Aqua Blog

Runtime Security

SystemCalls_Profiling_BLOG-315_650.png

Aqua 3.2: Preventing Container Breakouts with Dynamic System Call Profiling

Recently, IBM researchers weighed in on container isolation, having developed an algorithm for measuring how well it works, and reached the conclusion that "a Docker container with a well crafted seccomp profile (which blocks unexpected system calls) provides roughly equivalent security to a hypervisor."

Continue reading ›
AWS Fargate security

AWS Fargate Security with Sidecars

A few months ago we launched the Aqua MicroEnforcer, the first solution for providing runtime protection to a container running in Containers-as-a-Service platforms like AWS Fargate or Azure Container Instances. The mechanism I wrote about at the time involved building a protected version of a container image being …

Continue reading ›
Active_workload_blog_650x315_2-1

AWS Fargate Security, and The Importance of Immutability

Back in March we announced Aqua MicroEnforcer, a new deployment technology that enabled us to secure runtime workload running on AWS Fargate and Azure Container Instances. Since then we’ve seen a lot of interest from customers who see these services not only as a way to deploy containers on demand for spillover …

Continue reading ›
Kubernetes native security solution aqua

Kubernetes Security Deep-Dive

Since the second half of 2017, Kubernetes has been gaining momentum in adoption as well as in its ecosystem support. We see more and more enterprises choosing Kubernetes for the orchestration of their cloud native deployments. This is in no small part thanks to the many enterprise-grade features added in versions …

Continue reading ›
AWS Fargate CaaS microenforcer

Revisiting AWS Fargate with Aqua 3.0

A few months ago I was lucky enough to get my hands on Fargate when it was in preview in the run-up to AWS re:invent. It was immediately clear that it’s a pretty cool concept, and that it presents a new challenge for security solutions like Aqua, because of the lack of a “host” entity on which you can deploy your …

Continue reading ›
ebpf vulnerability backdoor

eBPF Vulnerability (CVE-2017-16995): When the Doorman Becomes the Backdoor

Co-written by Nahman Khayet and Michael Cherny

eBPF Verifier Bypass Vulnerability

Around the last week of December a tweet by Bruce Leidl caught our eyes, since it said “Straight up unlimited R/W to all kernel memory”...

Continue reading ›
blog_AWS.png

Securing Container Workloads on AWS with Aqua

Many of our customers run container workloads on AWS - hardly surprising given Amazon’s lead position in the cloud market. But AWS also offers some distinct advantages to those running containers, including a set of highly-integrated services that take the pain away from managing deployments.

Continue reading ›
Microsoft Launches Azure Container Instances

Microsoft Launches Azure Container Instances: Aqua Is Ready to Secure Them

Yesterday Microsoft dropped a bombshell in containersphere, announcing Azure Container Instances, or ACI.

Continue reading ›
Red Hat OpenShift

Securing Containers on OpenShift

Red Hat OpenShift container platform is one of the popular and mature platforms for developing and managing container deployments. While it has many built-in security features, Aqua provides an additional layer of security both in development as well as for protecting containerized applications in runtime.

Continue reading ›
Security Best Practices for Kubernetes Deployment

Security Best Practices for Kubernetes: Redux

Last week I presented at the NY Kubernetes meetup on security best practices. 

Continue reading ›
Container Nano-Segmentation

Network Nano-Segmentation for Container Security

Network segmentation is not a new concept in security. It’s been around for a while and is considered one of the most effective methods of limiting the “blast radius”, i.e., preventing extensive damage in case of an attack or a breach by limiting the attacker to a sealed-off segment of the network. In the era of …

Continue reading ›

Subscribe to Email Updates

Popular Posts