With dozens of key security configurations possible for EC2 alone, the number of configuration options in AWS can be overwhelming at times. While the complexity is rising, properly – and securely - configured cloud accounts are critical to keeping pace with dynamic infrastructure requirements for a cloud native …
As a major trend in 2020, enterprises have been increasingly adopting multi-cloud to elevate efficiency and maintain flexibility and independence. But multi-cloud environments are more complex and harder to secure, leading to more cloud service misconfigurations and breaches. Making matters worse, many organizations …
Each day, Aqua monitors millions of cloud infrastructure changes for misconfigurations, and control-plane events for security issues or malicious activity in our users’ cloud accounts. But we’ve learned that just identifying misconfigurations is not enough to protect cloud assets in a modern fast-paced environment. …
One thing that most researchers look for when investigating security breaches is whether or not there’s a common element. In the case of security breaches, the kill-chain for almost every cloud security breach we looked at involved the exploitation of misconfigured or mismanaged cloud infrastructure settings. The …
-profile-400-400-bluw.jpg?width=48&height=48&name=DrorDavidoff-Shirt-(77)-profile-400-400-bluw.jpg){kind=small}
In the four short years since we launched Aqua and started our cloud native journey, we have all experienced dramatic change. During this time, we brought several new products to market. We witnessed the rise of Docker, then its decline. We recognized the growing popularity of Kubernetes and pivoted our capabilities …
Two high-severity CVEs in the SaltStack platform were published last week by researchers at F-Secure. These vulnerabilities can enable remote code execution (RCE), which lets attackers remotely execute commands on the Salt leader node. This results in a full compromise of the host and can expose sensitive information …
Our customers challenged us to add Oracle Cloud Infrastructure (OCI) security to the list of public clouds that Aqua CSPM (aka CloudSploit) covers – and make it seamless. That meant giving our customers a singular view into the public cloud platforms they use, while maintaining the same level of control with …
With serverless functions architecture gaining in popularity, it is also becoming clear that the architecture is not without its security drawbacks. Overly permissive permissions, vulnerability in the functions’ code, and embedded secrets could all be exploited. Despite being event-triggered and ephemeral by nature, …
Aqua Security announced the general availability of CloudSploit by Aqua for Google Cloud Platform (GCP). This release comes after an extended beta program, during which we worked closely with our customers to develop and deliver a robust set of out-of-the-box policies for GCP. This release also includes a Center for …
A CloudSploit Case Study: Trek10's Three AWS Cloud Security Concerns & One Solution
November 14, 2019
With all the security breaches that occurred on AWS in 2017, be they caused by poorly managed Amazon S3 permissions to inadequate security group configurations, we have seen that no company or government agency is above making simple mistakes. This post will explain three areas of security we’ve noticed many AWS …
IT spend on public cloud will more than double by 2023 (IDC) and hybrid multi-clouds will soon be the more common environment for enterprises. The benefits of using cloud infrastructure including the ability to scale, ease of use and speed of application delivery are too attractive to ignore, however, the complexity …