DEVOPSdigest

Aqua Security announced Aqua Dynamic Threat Analysis (DTA), a new product offering that protects container-based environments against sophisticated malware that can only be detected using dynamic analysis of a running container, and available as an option within Aqua's Cloud Native Security Platform (CSP).

The company also announced enhancements to its CSPM SaaS platform (based on its acquisition of CloudSploit in 2019), which now includes Aqua DTA, image vulnerability scanning, and expanded support for cloud environments.

Aqua DTA is currently available in preview, with general availability expected later this quarter.

"We've been seeing organized attacks that aim for cryptocurrency mining, credential theft, data exfiltration, or using containers for DDoS attacks," says Amir Jerbi, CTO and co-founder of Aqua. "To achieve these objectives, the container will exhibit a variety of suspicious behaviors, such as unpacking malicious payloads during runtime, opening reverse shell, executing malware from memory to avoid detection, connecting to known command & control servers, and more. By identifying these behaviors before deploying images, Aqua DTA 'shifts left' what used to be done only as a late response to incidents during runtime," he added.

Aqua DTA addresses these risks by automatically running images in a secure sandboxed environment, then analyzing, tracing, and classifying the detected behaviors. The sandbox prevents the malware from doing any harm to other workloads and resources on the host or network. Using Aqua DTA allows security and DevOps teams to improve the security of their software supply chain and reduce risk to runtime environments.

Aqua DTA is recommended to address the following needs:

- Approving public images and their open source packages – as part of the security policies of your software development life cycle (SDLC).

- Approving ISV's third-party Images – scanning third-party images from independent software vendors before introducing them into the organization.

- Pre-production security gate – scanning release candidate images before they are promoted to production from CI/CD pipelines or registries, as an added layer of protection.

- Analysis and forensics – quickly analyzing image runtime behavior to understand anomalies or perform forensics after a suspected incident.

Within Aqua's Cloud Native Security Platform, DTA can be configured to automatically scan only images within a specific scope, for example according to a label or within a named registry.

Aqua has also revamped its cloud security posture management (CSPM) solution, following its acquisition of CloudSploit in 2019. The new solution is now called Aqua CSPM, and includes Preview versions of both Aqua DTA, as well as integrated container image vulnerability scanning based on Aqua's Trivy open source scanner. The vulnerability scanner included in the preview currently supports AWS environments, with additional registry support planned throughout the year.

Aqua is the first and only solution that extends CSPM into cloud native security with an integrated offering that discovers container image registries, scans images for vulnerabilities, and detect hidden malware threats in a single, seamless workflow. These capabilities go beyond securing the cloud infrastructure to secure the applications running on it, typically the function of Cloud Workload Protection Platforms (CWPP).

Additional recent enhancements to Aqua CSPM include:

- General Availability of its support for Google Cloud and Oracle Cloud environments

- Scanning of Terraform templates in addition to the previously available AWS CloudFormation templates, enhancing security control over Infrastructure-as-Code (IaC) tooling

- Automated GDPR compliance reports, facilitating compliance with the European privacy requirements