Aqua News

“When you consider that a single cloud misconfiguration can expose organizations to severe cyber risk, such as data breaches, resource hijacking and denial of service attacks, the consequences of failing to address misconfiguration issues are all too real to ignore,” said Assaf Morag, Lead Data Analyst with Aqua’s Team Nautilus.

“The more people you have accessing [your cloud] and the more accounts you set up, the more you have to consider,” said Michelle Peterson, product owner of Benchmarks, the non-profit Center for Internet Security’s guidance on how to navigate the cloud service provider market. “It’s not just a small group [anymore] utilizing these resources, but …

Ehud Amiri, senior director of product management for Aqua Security, said the mystery is why so many of those misconfigured API and cloud services are not being fixed when organizations have the tools to discover them. Most of these issues stem from the simple fact that, in the era of the cloud, developers are using …

BOSTON – May 12, 2021 – Aqua Security, the pure-play cloud native security leader, today published new research from Team Nautilus revealing that a significant majority of companies that move to multi-cloud environments are not properly configuring their cloud-based services. According to new findings from Aqua’s “2021 Cloud Security Report: Cloud Configuration Risks Exposed”, these …

Entrepreneurs such as Dror Davidoff, co-founder of Aqua Security Software Ltd., which raised $135 million in March, are betting global shifts toward e-commerce, hybrid work and cloud computing will create new weak points for companies and shake up the vendor market. “The battlefield has changed completely,” he said.

Over 12 months, Aqua’s research team analysed anonymised cloud infrastructure data from hundreds of organizations. These were divided into SMBs and enterprises based on the volume of cloud resources they scanned. The findings show that less than one percent of enterprise organizations fixed all detected issues while less than eight percent of SMBs fixed them all. …

Container images, functions and packages are updated frequently using CI/CD (continuous integration/continuous delivery) pipelines, creating multiple opportunities for attackers to embed themselves into the process. Team Nautilus, Aqua’s cyber research team, has detected and analyzed attacks on CI SaaS environments that abused the CI process itself to gain access to cloud CPU time. From there, …

Any business could be the victim of the next-large scale cyberattack, and it’s the companies that treat this as an inevitability which will be better prepared and more able to protect themselves. The key to this is forensic analysis. Performing forensic analysis will give businesses valuable insights into vulnerabilities and the best steps to take …