Aqua Blog

Runtime Security

Combat Zero-Day Threats with Aqua’s New eBPF Lightning Enforcer

Combat Zero-Day Threats with Aqua’s New eBPF Lightning Enforcer

We are excited to announce the latest addition to our portfolio, our eBPF-based Aqua Lightning Enforcer. It’s designed for busy security professionals to detect zero-day attacks and sophisticated threats that occur in runtime. It utilizes eBPF technology, making it more effective, safer, and faster. The new Lightning …

Continue reading ›
Blog-Image--Tracee-Newly-Released-Rules-Detect-Attackers-Out-of-the-Box_

Tracee Newly Released Rules Detect Attackers Out-of-the-Box

Aqua Tracee is an open source runtime security and forensics tool for Linux. It can help you detect suspicious behavior at runtime using an extensive data collection engine and a sophisticated rules engine. You can further read about the development of Tracee in our blog The Story of Tracee: The Path to Runtime …

Continue reading ›
Detecting Drovorub's File Operations Hooking with Tracee

Detecting Drovorub's File Operations Hooking with Tracee

This blog was co-authored by Itamar MaoudaTwo years ago, the NSA (the United States' National Security Agency) revealed that Drovorub, an advanced Russian malware created by the GRU 85th GTsSS team, had been discovered targeting Linux systems. Drovorub works by introducing advanced techniques which can manipulate the …

Continue reading ›
Protecting Workloads Against Real-World Attacks with Ease

Protecting Workloads Against Real-World Attacks With Ease

Attackers are sophisticated, there is always a lag between zero days and mitigation, and production workloads are critical. So why is the adoption of runtime security for cloud native applications still lower than shift-left security practices for the same applications? 

Continue reading ›
Stopping a DreamBus Botnet Attack with Aqua’s CNDR

Stopping a DreamBus Botnet Attack with Aqua’s CNDR

We recently came across a real-life scenario that is very common for organizations. A developer with admin access launched a cloud native application but made a mistake and misconfigured it with weak credentials. Just 12 hours later, the environment was attacked by the DreamBus botnet, which proceeded to evade …

Continue reading ›
The Story of Tracee The Path to Runtime Security Tool

The Story of Tracee: The Path to Runtime Security Tool

eBPF technology is seeing strong growth, being widely adopted in the cloud native ecosystem for monitoring, networking, and security goals. At Aqua, along with being used in commercial products, eBPF powers our open source project Tracee to detect events in running containers.

Continue reading ›
Container runtime security

It’s About Time for Runtime: 2021 Cloud Native Security Survey

While container environments grow in size and complexity, many misconceptions persist about securing cloud native applications. Our latest survey reveals a huge knowledge gap around runtime security, with 97% of cloud native security practitioners still unaware of crucial container security principles. Here are the …

Continue reading ›
vshield

Detect and Prevent Exploits in Runtime with Vulnerability Shielding

A single vulnerability in one of the code dependencies can put an entire application at risk, yet 48% of organizations knowingly push vulnerable code into production regularly. With a heavy reliance on open source software to build applications, patching a myriad of vulnerabilities has become an extremely hard and …

Continue reading ›
Top 20 Docker Security Best Practices: Ultimate Guide

Top 20 Docker Security Best Practices: Ultimate Guide

While Docker has become synonymous with containers, various container tools and platforms have emerged to make the process of developing and running containers more efficient. Still, a lot of the same principles around Docker security apply for protecting container-based applications built with other tools as well. We …

Continue reading ›
Tracee

Automatically Secure Your CI/CD Pipelines Using Tracee GitHub Action

In my previous post, I covered how you can secure your CI/CD pipeline with Tracee from potentially malicious code executions. We’re now releasing Tracee GitHub Action, which makes using Tracee a plug-n-play experience and doesn’t require any prior knowledge of eBPF or Docker. We’re also introducing a new capability to …

Continue reading ›
LSM Hooks with Tracee

Using LSM Hooks with Tracee to Overcome Gaps with Syscall Tracing

Tracee is an open source runtime security and forensics tool for Linux, built to address common Linux security issues. By leveraging the advantages of Linux extended Berkeley Packet Filter (eBPF) technology to trace systems and applications at runtime, Tracee analyzes collected events to detect suspicious behavioral …

Continue reading ›

Subscribe to Email Updates

Popular Posts

Filter by Topic

Show more...