Severe Privilege Escalation Vulnerability in Kubernetes (CVE-2018-1002105)

Severe-Privilege--BLOG-650_315.png

Earlier this week, a severe vulnerability in Kubernetes (CVE-2018-1002105) was disclosed that allows an unauthenticated user to perform privilege escalation and gain full admin privileges on a[…]

Report by Gartner Highlights Maturing Options for Securing Containers

Container Secuirty

Gartner recently released a Technical Professional Advice report titled Container Security -- From Image Analysis to Network Segmentation, Options Are Maturing* (by Joerg Fritsch and Michael[…]

Out-of the-Box Policies Simplify Container Compliance

Container compliance policies

One of the challenges organizations have in using cloud-native technologies is in figuring out how compliance requirements translate into actionable control points. Most regulations predate[…]

Aqua 3.2: Preventing Container Breakouts with Dynamic System Call Profiling

SystemCalls_Profiling_BLOG-315_650.png

Recently, IBM researchers weighed in on container isolation, having developed an algorithm for measuring how well it works, and reached the conclusion that "a Docker container with a well crafted […]

Securing AWS Fargate with Sidecars

AWS Fargate security

A few months ago we launched the Aqua MicroEnforcer, the first solution for providing runtime protection to a container running in Containers-as-a-Service platforms like AWS Fargate or Azure[…]

Active Workload Protection on AWS Fargate, and The Importance of Immutability

Comtainer Security AWS Fargate

Back in March we announced Aqua MicroEnforcer, a new deployment technology that enabled us to secure runtime workload running on AWS Fargate and Azure Container Instances. Since then we’ve seen a[…]

Kubernetes Security Deep-Dive

Kubernetes native security solution aqua

Since the second half of 2017, Kubernetes has been gaining momentum in adoption as well as in its ecosystem support. We see more and more enterprises choosing Kubernetes for the orchestration of[…]

Revisiting AWS Fargate with Aqua 3.0

AWS Fargate CaaS microenforcer

A few months ago I was lucky enough to get my hands on Fargate when it was in preview in the run-up to AWS re:invent. It was immediately clear that it’s a pretty cool concept, and that it presents[…]

eBPF Vulnerability (CVE-2017-16995): When the Doorman Becomes the Backdoor

ebpf vulnerability backdoor

Co-written by Nahman Khayet and Michael Cherny

eBPF Verifier Bypass Vulnerability

Around the last week of December a tweet by Bruce Leidl caught our eyes, since it said “Straight up unlimited R/W[…]

Securing Container Workloads on AWS with Aqua

blog_AWS.png

Many of our customers run container workloads on AWS - hardly surprising given Amazon’s lead position in the cloud market. But AWS also offers some distinct advantages to those running containers,[…]

Subscribe to Email Updates