Aqua Dynamic Threat Analysis Debuts
April 22, 2020
Dynamic Threat Analysis (DTA), a new product
offering that protects container-based
environments against sophisticated malware
that can only be detected using dynamic
analysis of a running container, and
available as an option within Aqua’s Cloud
Native Security Platform (CSP). The company
also announced enhancements to its CSPM SaaS
platform (based on its acquisition of
CloudSploit in 2019), which now includes
Aqua DTA, image vulnerability scanning, and
expanded support for cloud environments.
Over the past year, the Aqua Security cyber
research team has uncovered increasingly
sophisticated attacks on containers that use
obfuscation and evasion techniques to avoid
detection by static scanners. Such attacks
utilize novel, innocuous-looking images to
embed their own code, which is often
encrypted or deployed as polymorphic malware
to avoid detection. The malicious behavior
of the image can only be observed when it
runs as a container.
Approving ISV’s third-party Images – scanning third-party images from independent software vendors before introducing them into the organization.
Pre-production security gate – scanning release candidate images before they are promoted to production from CI/CD pipelines or registries, as an added layer of protection.
Analysis and forensics – quickly analyzing image runtime behavior to understand anomalies or perform forensics after a suspected incident.
Within Aqua’s Cloud Native Security
Platform, DTA can be configured to
automatically scan only images within a
specific scope, for example according to a
label or within a named registry.
has also revamped its cloud security posture
management (CSPM) solution, following its
acquisition of CloudSploit in 2019. The new
solution is now called Aqua CSPM, and
includes Preview versions of both Aqua DTA,
as well as integrated container image
vulnerability scanning based on Aqua’s Trivy
open source scanner. The vulnerability
scanner included in the preview currently
supports AWS environments, with additional
registry support planned throughout the
Scanning of Terraform templates in addition to the previously available AWS CloudFormation templates, enhancing security control over Infrastructure-as-Code (IaC) tooling
Automated GDPR compliance reports, facilitating compliance with the European privacy requirements