SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Aqua launches pipeline integrity scanning to detect malware
Thu, 11th May 2023

Aqua Security, the provider of cloud-native security, has announced it added pipeline integrity scanning to prevent software supply chain attacks and assure CI/CD pipeline integrity.

Powered by eBPF technology, Aqua's pipeline integrity scanner detects and blocks suspicious behaviour and malware in real-time, preventing code tampering and countering threats in the software build process. The solution equips organisations to feel confident in strategically stopping the most aggressive software supply chain threats that produce massive attack surfaces.

With the rise of software supply chain attacks and a constantly changing threat landscape, organisations are now being held accountable for incorporating security best practices throughout their software development lifecycles.

Software integrity validation, one of these best practices, is a key requirement in major industry frameworks for supply chain security, including SLSA, NIST Secure Software Development Framework and the CIS Software Supply Chain Benchmark.

“SolarWinds demonstrated the catastrophic effects of compromising the integrity of the software build process and the critical need to continuously validate software integrity,” says Amir Jerbi, chief technology officer of Aqua Security. "Our new pipeline integrity scanner solves one of the industry's most urgent needs to ensure the integrity of the modern development process and prevent this destructive software supply chain attack."

Aqua's pipeline integrity scanner detects suspicious behaviour or malware characterising a supply chain attack. The capability also takes advantage of behavioural signatures produced by the Aqua Nautilus research team to detect zero-day threats based on cloud-native attacks in the wild.

After connecting to the build pipeline, pipeline integrity scanning allows developers to monitor the build pipeline and define a baseline for how the build operates. Teams can understand how their build pipeline runs and what is typical network activity, file access patterns and process activity in known suitable environments.

The solution also detects any drifts from the baseline. Once the baseline is established, the scanner can detect any drift from this state and alert teams on anything unusual and anomalous, including unexpected file modification, establishing communication with a suspicious URL, and usage of a dropped malicious executable to guarantee the integrity of the build process.

The integrity scanner minimises attack vectors. In addition, it closes security gaps in CI/CD pipelines by scanning continuously for pipeline drift. This allows teams to prevent code tampering in the earliest stages of the software build process and maintain dev tool integrity.

It helps set up assurance policies. For example, to scale safe development practices and ensure software integrity, assurance policies can be implemented to block the completion of new builds that show signs of suspicious activity. This allows developers to react where it is easier to fix in the development process.

“This is the first solution of its kind,” adds Jerbi. “Other software supply chain security tools focus only on code scanning or static analysis of build artifacts, such as a software bill of materials or SBOM. These are important but have proven insufficient to detect and stop supply chain attacks of this type.”

Aqua's pipeline integrity scanner leverages Tracee, the company's robust open-source runtime security and forensics sensor for Linux. Thanks to its lightweight capabilities, eBPF technology can provide visibility into the build's runtime and detect real-time threats with minimal disruption.

By detecting and stopping the drift of the original build through eBPF-based scanning and policies, teams can protect their software from unauthorised access and prevent advanced supply chain attacks.

“Aqua is the first to introduce this dynamic capability that complements its existing shift-left capabilities including code scanning, CI/CD posture management, and next-gen SBOM to provide customers with the most comprehensive protection on the market,” notes Jerbi. 

“Pipeline integrity scanning is part of its Software Supply Chain Security solution that secures code, all development infrastructure, and pipeline processes so that organisations can build and ship innovation faster and more securely. Delivered by the Aqua Cloud Security Platform, a cloud native application protection platform (CNAPP), it improves operational efficiency by connecting cloud to dev and tracing runtime risks to the code and developer who can fix them.”