Contactez-nous Suivez-nous sur Twitter En francais English Language

De la Théorie à la pratique

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



Aqua Security Unveils Industry-First Detection & Response for Zero-Day Attacks in Cloud Native Environments

October 2021 by Patrick LEBRETON

New Cloud Native Detection and Response (CNDR) uses a growing body of behavioural indicators from Aqua’s cyber research team, Nautilus, to detect patterns and respond with granular runtime controls

Aqua Security, the leading pure-play cloud native security provider, today unveiled the most powerful cloud native detection and response (CNDR) capabilities in the industry. CNDR uses a growing body of more than 80 behavioural indicators to identify zero-day attacks from low level eBPF events, which are surfaced by the open source project Tracee. The new detection capabilities, combined with Aqua’s unique runtime security controls, makes Aqua the only vendor that can both detect and granularly prevent malicious activity from spreading without disrupting the production environment.

Newly identified behavioural indicators

CNDR leverages continually updated, runtime behavioural indicators that are based on thousands of real-world attacks observed in the wild on cloud native environments, including Linux, Containers, Serverless and Kubernetes workloads. For example, a rootkit tactic that involves loading a malicious kernel, execution of fileless malware, reverse shell, etc.

In addition to behavioural indicators, Aqua’s threat intelligence includes IP and DNS reputation intel and a malware database, giving CNDR and Aqua’s customers access to the most complete threat intelligence feed for Cloud Native Application security.

Built on eBPF-based open source technology

Aqua CNDR is built on the open source project Tracee, which uses Linux eBPF technology to surface suspicious application behaviour at runtime. Tracee uniquely takes advantage of eBPF features that prevent circumvention by evaders and exploits, ensuring accurate detection of suspicious behaviour. Since its creation in 2019, Tracee has evolved from an open source system tracing tool into a robust runtime security solution for DevOps that includes a powerful eBPF engine, easy deployment, and a list of behavioural indicators to also identify malicious patterns and attacks from eBPF events.

A pioneer in cloud native detection and response

The addition of CNDR is a significant milestone in the industry and for Aqua Security, which already offers the most unified and integrated Cloud Native Application Protection Platform (CNAPP) on the market. While a small number of solutions leverage eBPF for observability and monitoring, they lack a broad set of continuously updated behavioural intelligence specific to novel attacks in cloud native environments. Aqua goes beyond mere detection to stop the detected attacks using its granular, highly focused runtime controls.

Additional releases:

Aqua is also adding new capabilities to its CNAPP, featuring:

- New Kubernetes assurance policies that provide coverage for a variety of vulnerabilities including known CVEs involving services, secrets in ConfigMaps, and overly permissive access to sensitive resources.

- Maximum platform flexibility with an option for increased cost/performance benefits with Kubernetes Security and scanning support for the new Power10 architecture on RedHat OpenShift.

- Lightweight, holistic, and streamlined visibility and management of cloud VMs.

- Manage, segment, filter and group VM workloads from the new VM workload screen using cloud provider attributes, tags, and labels

- Increase protection, visibility, and compliance for both containers and cloud VMs in one place with lightweight runtime malware scanning (based on pattern matching)

- More locality and compliance options as Aqua Dynamic Threat Analysis (DTA) sandboxes can now be run from multiple hosted locations around the globe

The Aqua API can now be leveraged to gain awareness of new security risks affecting previously scanned images (e.g., new vulnerabilities, change in severity) and to identify images that have been modified since their last scan.

See previous articles


See next articles