A new cloud-native security solution can stop zero-day attacks and shield critical production vulnerabilities until a patch can be applied. Aqua Security introduces the eBPF Lightning Enforcer.
Powered by new eBPF technology, Lightning Enforcer provides full visibility into running workloads, making it easy for security professionals to identify and stop even advanced attacks in real time.
Shift Left is an important factor in preventing vulnerabilities, misconfigurations, and software supply chain threats from entering production environments. However, sometimes this security approach is not enough. This has led to a huge increase in zero-day vulnerabilities being exploited at runtime. On average, a new vulnerability is discovered "in the wild" every 17 days.
Protection at runtime: Simple scanning is not enough
These incidents make two things clear: runtime protection is important, simple scanning is not enough. While snapshot-based scanning of workloads provides fast and frictionless insight, relying solely on snapshot scanning of running workload images greatly increases the risks.
This is shown by recent data from Team Nautilus, Aqua Security's research unit specializing in the cloud-native technology stack: In the past three months, Nautilus found that in a third of the cases no file was written to the hard drive or no attack from memory was executed. That means these techniques could evade detection with a purely agentless solution.
Based on eBPF technology: Aqua Lightning Enforcer
eBPF makes it possible to run sandboxed programs in the kernel of an operating system. This technology, which originated in Linux, is used to safely and efficiently extend the core's capabilities without modifying its source code or loading associated modules.
Thanks to the flexibility of eBPF, kernel-level visibility can now be achieved without compromising execution efficiency or security.
The key advantages of the solution
- First and last line of defense against zero-day attacks
- Smooth kernel-level threat detection—without the workload instability common with traditional agents
- Advanced malware detection helps meet regulatory and compliance requirements
- Low space and resource consumption
- Application-agnostic deployment for any workload.
Defense against real-time attacks
Aqua is the only vendor to offer a full suite of runtime options, and Lightning Enforcer rounds out the protection levels. With the three tiers of runtime protection, customers can balance speed and ease of use with the level of protection they need: Aqua offers cloud workload scanning for the easiest and fastest snapshot security, while Lightning Enforcer for a higher level of security and quick value with little to no configuration effort at all. Finally, the custom full-agent mode is aimed at the most tech-savvy teams that need the most advanced security.
Reduce the dwell time to milliseconds
Aqua's detection of anomalous behavior goes beyond taking snapshots. It also intercepts malicious behavior of known and unknown threats in real-time, from known vulnerabilities to undisclosed zero-day exploits.
Aqua's runtime protection was developed based on ongoing threat intelligence from Team Nautilus, which detects and analyzes 80.000 attacks per month. It uses Aqua Tracee, the eBPF-based open-source threat detection engine. The result: real-time visibility that alerts customers the moment an attacker breaks into a running workload. This reduces the dwell time of criminals in the corporate network from months to milliseconds.
More at Aquasec.com
About Aqua Security Aqua Security is the largest pure cloud native security provider. Aqua gives its customers the freedom to innovate and accelerate their digital transformation. The Aqua platform provides prevention, detection, and response automation across the application lifecycle to secure the supply chain, cloud infrastructure, and ongoing workloads—regardless of where they are deployed.