Not rendering correctly? View this email as a web page here.
APT-Techniques Used in Container Attacks; Top 10 K8s Hardening Techniques; Gartner 2021 Market Guide to CWPP; IBM Power10 Launched; OPA User Survey

Fall is upon us, and it's school time again! If you’re looking to learn about all things cloud native security, look no further. Get up-to-speed with the key requirements for protecting cloud workloads in the recent Gartner’s 2021 Market Guide for CWPP, check out the Top 10 Kubernetes security hardening techniques and our take on the NSA Kubernetes Hardening Guidance. Also, enjoy this wonderful beginners’ guide to Terraform and interesting takeaways from the OPA user survey. Keep on learning with us!

News You Can Use
Open Policy Agent 2021 Survey Summary OPA recently published a user survey that highlights the trends in user adoption. Kubernetes admission control continues to be the most common use case, with 54% of respondents running OPA to enforce policies on their clusters, while 25% use OPA for Terraform validation. Find more takeaways in the blog
IBM Unveils Next-Generation Power10 Servers for Hybrid Cloud IBM introduced the new Power E1080 server powered by the latest Power10 processors. It's designed for hybrid cloud environments to offer customers a frictionless and scalable hybrid cloud experience. We’ve teamed up with IBM to provide end-to-end cloud native security for this new generation of servers. Read more
Docker Desktop No Longer Free for Large Companies: New 'Business' Subscription is Here In search for a sustainable business model, Docker will restrict the use of the free version of Docker Desktop to individuals or small businesses. Organizations with more than 250 employees or more than $10 million in revenue now require a paid subscription. See the details on TheRegister.com
Terraform for Beginners The use of IaC (Infrastructure as Code) to provision cloud infrastructure easily and consistently is the new hotness in the world of software engineering. This beginners’ guide explains the basic concepts of Terraform, how to use it, and why it has gained a strong following over the last few years. Learn all about it on ITNext.io
A Visual Guide on Troubleshooting Kubernetes Deployments Troubleshooting in Kubernetes can be a daunting task if you don't know where to start. This detailed and thorough guide discusses some popular debugging techniques and provides an overview diagram to help you debug your deployments in Kubernetes. Check it out on LearnK8s.io
2021 HashiCorp State of Cloud Strategy Survey Multi-cloud is now an everyday reality, with 76% of respondents already employing a multi-cloud architecture. However, almost half of respondents named security concerns a top-three cloud inhibitor. Find out the key insights from HashiCorp’s first-ever State of Cloud Strategy Survey. See it here
KubeSec Enterprise vSummit - October 12, 2021
KubeSec Promo Banner

KubeSec Enterprise vSummit is a virtual full-day industry event entirely dedicated to the security of cloud native applications. It will host many insightful discussions with industry thought leaders, analysts, and guest speakers from prominent end-user and technology organizations.

Save your spot now

Aqua News

Threat Alert: Advanced Persistent Threat Techniques Used in Container Attacks Team Nautilus detected an intensive campaign that uses sophisticated APT-grade techniques usually leveraged by nation-state threat actors. During the campaign, attackers used rootkits to hide their presence and achieve persistence. In this post, we analyze how rootkits are used to attack cloud native environments. Read the blog

Top 10 Kubernetes Application Security Hardening Techniques A great way to address security risks early when deploying applications to Kubernetes is to apply security hardening to your application manifests during the development process. This post runs down 10 ways that developers can apply hardening to their applications. Check out the blog

A Closer Look into the NSA Kubernetes Hardening Guide In August, the NSA and CISA released the Kubernetes Hardening Guidance to help improve the security of this critical technology. In this blog, we provide an overview of the guide, highlight the key recommendations, and explore some of the guide’s challenges. Learn all about it

Case Study: Aqua’s SaaS Solution to Manage Container Vulnerabilities and Secure Cloud Accounts with Thoughtworks With the rapid pace of developing containerized software, Thoughtworks faced a challenge to securely manage multi-cloud configurations and scan containers for vulnerabilities. Find out how Aqua helps to secure their applications across clouds. See the case study

A Security Review of Docker Official Images: Which Do You Trust? Best practices recommend using the Docker Official Images to build secure containerized applications. However, our research reveals that you need to be careful when using them, as some are no longer fully maintained and can put your application at risk. Find more in the post

Securing Kubernetes Everywhere with EKS Anywhere AWS launched Amazon EKS Anywhere that enables you to easily create and operate Kubernetes clusters on-premises. Aqua’s customers can take advantage of EKS Anywhere with holistic K8s-native security and advanced K8s runtime protection for the applications deployed on managed clusters. Learn more

Buyer's Guide Checklist: A holistic approach to securing the cloud native stack
08-21 Buyers Guide Checklist 2021 1200x628-1

What capabilities do you need to secure modern applications deployed in dynamic container environments? Use our checklist to discover the key concepts of cloud native security and find out whether your strategy is up to scratch.

Download the checklist

Go cloud native with the experts!
See the Aqua Platform in action
Schedule a Demo
Aqua Cloud Native Security