26 Jul 2022

Aqua Security, the pure-play cloud-native security provider announced the launch of out-of-the-box runtime protection with minimal configuration to stop attacks in real-time on running workloads.

Protection

Protection is composed of new curated and optimised default security controls, as well as advanced threat intel from observations of real attacks on cloud-native environments.

Both the controls and threat intel are the result of knowledge gained through years of securing customers’ live production environments. Customers can apply this knowledge to achieve trusted and advanced runtime protection in minutes without requiring in-depth knowledge of their applications and environments. 

Cloud workload threat protection

Aqua is adopting cloud workload threat protection immediately effective and easy for security professionals"

Using eBPF technology and threat intel from cyber research team Aqua Nautilus to identify advanced threats, Aqua surfaces the most critical issues in real-time while also implementing a set of controls to protect running workloads immediately, without disrupting the business. “Aqua is transforming the runtime security paradigm,” said Amir Jerbi, CTO and co-founder, of Aqua Security.

Traditional runtime security requires security teams to have a great deal of cloud-native knowledge, and as a result has been slow to adopt. Aqua is removing this barrier to adoption by making cloud workload threat protection immediately effective and easy for security professionals.”

Absence of visibility

Recent data from Nautilus shows that one in three live attacks could be missed when relying exclusively on snapshot scanning of running workload images.

Nautilus also found tens of thousands of instances of in-memory attacks and file-less attacks in one-month attacks that would not be seen or stopped without kernel-level visibility. 

Stopping attacks in real-time  

Aqua Nautilus detects and analyses 80,000 attacks a month using Aqua’s open source eBPF-based Aqua Tracee

Aqua’s detection of anomalous behaviour goes beyond point-in-time snapshots and catches malicious behaviour of known and unknown threats in real-time this includes both known CVEs and zero-day exploits that have yet to be discovered.

The new default runtime controls are based on ongoing recommendations from Aqua Nautilus, who detect and analyse 80,000 attacks a month using Aqua’s open source eBPF-based threat detection engine, Aqua Tracee.  The result is real-time visibility at the kernel level that alerts customers the moment an attacker breaches a running workload, reducing attackers’ dwell time from months to milliseconds. 

Recognition in Gartner’s Guide

The importance of runtime security in a platform is highlighted in Gartner’s Market Guide for Cloud Workload Protection Platforms (CWPP).

According to Gartner, “CWPP offerings should start by scanning for known vulnerabilities and risks in development. At runtime, they should protect workloads from attack, typically using a combination of system integrity protection, application control, behavioural monitoring, host-based intrusion prevention, and optional anti-malware protection.”

Cloud Native Application Protection Platform

Aqua’s Runtime Protection solution is part of Aqua’s fully integrated Cloud Native Application Protection Platform (CNAPP), the Aqua Platform. Customers of the Aqua Platform also have access to the entire, full set of customisable, advanced runtime capabilities if and when they decide to define and implement more stringent policies. 

Key benefits of Aqua Runtime Protection include: 

  • Discover attacks immediately with continuously updated kernel-level behavioural detection. Updates are based on cloud-native threat research from Aqua Nautilus along with years of experience securing customer workloads in production. 
  • Respond faster and reduce attacker dwell time by stopping attacks with pattern-based anti-malware in production and the option to block or delete malware on access.
  • Simplify incident investigation and rapidly determine the impact and attack path of a security incident with a detailed incident timeline including rich contextual information.

A simple and effective security solution

Unlike overly complex runtime solutions, legacy solutions not designed for cloud-native applications, or solutions that can’t detect in real-time, our goal with this release is to provide runtime security that is simple to deploy, giving you effective real-time security out-of-the-box,” said Jerbi.

What this boils down to is that, unlike alternative solutions, Aqua’s Platform will both detect sophisticated attacks and stop them in real-time.” Aqua’s out-of-the-box Runtime Protection is available and will make an industry debut at AWS re: Inforce on July 26-27 in Boston at Booth 104.