SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Aqua Security unveils out-of-the-box runtime protection
Tue, 26th Jul 2022
FYI, this story is more than a year old

Aqua Security has launched out-of-the-box runtime protection with minimal configuration to stop attacks in real-time on running workloads.

Runtime Protection comprises new optimised and specially-tailored default security controls as well as advanced threat intel gained by observing real attacks on cloud-native environments.

The controls and threat intel that the pure-play cloud-native security provider has included in this offering is the culmination of knowledge gained through years of securing its customers' live production environments.

This offering allows customers to apply this knowledge to achieve trusted and advanced runtime protection in minutes without needing an in-depth understanding of their applications and environments.

Further, Aqua uses eBPF technology and threat intel from cyber research team Aqua Nautilus to identify advanced threats.

This enables the company to seek out the most crucial issues in real-time while also implementing a set of controls to protect running workloads straightaway without disrupting the business.

“Aqua is transforming the runtime security paradigm,” Aqua Security CTO and co-founder Amir Jerbi says.

“Traditional runtime security requires security teams to have a great deal of cloud-native knowledge and, as a result, has been slow to adopt.

“Aqua is removing this barrier to adoption by making cloud workload threat protection immediately effective and easy for security professionals.

Recent research from Nautilus found that one in three live attacks could be missed when relying exclusively on snapshot scanning of running workload images.

In addition, Nautilus found tens of thousands of instances of in-memory attacks and fileless attacks in a one-month period.

It also notes that these attacks would not be detected or prevented without kernel-level visibility.

On top of detecting abnormal behaviour in point-of-time snapshots, Aqua extends this capability to catching malicious behaviour of known and unknown threats in real-time, including both known CVEs and zero-day exploits that have not yet been discovered.

Aqua Nautilus detects and analyses 80,000 attacks a month using Aqua's open source eBPF-based threat detection engine, Aqua Tracee.

The new default controls in Aqua Runtime Protection are based on ongoing recommendations from Aqua Nautilus.

This results in real-time visibility at the kernel level that alerts customers the instant an attacker breaches a running workload, taking their dwell time down from months to milliseconds.

Gartner recently highlighted the significance of runtime security in a platform in its 2021 Market Guide for Cloud Workload Protection Platforms (CWPP).

“CWPP offerings should start by scanning for known vulnerabilities and risks in development. At runtime, they should protect workloads from attack, typically using a combination of system integrity protection, application control, behavioural monitoring, host-based intrusion prevention and optional anti-malware protection,” Gartner says in the guide.

Aqua's Runtime Protection offering is part of its fully integrated Cloud Native Application Protection Platform (CNAPP), the Aqua Platform.

The Aqua Platform's customers can also access the complete set of customisable, advanced runtime capabilities if and when they decide to define and implement more robust policies.

Key benefits of Aqua Runtime Protection include:

  • Being able to discover attacks instantly with continuously updated kernel-level behavioural detection, based on cloud-native threat research from Aqua Nautilus, along with years of experience securing customer workloads in production.
     
  • Respond faster and reduce attacker dwell time by stopping attacks with pattern-based anti-malware in production and the option to block or delete malware on access.
     
  • Make incident investigation more straightforward and quickly understand the impact and attack path of a security incident with a detailed incident timeline including rich contextual information.


“Unlike overly complex runtime solutions, legacy solutions not designed for cloud-native applications, or solutions that can't detect in real time, our goal with this release is to provide runtime security that is simple to deploy, giving effective real-time security out-of-the-box,” Jerbi adds.

“What this boils down to is that, unlike alternative solutions, Aqua's Platform will both detect sophisticated attacks and stop them in real time.

Aqua's out-of-the-box Runtime Protection is now available and will make an industry debut at AWS re:Inforce on July 26-27.