Not rendering correctly? View this email as a web page here.
Kubernetes 1.22; Threat Alert: Supply Chain Attacks; IaC Security Scanning with Trivy; NSA K8s Hardening Guidance; KubeSec 2021 Registration is Open

Here's a roundup of the latest cloud native security news we gathered for you. Kubernetes 1.22 is out, bringing a few new features to improve the security of Kubernetes. On the threat front, Team Nautilus uncovered several supply chain attacks using container images that hijack resources to mine cryptocurrency. As Infrastructure-as-Code is rising in popularity, see how Trivy IaC security scanning can help you shift left and secure your environments before they are deployed.

News You Can Use
NSA, CISA Release Kubernetes Hardening Guidance The paper educates IT administrators about cloud security risks and provides best practices for implementing and maintaining Kubernetes. These include the scanning of containers and pods for vulnerabilities or misconfigurations, using network separation, running with the least privilege, and more.
See the details on CSO Online ›
eBPF Finds a Home with a New Foundation Facebook, Google, Isovalent, Microsoft and Netflix have joined forces to create the eBPF Foundation under the umbrella of the Linux Foundation, giving the eBPF project a vendor-neutral home for its future endeavors. Learn more on TheNewStack.io ›
The 2021 Stack Overflow Developer Survey Both Docker and Kubernetes are still growing in popularity: Docker is up to 55% among professional developers from 39% last year and Kubernetes is up to 20% from 13% last year. Read on for more insights about the attitudes, tools, and environments that are shaping software development today. Check it out ›
The What and Why of Cloud Native Security With the increasing adoption of cloud native principles, tools and platforms, security risks also increase, but they can be mitigated using security tools and DevSecOps principles. If you’re a newbie in cloud native security, this article provides a great overview. Find more on ContainerJournal ›
What is the Difference Between a Linux Container and an Image? In the container world, there is no more overused term than 'container', and each container tool can have slightly different concepts of their containers. This blog post by Red Hat explores why context is the key to understanding how container engines understand the terms container and image. Learn all about it ›
Security as Code: The Best (and Maybe Only) Path to Securing Cloud Applications and Systems “Security as code” (SaC) has been the most effective approach to securing cloud workloads with speed and agility. This article discusses the benefits of implementing the SaC approach and how it enables companies to create value in the cloud securely. Read more on McKinsey.com ›
2021 Cloud Native Security Survey
07-21 Runtime security report 1200x628 (1)-1

Our latest survey reveals a huge knowledge gap around runtime security, with 97% of respondents still unaware of crucial container security principles. Learn about the real challenges DevOps and security teams face when trying to achieve runtime protection.

Download the survey now ›

Aqua News

Threat Alert: Supply Chain Attacks Using Container Images Team Nautilus has uncovered several supply chain attacks that use malicious container images to compromise their victim. These images are hosted on Docker Hub and hijack organizations’ resources to mine cryptocurrency. Check out the analysis of the images and best practices for protecting against supply chain attacks. Read the threat alert ›

Kubernetes Version 1.22: Security Features You Need to Know Kubernetes is evolving fast, and the 1.22 release brings some new features to improve the security of Kubernetes. In this blog, we detail the security highlights of the new release, such as PodSecurity admission controller, the new sysctl support, support for rootless containers, and more. Check out the blog ›

Shifting Left: Infrastructure as Code security with Trivy As a major new feature, the latest version of Trivy, Aqua’s open source project, adds support for IaC security scanning, covering Docker, Kubernetes, and Terraform. This post explains how you can start using Trivy IaC scanning to shift left and secure your environments before they’re deployed. Learn all about it ›

Container Isolation: Is a Container a Security Boundary? One of the fundamental questions in container security is whether a container constitutes a security boundary. In this first part of a two-blog discussion, we take a look at the security boundary question and explore the challenges of setting up containers as a security boundary. See the blog ›

How Do Containers Contain? Container Isolation Techniques If you work with containers long enough, you already know that containers should not be considered as security boundaries. Various container isolation techniques have been constructed to help with these challenges and provide more stringent boundaries. Learn all about them ›

Case Study: How GitLab Innovates DevOps Security Using Aqua Trivy GitLab wanted to enhance its DevOps platform with a scanning engine to enable organizations to scan images in the CI pipeline, as well as scan containers in production. Learn why GitLab chose Aqua Trivy as the new default container scanner and how we work together to evolve container security for DevSecOps. Check out the case study or watch the video ›

KubeSec Enterprise vSummit 2021 – Registration is Open!
KubeSec Registration Now Open

KubeSec Enterprise vSummit will be a virtual event on October 12, 2021! It’s a full-day industry event entirely dedicated to the security of cloud native applications. It will bring together industry thought leaders, analysts, and guest speakers from many prominent end-user and technology organizations.

Register now ›

Go cloud native with the experts!
See the Aqua Platform in action
Schedule a Demo
Aqua Cloud Native Security