Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Aqua Security announces Vulnerability Shield™, industry-first solution for detecting and blocking attempts to exploit container vulnerabilities

June 2019 by Pierre Kouliche

Latest Aqua release introduces advanced runtime protection for serverless applications

Aqua Security announced version 4.2 of its cloud native security platform (Aqua CSP). In April this year, Aqua announced that it had raised $62M in Series C funding, led by Insight Partners. The company has since accelerated its growth, investing heavily in research and development, and increasing its employee headcount by 30%. Aqua CSP 4.2 introduces the innovative Aqua Vulnerability Shield, a technology that detects and prevents attacks targeting known vulnerabilities in containers.

Aqua Vulnerability Shield (Aqua vShield) is a patent-pending technology that uses automated vulnerability and component analysis, combined with expert security research, to generate runtime policies that can detect and block access to vulnerable components in containers. While the container image code remains unchanged, this form of “virtual patching” acts as a shield against exploitation of the vulnerabilities. Aqua vShield can be activated for vulnerabilities found in scan results, and will automatically enable the relevant targeted runtime controls. Benefits of Aqua vShield include:
· Mitigating the risk of running vulnerable containers
· Easier prioritisation of vulnerable images to be patched by development teams
· Gaining visibility into vulnerability exploit attempts
· Improving compliance posture based on the use of compensating controls

Aqua 4.2 also introduces advanced runtime protection for serverless functions, providing security teams with the ability to detect and prevent potential misuse and abuse of cloud-based serverless functions. Using the new Aqua NanoEnforcer technology, these runtime controls are suited to the ephemeral nature of functions, with negligible impact on function invocation time or memory footprint. Key features include:
· Function drift prevention, blocking malicious code injection (“child processes”) from being added to a running function
· Blacklisting of forbidden executables, allowing security teams to control the types of executables that developers are allowed to include in functions
· Protecting serverless “/tmp” directories from unauthorised access and abuse
· Honeypots that detect malicious intent by luring attackers to access functions without any risk or threat to real assets or cloud accounts

The new offering rounds out Aqua’s serverless security functionality, which already includes scanning functions for vulnerabilities, permissions, and secrets; usage trend analysis and anomaly detection; and function assurance policies that prevent unapproved functions from running. Advanced runtime protection is currently available for AWS Lambda, with support for Azure Functions and Google Cloud Functions planned later this year.

Aqua 4.2 includes dozens of other new features and enhancements, among them:
· Container image scanning by layer, allowing developers to more easily isolate the root sources of security issues and vulnerabilities
· New Infrastructure view enables quick identification of unprotected clusters and hosts
· Native integration with Prometheus, the open source monitoring tool, and Harbor, the open source image registry


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts