Not rendering correctly? View this email as a web page here.
New Gartner report: Containers & Kubernetes in Production, Aqua 4.0 enhances serverless security, Rancher introduces K3s, Runc Vulnerability still lingering, new Kubernetes API server vulnerability and more...

Container technology, and specifically Kubernetes has matured and many organizations are deploying them in production. This underscores the need to deal with security. The upcoming KubeSec conference in Barcelona will focus on that. Care to share your experiences? Call-for-Papers is open until April 5th.

newsletter_bullet Gartner Report: Best Practices for Running Containers and Kubernetes in Production The container ecosystem is immature and lacks operational best practices, but adoption of containers and Kubernetes is increasing for both legacy modernization and cloud-native applications. We outline best practices for I&O leaders to enable and expedite container deployment in production environments. Get your free copy ›
newsletter_bullet How ‘Secure’ Cloud Native Deployments Can Be Serverless, as implemented on public clouds, has a high degree of lock-in to a specific cloud vendor. This is true to some degree even with FaaS, but serverless explicitly encourages bringing in a variety of cloud provider services that are incompatible to varying degrees with other providers and on-premises solutions... Read on The News Stack ›
newsletter_bullet Istio: Canary Deployments, Dynamic Routing & Tracing This post completes the series with a look at how we can leverage Istio’s traffic control features to provide increased observability and control over the operation and deployment of our applications. The transparency Istio provides is its killer adoption-enabling feature. It also unlocks a plethora of operational and networking features that we’ll be exploring in this post. Read on Aqua Blog ›
newsletter_bullet Rancher: Introducing K3s: The Lightweight Kubernetes Distribution Built for the Edge k3s is packaged as a single binary which is about 40 megabytes in size. Bundled in that single binary is everything needed to run Kubernetes, including the container runtime and any important host utilities like iptables, socat, and du. The only OS dependencies are the Linux kernel itself and a proper dev, proc, and sysfs mounts...Read on Rancher Blog ›
newsletter_bullet Runc vuln still likely lingering in order to run an exploit, you only need to download software – a container – and run it on your premise. You don’t need extra permissions or extra privileges. You just need to run an innocent image from some public repository and run it inside the organisation. As soon as you do that, you are doomed. Watch this short demonstration of how the runc vulnerability can be exploited. 
newsletter_bullet 451 Bussiness impact brief: Security for Cloud-Native Compute Will Be Different Security concepts and security teams alike will need to evolve to support these new environments. This evolution should include enabling security teams to properly engage with application and operations teams on their terms, with security functionality being automatically enabled within DevOps CI/CD pipelines. The evolution should also include learning and supporting the new paradigms implicit to cloud-native compute. Get the brief ›
newsletter_bullet KubeSec 2019 Barcelona: Call-for-Papers A KubeCon co-located event focusing on security in cloud native environments, the needs of organizations with demanding security needs, and compliance requirements when deploying Kubernetes in production. Share your experiences of implementing Kubernetes and adjacent technologies in your organization and how you addressed security and compliance requirements. CFP closes on April 5th. Submit your proposal ›
Cloud Native Security: Leveraging real world experience from the trenches

Cloud native security
This two part webinar will help you navigate the cloud native landscape and evaluate cloud native security solutions. You will gain first hand knowledge from our solution architects who have worked on cloud native security deployments for Fortune 500 companies.
Part 1: How To Evaluate Cloud Native Security Solutions: What should you expect from a cloud native security platform. Discover whether your organization is ready for production Watch Now ›
Part 2: Leverage 3 Years of Valuable Experience Learn how to get the best return on your investment, see tested models of success, and watch how to scale up and out Watch On-demand ›
Aqua News

Securing-Serverless-Functions-blog-image Securing Serverless Functions with Aqua We’ve expanded into mitigation while adding many additional check points. The new version of Aqua Serverless Security gives enhanced protection without the need to embed our solution into the application source-code... Read On ›
Security_Informed_180_180 Aqua Security Unveils First-Of-Its-Kind Serverless Aqua 4.0 Cloud Security Platform Aqua’s comprehensive serverless security solution now includes a full chain of controls to discover functions across multiple cloud accounts, scan them for vulnerabilities, detect excessive permissions and configuration issues, and provide function assurance – preventing the execution of untrusted or high-risk functions based on defined policies. Read on Security Informed 
Serverless Security 57 Easy Steps to Secure Serverless Function Risks in serverless apps can largely be mitigated by using simple, automated steps in CI/CD pipelines, in both staging and production environments. In this webinar, we analyze the risks and attack vectors highlighted by OWASP and other research. We will show how Aqua’s serverless security solution addresses them. Watch on-demand ›
CVE 2019-1002100 Mitigating the Kubernetes API Server Patch Permission DoS Vulnerability (CVE-2019-1002100) Vulnerable versions of Kubernetes are v1.0.0-1.10.x, v1.11.0-1.11.7, v1.12.0-1.12.5, v1.13.0-1.13.3. We have upgraded kube-hunter, the K8s penetration testing tool, to ascertain whether or not your cluster is vulnerable. Read on the Aqua Blog ›
Container Security Kubernetes Master Class: Getting Your Hands "Dirty" in a Container Sandbox  This master class covers the background on the rise of "sandboxing" technology, examine and compare the different sandboxing initiatives, and demonstrate which attack types sandboxing/isolation technologies can or cannot mitigate. Take the Class ›
Webinar: Anatomy of Container Attack Vectors and Mitigations

Container security
Lessons learned from securing Fortune 500 enterprise deployments against both simple and sophisticated attacks. Join us on an investigative journey as we explore popular attack vectors that have been used to breach container-based environments, provide best practices and tools to mitigate them, and discuss associated business risks. Register to the session in your preferred time-zone Americas 4-17 @ 1pm ET  /  EMEA 4-18 @ 11:30 BST  /  
APAC  4-18 11:30 SGT

Ready to Secure your Cloud Native Apps?
The Aqua Cloud Native Security platform enables enterprises to secure their cloud native, container-based and serverless applications from development to production.
Contact Aqua