Why Agent vs Agentless is a False Choice

Aqua Cloud Native Blog

Expert insight, best practices and advice on cloud native security, trends, threat intelligence and compliance.

Expert Insights
Why Agent vs Agentless is a False Choice
There are important decisions to be made across the entire journey to implementing a cloud native security strategy, from initial visibility to automation of prevention and response. This blog post will guide you through the implementation decisions across that journey, from initial, frictionless API based visibility to agents with deeper visibility and protection. Every team …
Read more
Expert Insights
Winning with Cloud Native Security: Joe Sexton on Why He Joined Aqua’s BOD
I’m thrilled to be joining the Aqua board of directors to drive the company’s aggressive growth and help enterprises all over the world accelerate their cloud journeys with a security-first mindset. Cloud native security is on a fast track to become a massive, important market, and I see Aqua as its clear winner. Leaving the …
Read more
KUBERNETES SECURITY
RBAC Virtual Verbs: Teaching Kubernetes to Educate Dolphins
Kubernetes’ role-based access control (RBAC) system is a cornerstone of cluster security. Most clusters use RBAC to determine which users have access to specific operations, and its core elements are well covered in the Kubernetes documentation. However, there are some less well-known features that could be relevant when creating or using tools designed to ensure …
Read more
SOFTWARE SUPPLY CHAIN SECURITY
Software Supply Chain Attacks: 2021 in Review
As CI/CD pipelines have become an increasingly popular attack vector, 2021 saw a huge rise in software supply chain attacks. With their number more than tripling in the past year, securing the software delivery process is one of the most urgent needs. In our latest study, we examine the top supply chain security threats that …
Read more
SECURITY RESEARCH
CVE-2022-0185 in Linux Kernel Can Allow Container Escape in Kubernetes
Last week, a new high-severity CVE was released that affects the Linux kernel. This vulnerability provides an opportunity for an attacker who has access to a system as an unprivileged user to escalate those rights to root. To do this, the attacker must have a specific Linux capability, CAP_SYS_ADMIN, which reduces the risk of breakout …
Read more
SECURITY RESEARCH
The Nightmare Before Christmas: Looking Back at Log4j Vulnerabilities
Last month, a zero-day vulnerability in the extremely popular Log4j logging framework overwhelmed the security community during the already busy end-of-year rush. Just keeping up with Log4j news and updates has been no easy task, let alone fixing the multiple vulnerabilities discovered almost daily. Organizations worked hard to apply patches for the original zero-day vulnerability, …
Read more
AQUA OPEN SOURCE
Welcome to Aqua’s Open Source Developer Slack Community!
We’re lucky to have an outstanding open source community with contributors who help us build leading open source cloud native security tools. Over the years, the community has in many ways shaped the direction of what we do. To drive this engagement further, we’re excited to launch our Slack workspace to make it easier for everyone …
Read more
SECURITY RESEARCH
CVE-2021-44832: New Arbitrary Code Execution Vulnerability in Log4j
Threat Alert
This holiday season, adversaries aren’t taking a vacation, massively exploiting multiple vulnerabilities in Log4j, a highly popular Java logging library. Amid the ongoing efforts of organizations to patch their vulnerable systems, a new Log4j vulnerability, tracked as CVE-2021-44832, has been discovered. It allows for an arbitrary code execution via JDBC Appender when an attacker can …
Read more
SECURITY RESEARCH
Threat Alert: Evolving Attack Techniques of Autom Cryptomining Campaign
Threat Alert
Over the past three years, we at Team Nautilus have been tracking an ongoing cryptomining campaign attacking our honeypots. It got the name Autom due to a shell script that was downloaded and that initiated the attack. Through the years, the campaign has evolved, demonstrating new techniques to hide the attack. In this blog, we …
Read more
SECURITY RESEARCH
Stopping a DreamBus Botnet Attack with Aqua’s CNDR
We recently came across a real-life scenario that is very common for organizations. A developer with admin access launched a cloud native application but made a mistake and misconfigured it with weak credentials. Just 12 hours later, the environment was attacked by the DreamBus botnet, which proceeded to evade defenses and run Kinsing malware and …
Read more
SECURITY RESEARCH
Threat Alert: Tracking Real-World Apache Log4j Attacks
This blog was co-authored with Ori Glassman, a security researcher at Aqua Security Until last week, Log4j was just a popular Java logging framework, one of the numerous components that run in the background of many modern web applications. But since a zero-day vulnerability (CVE-2021-44228) was published, Log4j has made a huge impact on the …
Read more
SOFTWARE SUPPLY CHAIN SECURITY
CVE-2021-45046: Second Log4j Security Vulnerability Discovered
Dec 17 update: The CVSSv3 score for CVE-2021-45046 has been raised from 3.7 to 9.0. While many organizations are still dealing with the discovery and mitigation process for the previous Log4j CVE, the project has announced that another vulnerability CVE-2021-45046 has been discovered due to an incomplete fix in Log4j 2.15.0. In response, a new …
Read more
Page 14 of 33‹ Prev101112131415161718Next ›
Need to secure enterprise workloads?
Aqua Cloud Native Application Protection Platform (CNAPP)
Go cloud native with the experts!
Get Demo
Aqua Security is the pioneer in securing containerized cloud native applications from development to production. Aqua's full lifecycle solution prevents attacks by enforcing pre-deployment hygiene and mitigates attacks in real time in production, reducing mean time to repair and overall business risk. The Aqua Platform, a Cloud Native Application Protection Platform (CNAPP), integrates security from Code to Cloud, combining the power of agent and agentless technology into a single solution. With enterprise scale that doesn’t slow development pipelines, Aqua secures your future in the cloud. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL protecting over 500 of the world’s largest enterprises.
Read Aqua Security reviews on G2

Use Cases

Environments

Partners

Resources

About Us

Get in Touch

Products

Get Started
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use | Cookie Settings |  
Accessibility Tools
Normal text size Medium text size Large text size
Normal display Black & White display High contrast display
Stop transitions and animations Underline Links