Aqua Blog

Kubernetes Security

Uncover Malware Payload Executions Automatically with Tracee

We have some exciting news about two new features in Tracee, Aqua’s open source container and system tracing utility. Now, Tracee is much more than just a system call tracer, it’s a powerful tool that can be used to perform forensic investigations and dynamic analysis of binaries – both are incredibly useful when …

Continue reading ›
Aqua Risk Explorer

Visualize and Prioritize Risks in Kubernetes with Aqua Risk Explorer

If you’re running workloads on Kubernetes, one of the toughest things to understand is where you have security gaps. Yes, there are CIS benchmarks and configurations to tweak, but they are generalized and won’t highlight the risks in workloads that are actually running in your clusters. The Aqua Risk Explorer’s …

Continue reading ›
Starboard-blog650-315_2

Starboard: The Kubernetes-Native Toolkit for Unifying Security

There are lots of security tools in the cloud native world, created by Aqua and by others, for identifying and informing users about security issues in Kubernetes environments. However powerful and useful they might be, they tend to sit alongside Kubernetes, with each new product requiring users to learn a separate …

Continue reading ›
KubeQuery Blog Image650x315

Kube-Query: A Simpler Way to Query Your Kubernetes Clusters

osquery is a SQL powered operating system instrumentation, monitoring, and analytics tool that exposes an operating system as a relational database. Using SQL, you can run queries to gain the status of your entire infrastructure. What’s cool about osquery is how easy it is to use the SQL query interface. kube-query …

Continue reading ›
What's New in Kubernetes 1.17

Kubernetes 1.17 Features and Enhancements

Kubernetes 1.17 is here, and includes new features, fixes, and improvements. In this post, we will focus on several new features that Kubernetes 1.17 offers, including the Topology Aware Service routing, the Pod shared PID Namespace, scalability improvements by a new endpoint API, and more.

Continue reading ›
KubeSec Enterprise Summit San Diego 2019

Impressions from KubeSec, Our Third Enterprise Summit for K8s Security

Yesterday more than 300 cloud native professionals assembled for KubeSec, what has now become a fixture as a “day zero” event for KubeCon/CloudNativeCon. As with previous events, the emphasis was on end-user organizations’ experiences in securing production environments. While many technical aspects and best …

Continue reading ›
aqua open source security

Aqua Celebrates Open Source at Hacktoberfest

It’s that time of the year again - for some people October is a month of beer, and for others (like us) it’s hacking time! Hacktoberfest, named after the famous German festival Oktoberfest, is a wonderful initiative that invites developers from around the world to participate and contribute to Open Source. At Aqua, …

Continue reading ›
Kubernetes Security

DNS Spoofing on Kubernetes Clusters

In this post I’ll describe how an attacker, who manages to run malicious code on a cluster can, with no special permissive permissions, successfully spoof DNS responses to all the applications running on the cluster, and from there execute a MITM (Man In The Middle) on all network traffic of pods.

Continue reading ›

Kubernetes Pod Escape Using Log Mounts

Kubernetes has many moving parts, and sometimes combining them in certain ways can create unexpected security flaws. In this post you’ll see how a pod running as root and with a mount point to the node’s /var/log directory can expose the entire contents of its host filesystem to any user who has access to its logs. …

Continue reading ›
Hybrid Cloud security

Securing Hybrid Cloud Workloads on Google Anthos

There are major shifts happening around container technology. We have seen ongoing improvements in automation tooling and changes as fully containerized workloads move into production. Companies are often running more than one production Kubernetes cluster at a time.  DevOps and operations teams, subsequently, have …

Continue reading ›
Kubernetes Security

CVE-2019-11246: Another kubectl Path Traversal Vulnerability Disclosed

A new vulnerability (CVE-2019-11246) was disclosed that enables path traversal in kubectl, the popular command line interface for running commands on Kubernetes clusters. What’s interesting about this CVE is that we’ve already seen two previous variations of the same vulnerability disclosed and patched. Read on to …

Continue reading ›