Aqua Blog

CSPM

Five Misconfigurations Threatening Your AWS Environment Today

Five Misconfigurations Threatening Your AWS Environment Today

In the ever-expanding realm of AWS, with over 200 services at your disposal, securing your cloud account configurations and mastering complex environments can feel like an overwhelming challenge. To help you prioritize and root them out, we’ve put together a guide for AWS configurations that are most commonly …

Continue reading ›
Innovating Cloud Security: Why Aqua Leads in Gigaom CSPM Radar

Innovating Cloud Security: Why Aqua Leads in Gigaom CSPM Radar

What does it mean to be an innovator? Is it someone whose face and company are known? Whose product is the most popular? Who has the coolest ads or the most social media likes? According to the Oxford dictionary, an innovator is someone who introduces change and new ideas. At Aqua we have always thought of ourselves …

Continue reading ›
AI-Guided Remediation: Unify Teams and Speed Vulnerability Resolution

AI-Guided Remediation: Unify Teams and Speed Vulnerability Resolution

The Urgent Need for Rapid Remediation

The window of vulnerability after the discovery of a security issue has never been more critical than it is with cloud native applications. Why is that? Cloud apps move fast. With modern CI/CD processes, code can be pushed to production multiple times per day. This means that …

Continue reading ›
From Cloud Security Posture Management to Real-Time CSPM

From Cloud Security Posture Management to Real-Time CSPM

With the growing sophistication of cyber-attacks and increasing complexity of multi-cloud environments, partial visibility alone isn’t enough. Real-Time CSPM improves upon traditional CSPM by bringing deep, real-time context and prioritization to discovered issues. Providing you with complete visibility to reduce the …

Continue reading ›
Conquer Cloud Security Risk: Introducing Real-Time CSPM

Conquer Cloud Security Risk: Introducing Real-Time CSPM

What if someone handed you a static picture of a highway and asked you to drive using only the picture? Would you still drive even if you knew you could not see all the traffic around you? 

Yet traditional CSPM solutions show the state of your environment as a snapshot in time, usually once per day, only giving you …

Continue reading ›
Truth Revealed: Agentless Security is Not Real Security

Truth Revealed: Agentless Security is Not Real Security

Finally, the long-lasting “agentless vs. agent” debate is over. The inevitable result? If you want great cloud workload security, you need an agent. While many security professionals knew this from the start, plenty were misled into believing in the overhyped promise of agentless security. Why is this news? Because …

Continue reading ›
Triaging Trivy AWS Alerts with Postee and AWS Security Hub

Triaging Trivy AWS Alerts with Postee and AWS Security Hub

Security operators are getting overloaded with alerts and information coming from a variety of sources. Without proper automation and triage, this information often gets lost and unactioned upon. With Postee, this can be remediated with automating commonly taken operator actions ahead of time. 

Continue reading ›
Automate Cloud VM Compliance with Cloud Provider Tags and Labels

Automate Cloud VM Compliance with Cloud Provider Tags and Labels

Ensuring and monitoring compliance and security best practices policies at runtime can often be a barrier to both broader adoption of cloud native technologies and moving more cloud native applications into production at scale. Cloud provider attributes — tags, labels, and resource groups — are useful tools for …

Continue reading ›
What is a CNAPP and How to Choose the Right One

What is a CNAPP and How to Choose the Right One

A prospect’s CISO recently asked me: “I’m facing a growing stream of vulnerabilities coming from our CI/CD pipelines on the one hand, while our SecOps team is flooded with alerts and configuration issues from our production environment. How do I reconcile those separate streams and focus on what’s really important?

Continue reading ›
Key Requirements for CWPP (Cloud Workload Protection Platforms)

Key Requirements for CWPP (Cloud Workload Protection Platforms)

Cloud Workload Protection Platforms (CWPPs), now part of the emerging category of Cloud Native Application Protection Platforms (CNAPPs), are designed to secure different types of cloud workloads — such as VMs, containers, and serverless functions — deployed in public, hybrid, or multi-cloud environments. In this …

Continue reading ›
How Thoughtworks Manages Cloud Security and Container Vulnerabilities

How Thoughtworks Manages Cloud Security and Container Vulnerabilities

Many companies, in an effort to modernize their software and cloud tech stacks, are beginning to confront the challenges of managing security across multiple cross-functional, yet independent, teams - each with diverse tech stacks. One such example is Thoughtworks, a leading global technology consultancy that works …

Continue reading ›