches is whether or not there’s a common element. In the case of security breaches, the kill-chain for almost every cloud security breach we looked at involved the exploitation of misconfigured or mismanaged cloud infrastructure settings. The …
-profile-400-400-bluw.jpg?width=48&height=48&name=DrorDavidoff-Shirt-(77)-profile-400-400-bluw.jpg){kind=small}
In the four short years since we launched Aqua and started our cloud native journey, we have all experienced dramatic change. During this time, we brought several new products to market. We witnessed the rise of Docker, then its decline. We recognized the growing popularity of Kubernetes and pivoted our capabilities …
Two high-severity CVEs in the SaltStack platform were published last week by researchers at F-Secure. These vulnerabilities can enable remote code execution (RCE), which lets attackers remotely execute commands on the Salt leader node. This results in a full compromise of the host and can expose sensitive information …
Our customers challenged us to add Oracle Cloud Infrastructure (OCI) security to the list of public clouds that Aqua CSPM (aka CloudSploit) covers – and make it seamless. That meant giving our customers a singular view into the public cloud platforms they use, while maintaining the same level of control with …