SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Aqua Security unveils new Lightning Enforcer offering
Wed, 16th Nov 2022
FYI, this story is more than a year old

Aqua Security has announced Lightning Enforcer, a new offering designed to stop zero-day attacks and protect critical vulnerabilities in production from being exposed until a patch can be applied.

The pure-play cloud-native security provider's new eBPF technology offers complete visibility into running workloads and equips security professionals with the means to quickly and easily spot and stop the most advanced attacks in real time.

"Shift left" security is a crucial component in preventing vulnerabilities, misconfigurations and supply chain threats from reaching production environments. However, sometimes this isn't enough, and this has resulted in a significant increase in zero-day vulnerabilities that are exploited in runtime.

A new "in the wild" exploit is discovered approximately every 17 days, with these incidents stressing the importance of runtime protection and reflecting that simple scanning is not enough.

"Last year, we saw the highest number of zero-days in history," says Amir Jerbi, CTO and Co-Founder, Aqua Security.

"As organisations around the globe strengthen their cybersecurity measures, threat actors are seeking out new attack vectors to evade detection, such as the identification and exploitation of previously unknown vulnerabilities.

"To combat this growing threat, Aqua is bringing to market an easy, safe solution for security teams to broadly deploy runtime security and prevent zero-days."

Snapshot-based workload scanning offers quick visibility with very little friction. But recent data from Aqua Nautilus shows that there is increased risk in relying only on snapshot scanning of running workload images.

Further, the Aqua Nautilus research team has seen in the past three months that in one-third of those cases, no file was written to disk or no attack carried out from memory, meaning these techniques could slip past undetected with a purely agentless solution.

With its origins in Linux, eBPF is a breakthrough technology capable of running sandboxed programs in an operating system kernel and is used to safely and efficiently broaden the kernel's capabilities without changing its source code or loading kernel modules.

Because eBPF is flexible, users can achieve kernel-level visibility without compromising execution efficiency or safety.

The benefits of the Aqua Lightning Enforcer include:

  • First and last line of defence against zero-day attacks
  • Frictionless threat detection at the kernel-level without the workload instability often found with traditional agents
  • Advanced malware detection helps meet regulatory mandates and compliance requirements
  • Small footprint and resource consumption
  • Application-agnostic deployment across all workloads

Aqua Security is the only vendor that offers a full suite of runtime options, and Lightning Enforcer completes Aqua's different levels of protection.

Overall, the company has three tiers of runtime protection, which allows customers to choose the appropriate protection for them in line with how fast and easy to use they need it to be.

These tiers include cloud workload scanning for simple and fast snapshot security, Lightning Enforcer for a higher level of security and quick value with very little configuration, and full-agent custom mode for the most technical teams who need the most advanced security.

The company's anomalous behaviour detecting extends past point-in-time snapshots to encompass the real-time catching of malicious behaviour of known and unknown threats, including both known vulnerabilities and zero-day exploits that have yet to be disclosed.

Aqua Security's Runtime Protection was built based on ongoing threat intelligence feeds from Aqua Nautilus, which detects and analyses 80,000 attacks per month using the company's open source eBPF-based threat detection engine, Aqua Tracee.

This results in real-time visibility that alerts customers the instant an attacker breaches a running workload, minimising the perpetrator's dwell time to milliseconds instead of months.

"Other security vendors are recognising that agentless simply can't deliver holistic cloud security," Jerbi says.

"Aqua has offered an agent-based solution since day one. We've incorporated years of innovation and research into our new Lightning Enforcer, allowing organisations to benefit from active protection that is simple and frictionless, complemented by Aqua's agentless scanning."