Aqua Security has announced an out-of-the-box runtime protection solution with minimal configuration to stop attacks in real time on running workloads.
Protection includes new curated and optimised default security controls, plus advanced threat intel from observations of real attacks on cloud native environments. Both the controls and threat intel result from knowledge gained through years of securing customers’ live production environments.
Customers can now apply this knowledge to achieve trusted and advanced runtime protection in minutes without requiring in-depth knowledge of their applications and environments.
Using eBPF technology and threat intel from cyber research team Aqua Nautilus to identify advanced threats, Aqua surfaces the most critical issues in real time while also implementing a set of controls to protect running workloads immediately, without disrupting the business.
Amir Jerbi, CTO and co-founder, Aqua Security, said: “Aqua is transforming the runtime security paradigm. Traditional runtime security requires security teams to have a great deal of cloud native knowledge, and as a result has been slow to adopt.
“Aqua is removing this barrier to adoption by making cloud workload threat protection immediately effective and easy for security professionals.”
Recent data from Nautilus shows that one in three live attacks could be missed when relying exclusively on snapshot scanning of running workload images. Nautilus also found tens of thousands of instances of in-memory attacks and fileless attacks in a one-month period—attacks that would not be seen or stopped without kernel-level visibility.
Aqua’s detection of anomalous behaviour goes beyond point-in-time snapshots and catches malicious behaviour of known and unknown threats in real time—this includes both known CVEs and zero-day exploits that have yet to be discovered.
The new default runtime controls are based on ongoing recommendations from Aqua Nautilus, who detect and analyse 80,000 attacks a month using Aqua’s open source eBPF-based threat detection engine, Aqua Tracee. The result is real-time visibility at the kernel level that alerts customers the moment an attacker breaches a running workload, reducing attackers’ dwell time from months to milliseconds.
The importance of runtime security in a platform is noted in the 2021 Gartner® Market Guide for Cloud Workload Protection Platforms (CWPP). According to Gartner, “CWPP offerings should start by scanning for known vulnerabilities and risks in development. At runtime, they should protect workloads from attack, typically using a combination of system integrity protection, application control, behavioral monitoring, host-based intrusion prevention and optional anti-malware protection.”
Aqua’s Runtime Protection solution is part of Aqua’s fully integrated Cloud Native Application Protection Platform (CNAPP), the Aqua Platform. Customers of the Aqua Platform also have access to the entire, full set of customisable, advanced runtime capabilities if and when they decide to define and implement more stringent policies.
Key benefits of Aqua Runtime Protection include:
- Discover attacks immediately with continuously updated kernel-level behavioural detection. Updates are based on cloud native threat research from Aqua Nautilus along with years of experience securing customer workloads in production.
- Respond faster and reduce attacker dwell time by stopping attacks with pattern-based anti-malware in production and the option to block or delete malware on access.
- Simplify incident investigation and rapidly determine the impact and attack path of a security incident with a detailed incident timeline including rich contextual information.
“Unlike overly complex runtime solutions, legacy solutions not designed for cloud-native applications, or solutions that can’t detect in real time, our goal with this release is to provide runtime security that is simple to deploy, giving effective real-time security out-of-the-box,” said Jerbi. “What this boils down to is that, unlike alternative solutions, Aqua’s Platform will both detect sophisticated attacks and stop them in real time.”