When you’re running Kubernetes, how do you know whether it’s configured securely? Kubernetes is a complex system, with several control plane components, each of which has numerous configuration parameters. In some cases, it’s clear that a parameter will have a security impact – for example, providing keys and …

A new medium severity vulnerability in the open source Kubernetes has been disclosed (CVE-2019-1002100) that can, if exploited, lead to a denial-of-service on the K8s API server, which in turn may lead to the cluster becoming inoperable.

The best mitigation is to remove the “patch” permissions from untrusted users, …

In this series of blog posts we had an introduction to Istio, and an overview of its security features. This post completes the series with a look at how we can leverage Istio’s traffic control features to provide increased observability and control over the operation and deployment of our applications.

On Monday, “day 0” of this year’s KubeCon/CloudNativeCon, we held our first KubeSec Enterprise Summit event, co-located with KubeCon under the auspices of the CNCF. Aqua hosted the event together with our partners Red Hat and AWS. The event was over-subscribed, and we had to make special allowance for late …

This is the second in our series of blog posts on Istio, and will focus on Istio’s security features: what they are, how they work and how they help protect your workloads and your data.

Building, deploying and maintaining secure, cloud native software requires multiple overlapping solutions at different stages of …

Earlier this week, a severe vulnerability in Kubernetes (CVE-2018-1002105) was disclosed that allows an unauthenticated user to perform privilege escalation and gain full admin privileges on a cluster. The CVE was given the high severity score of 9.8 (out of 10) and it affects all Kubernetes versions from 1.0 …

KubeCon + CloudNativeCon North America is just around the corner, and looks like it is going to break attendance records, becoming the largest gathering of the Kubernetes and cloud native community ever!

Such massive adoption by large organizations in their production deployments, brings with it security and …

“When will Aqua support Pivotal Container Service (PKS)?” has become a recurring theme since we announced Aqua Security Scanner for PCF last spring. It seems many, many Pivotal Cloud Foundry PaaS customers are testing PKS, and more than a few are already in production.

Having been on the security infrastructure …

We just released a new free tool called kube-hunter. You give it the IP or DNS name of your Kubernetes cluster, and kube-hunter probes for security issues - it’s like automated penetration testing. 

We’re pleased to announce that the Aqua Container Security Platform is now available on the Google Cloud Marketplace. This is the industry’s first consumption-based security solution for containers, enabled for Kubernetes, providing full lifecycle container security from development to production.