Not rendering correctly? View this email as a web page here.
Azure Container Instances, Docker Developer as Attack Vector and PII Protection in Container Environment

This month, read all about our Black Hat USA 2017 talk where we presented onstage a novel attack on Docker developers; Learn why we are so excited about the new Azure Container Instances and Join our upcoming webinar on securing Kubernetes environments:

  • Aqua researchers present new multi-stage attack vector on Docker containers at BlackHat
  • Learn all about Microsoft new Azure Container Instances
  • New blog on Protecting PII in Container Environments for PCI and GDPR Compliance
  • How Docker, Kubernetes and Apache Mesos complement and interact with each other
  • Join our webinar on securing Kubernetes environments

As always, you can contact us anytime contact@aquasec.com or follow us here @AquaSecTeam
News You Can Use
Microsoft joins Cloud Native Computing Foundation Microsoft joins Cloud Native Computing Foundation CNCF is a part of the Linux Foundation, which helps govern for a wide range of cloud-oriented OS projects, such as Kubernetes, Prometheus, OpenTracing, and many others. Read on Microsoft blog ›
How Amazon's EC2 Container Service is Growing in the Public Cloud Why the Kubernetes Kids can't hurt Bezos' Amazon beast
An interesting read on the "Anyone but Amazon" club. Read on The Register ›
Gartner Identifies the Top Technologies for Security in 2017 Gartner Identifies the Top Technologies for Security in 2017
And Container security is on that list! Read on Gartner newsroom ›
What is ACI? Microsoft’s Azure Container Instances explained What is ACI? Microsoft’s Azure Container Instances explained
Read all about Microsofts' latest “container as a service” which eliminates the need to create, deploy, and pay for, container hosts. Read on InfoWorld ›
Container security: The seven biggest mistakes companies are making Container security: The seven biggest mistakes companies are making Red Hat Chief Security Architect talks about most common mistakes companies are making Read more on HelpNetSecurity ›
Docker vs. Kubernetes vs. Apache Mesos: Why What You Think You Know is Probably Wrong Docker vs. Kubernetes vs. Apache Mesos: Why What You Think You Know is Probably Wrong Instead of comparing the overlapping features of these technologies, this article revisits each project’s original mission, architectures, and how they can complement and interact with each other. Read on Mesosphere blog
 
Protecting PII in Container Environments for PCI and GDPR Compliance
PII_PCI_compliance_4.png 
To address PII protection, we introduced in Aqua 2.5 the ability to create custom compliance checks that enable customers to identify security and compliance risks embedded in Docker images.

 

The new compliance checks are included in Aqua’s Image Assurance module, which manages the integrity, security, and compliance of container images from inception until deployment in production. This is enforced in the both CI pipeline and at runtime once the container is deployed into production.

 Read How Aqua Protects PII

 
  
Upcoming Events
webinar_securing_kubernetes_environment


Webinar: Securing Kubernetes Environment

In this webinar we will take a closer look at the CIS Kubernetes Benchmark, and discuss how Kubernetes users can apply best practices from the Benchmark in their own deployments. 

Register to our upcoming webinar to learn how to apply best practices in your Kubernetes deployments.

Register now ›
Aqua News
Malware? In my Docker container? It's more common than you think Malware? In my Docker container? It's more common than you think Researchers say software prisons can hide nasty attack payloads Read more here ›
Manifesto: A New Open Source Container Metadata Tool from Aqua Security Manifesto: A New Open Source Container Metadata Tool from Aqua Security
We have just released an open source project to help container users manage the metadata associated with their container images. Read here ›
Microsoft Launches Azure Container Instances: Aqua Is Ready to Secure Them

Microsoft Launches Azure Container Instances: Aqua Is Ready to Secure Them Read all about Microsoft bombshell in the containersphere with Azure Container Instances, or ACIRead on Aqua's blog ›
How to keep container secrets secret How to keep container secrets secret Keeping secrets secret in container-based applications is complex and challenging, but far from hopeless
Read article here ›
Aqua Security Recognized by CRN as 2017 Emerging Vendor in Security Aqua Security Recognized by CRN as 2017 Emerging Vendor in Security
CRN’s long standing list recognizes recently founded, up-and-coming technology suppliers that are shaping the future of the IT channel. Read full press release here ›
Presented at Black Hat USA 2017
Docker API whitepaper
How Abusing Docke API Lead to Remote Code Execution, Same Origin Bypass & Persistence in the Hypervisor via Shadow Containers

Containers are a major disruption in application technology, and as any new technology present new security challenges. Aqua researchers have identified two sophisticated attack vectors that target developers: we call these 'Host Rebinding' and 'Shadow Container' attacks. 

In this paper, which was presented on stage at Black Hat USA 2017, we describe the progression of a multi-stage attack in detail and recommend steps developers need to take to secure their containerized environments. 

   

Get the Whitepaper: How Abusing Docker API Led to Remote Code Exacution
security_digest_footer_cubes.png