Aqua Blog

Runtime Security

AWS Fargate CaaS microenforcer

Revisiting AWS Fargate with Aqua 3.0

A few months ago I was lucky enough to get my hands on Fargate when it was in preview in the run-up to AWS re:invent. It was immediately clear that it’s a pretty cool concept, and that it presents a new challenge for security solutions like Aqua, because of the lack of a “host” entity on which you can deploy your …

Continue reading ›
ebpf vulnerability backdoor

eBPF Vulnerability (CVE-2017-16995): When the Doorman Becomes the Backdoor

Co-written by Nahman Khayet and Michael Cherny

eBPF Verifier Bypass Vulnerability

Around the last week of December a tweet by Bruce Leidl caught our eyes, since it said “Straight up unlimited R/W to all kernel memory”...

Continue reading ›
blog_AWS.png

Securing Container Workloads on AWS with Aqua

Many of our customers run container workloads on AWS - hardly surprising given Amazon’s lead position in the cloud market. But AWS also offers some distinct advantages to those running containers, including a set of highly-integrated services that take the pain away from managing deployments.

Continue reading ›
Azure container instances.png

Microsoft Launches Azure Container Instances: Aqua Is Ready to Secure Them

Yesterday Microsoft dropped a bombshell in containersphere, announcing Azure Container Instances, or ACI.

Continue reading ›
Red Hat OpenShift

Securing Containers on OpenShift

Red Hat OpenShift container platform is one of the popular and mature platforms for developing and managing container deployments. While it has many built-in security features, Aqua provides an additional layer of security both in development as well as for protecting containerized applications in runtime.

Continue reading ›
K8S_blog.png

Security Best Practices for Kubernetes: Redux

Last week I presented at the NY Kubernetes meetup on security best practices. 

Continue reading ›
Container Nano-Segmentation

Network Nano-Segmentation for Container Security in Aqua 2.0

Network segmentation is not a new concept in security. It’s been around for a while and is considered one of the most effective methods of limiting the “blast radius”, i.e., preventing extensive damage in case of an attack or a breach by limiting the attacker to a sealed-off segment of the network. In the era of …

Continue reading ›
BLog runc CVE

CVE-2016-9962: Run Container Run

RunC Like the Wind

Recently, an interesting vulnerability was discovered (CVE-2016-9962) that enables container escape to the host. The vulnerability stems from a bug found in opencontainers' runc code, which is used by several container engines, including Docker.  

Continue reading ›