Aqua Blog

Serverless-Security

How Thoughtworks Manages Cloud Security and Container Vulnerabilities

How Thoughtworks Manages Cloud Security and Container Vulnerabilities

Many companies, in an effort to modernize their software and cloud tech stacks, are beginning to confront the challenges of managing security across multiple cross-functional, yet independent, teams - each with diverse tech stacks. One such example is Thoughtworks, a leading global technology consultancy that works …

Continue reading ›
Aqua Secures Container Image Support in AWS Lambda

Aqua Secures Container Image Support in AWS Lambda

Amazon continues to build new capabilities into its serverless operational mode and has launched container image support in AWS Lambda. It enables packaging and deploying Lambda functions as container images. Building on our strong partnership with AWS and our desire to offer the most complete cloud-native security …

Continue reading ›
What You Need to Know About AWS Lambda Functions Risk Mitigation

What You Need to Know About AWS Lambda Functions Risk Mitigation

With serverless functions architecture gaining in popularity, it is also becoming clear that the architecture is not without its security drawbacks. Overly permissive permissions, vulnerability in the functions’ code, and embedded secrets could all be exploited. Despite being event-triggered and ephemeral by nature, …

Continue reading ›
Performance-Optimized Runtime Protection for Serverless Functions

Performance-Optimized Runtime Protection for Serverless Functions

In order to protect serverless functions while they are running, you need to consider the very short execution times and ensure that you’re not slowing down applications or increasing cloud usage costs. In Aqua CSP 4.2, we’ve now introduced advanced runtime protection that does just that, while complementing our …

Continue reading ›
Knative: The Serverless Environment for Kubernetes Fans

Knative: The Serverless Environment for Kubernetes Fans

Knative is the newest member of serverless environments that is gaining significant interest and generating a great deal of hype in the Kubernetes/Cloud Native community. It’s an open source framework that was designed to enable the development and deployment of container-based serverless applications that are easy to …

Continue reading ›
Securing Serverless Functions with Aqua

Securing Serverless Functions with Aqua

Serverless is generating significant interest and hype, backed up by real-world adoption, and creating a need for better security controls. I've been working with our customers to create the right approach and tooling to protect their FaaS environments ,and from this research, given the extremely short duration of …

Continue reading ›
Amazon Firecracker: Isolating Serverless Containers and Functions

Amazon Firecracker: Isolating Serverless Containers and Functions

Infrastructure protection, sandboxed containers, MicroVM hypervisors– these are interchangeable terms describing emerging technologies to isolate micro-services from their underlying infrastructure. These isolation technologies aim to protect the underlying host that runs containers and functions against malicious …

Continue reading ›
Serverless Security: The Importance of FaaS Risk Assessment

Serverless Security: The Importance of FaaS Risk Assessment

In my previous blog, I discussed the serverless services spectrum and the unique security considerations of serverless functions. In this post, I’d like to elaborate on the importance of preliminary risk assessment checks and their contribution to an effective security strategy, based on lessons learned in …

Continue reading ›
Istio: The Enterprise Upgrade Path to Microservices

Istio: The Enterprise Upgrade Path to Microservices

Istio, Google’s open source project for large scale, containerized application management was released in May 2017 and has undergone rapid development since then, culminating in the landmark 1.0 release in July 2018. In this blog post we will be exploring what Istio is, how it works and how to adopt it. In subsequent …

Continue reading ›
Securing Serverless: Persistent Security for Ephemeral Environments

Securing Serverless: Persistent Security for Ephemeral Environments

Cloud native workloads terminology is used a lot these days to describe new technologies and deployment models of applications in the cloud universe. Serverless is a notable example of such cloud native-workloads: it prioritizes simplicity and agility over compatibility, control, and performance SLAs. It’s a …

Continue reading ›
Out-of the-Box Policies Simplify Container Compliance

Out-of the-Box Policies Simplify Container Compliance

One of the challenges organizations have in using cloud native technologies is in figuring out how compliance requirements translate into actionable control points. Most regulations predate containers and serverless technologies and don’t have specific articles governing the use of such technologies.

We recently …

Continue reading ›