Aqua Blog

Kubernetes Security

Kubernetes Version 1.26: An Overview

Kubernetes Version 1.26: An Overview

Kubernetes Version 1.26 was released with 37 new enhancements including 11 Stable, 10 Beta, 16 Alpha, and 12 features deprecated or removed. In this blog, we will highlight its most notable features and show how using Trivy will help you find deprecated Kubernetes resources.

Continue reading ›
Tracee Newly Released Rules Detect Attackers Out-of-the-Box

Tracee Newly Released Rules Detect Attackers Out-of-the-Box

Aqua Tracee is an open source runtime security and forensics tool for Linux. It can help you detect suspicious behavior at runtime using an extensive data collection engine and a sophisticated rules engine. You can further read about the development of Tracee in our blog The Story of Tracee: The Path to Runtime …

Continue reading ›
Trivy Now Supports NSA Kubernetes Compliance

Trivy Now Supports NSA Kubernetes Compliance

Trivy, the all-in-one open source security scanner, can scan your Kubernetes cluster as well as its running workloads for security issues. Trivy also has a native Kubernetes Operator for complete Kubernetes security posture management. These capabilities were covered in detail in our previous blog post Vulnerability …

Continue reading ›
Vulnerability Scanning: Trivy vs the Trivy Operator

Vulnerability Scanning: Trivy vs the Trivy Operator

Over the past few months Aqua Trivy, the all-in-one cloud native security scanner, has rapidly grown in features and tapped into new use cases. In this blog post, we will explore

Continue reading ›
Kubernetes Version 1.25: An Overview

Kubernetes Version 1.25: An Overview

Kubernetes Version 1.25 was released with 40 new enhancements including 13 Stable, 10 Beta, 15 Alpha, and 2 Deprecated. Join us as we present some of the notable features in this release, apply security with the Pod Security Admission (PSA), validate whether your cluster is using containerd, and give an overview of …

Continue reading ›
Intro to Fileless Malware in Containers

Intro to Fileless Malware in Containers

A fileless attack is a technique that takes incremental steps toward gaining control of your environment while remaining undetected. In a fileless attack, the malware is directly loaded into memory and executed, evading common defenses and static scanning. 

Continue reading ›
Securing Kubernetes Everywhere with EKS Anywhere (EKS-A) Bare Metal

Securing Kubernetes Everywhere with EKS Anywhere (EKS-A) Bare Metal

With the release of Amazon EKS Anywhere (EKS-A) Bare Metal, Amazon Web Services has expanded the choices of infrastructure to deploy EKS Anywhere clusters using on-premise bare metal servers as a deployment target. In support of this, Aqua has worked to ensure that as customers adopt EKS Anywhere to automate …

Continue reading ›
How to Secure Your Kubernetes Clusters with Trivy

How to Secure Your Kubernetes Clusters with Trivy

Last month at KubeCon Europe, we released new Kubernetes security scanning for Trivy. It allows you to scan running Kubernetes clusters and resources for misconfigurations directly through the Trivy CLI or by installing the Trivy Kubernetes Operator in a cluster. In this blog, we’ll demonstrate how to use Trivy to …

Continue reading ›
What’s New in Kubernetes Version 1.24

What’s New in Kubernetes Version 1.24

With another Kubernetes release upon us, there are, as ever, a load of new features to consider. These include features to help companies use Windows containers securely and improvements in Kubernetes’ supply chain security. In this post, we’ll take a look at some of the more significant features of this release.

Continue reading ›
2022 Cloud Native Threat Report: Key Trends in Cyber Attacks

2022 Cloud Native Threat Report: Key Trends in Cyber Attacks

As companies continue to adopt cloud native technologies at a rapid pace, an increasing number of cyber threats are targeting the cloud native environment. To defend against these threats, security practitioners must stay abreast of attackers’ evolving tactics, techniques, and procedures. For its 2022 Cloud Native …

Continue reading ›
Kubernetes RBAC: How to Avoid Privilege Escalation via Certificate Signing

Kubernetes RBAC: How to Avoid Privilege Escalation via Certificate Signing

Following on from our previous post on the risks of privilege escalation in Kubernetes via the node/proxy resource, we’re going to take a look at how users who have rights to the certificate signing request (CSR) API in Kubernetes might be able to use them to escalate their privileges in a cluster. In addition to …

Continue reading ›

Subscribe to Email Updates

Popular Posts

Filter by Topic

Show more...