Aqua Security Combats Rising Zero-Day Attacks with eBPF Lightning Enforcer

Aqua Nautilus researchers reveal 1/3 of attacks go undetected in runtime


BOSTON, Nov. 15, 2022 (GLOBE NEWSWIRE) -- Aqua Security, the leading pure-play cloud native security provider, today announced its new Lightning Enforcer to stop zero-day attacks and shield critical vulnerabilities in production until a patch can be applied. With its new eBPF technology, Aqua’s Lightning Enforcer provides total visibility into running workloads and allows security professionals to quickly and easily identify and stop the most advanced attacks in real time.

While “shift left” security is a key piece to prevent vulnerabilities, misconfigurations, and supply chain threats from reaching production environments, sometimes it’s not enough. This has led to a vast increase in the number of zero-day vulnerabilities that are exploited in runtime. On average, a new “in the wild” exploit is discovered every 17 days. These incidents emphasize the criticality in runtime protection and that simple scanning isn’t enough.

“Last year we saw the highest number of zero-days in history,” said Amir Jerbi, CTO and co-founder at Aqua. “As organizations around the globe strengthen their cybersecurity measures, threat actors are seeking out new attack vectors to evade detection such as the identification and exploitation of previously unknown vulnerabilities. To combat this growing threat, Aqua is bringing to market an easy, safe solution for security teams to broadly deploy runtime security and prevent zero-days.”

While snapshot-based scanning of workloads provides fast and low-friction visibility, recent data from Aqua Nautilus shows that risks increase significantly when relying exclusively on snapshot scanning of running workload images. In the past three months, the Aqua Nautilus research team saw that in one third of those cases, no file was written to disk or no attack executed from memory, which means those techniques could evade detection with a purely agentless solution.

Aqua Lightning Enforcer Powered by eBPF
eBPF is a revolutionary technology with origins in Linux that can run sandboxed programs in an operating system kernel. It is used to extend the capabilities of the kernel safely and efficiently without changing kernel source code or loading kernel modules. With eBPF’s flexibility, it is now possible to achieve kernel-level visibility without compromising execution efficiency or safety.

The benefits of the Aqua Lightning Enforcer include:

  • First and last line of defense against zero-day attacks.
  • Frictionless threat detection at the kernel-level without the workload instability often found with traditional agents.
  • Advanced malware detection helps meet regulatory mandates and compliance requirements.
  • Small footprint and resource consumption.
  • Application-agnostic deployment across all workloads.

The Full Suite of Runtime Protection to Stop Real-time Attacks
Aqua is the only vendor that provides a full suite of runtime options, and Lightning rounds out Aqua’s levels of protection. With three tiers of runtime protection, customers can balance speed and ease-of-use with the level of protection they need. Aqua offers Cloud Workload Scanning for the easiest and quickest snapshot security, Lightning Enforcer for a higher level of security and quick value with little-to-no configuration, and full-agent custom mode for the most technical teams who require the most advanced security.

Aqua’s detection of anomalous behavior goes beyond only point-in-time snapshots and catches malicious behavior of known and unknown threats in real time—this includes both known vulnerabilities and zero-day exploits that have yet to be disclosed. Aqua’s Runtime Protection was built based on ongoing threat intelligence feeds from Aqua Nautilus, who detect and analyze 80,000 attacks a month using Aqua’s open source eBPF-based threat detection engine, Aqua Tracee. The result is real-time visibility that alerts customers the moment an attacker breaches a running workload, reducing attackers’ dwell time from months to milliseconds.

“Other security vendors are recognizing that agentless simply can’t deliver holistic cloud security,” said Jerbi. “Aqua has offered an agent-based solution since day one. We’ve incorporated years of innovation and research into our new Lightning Enforcer, allowing organizations to benefit from active protection that is simple and frictionless, complemented by Aqua’s agentless scanning.”

About Aqua Security  
Aqua Security stops cloud native attacks and is the only company with a $1M Cloud Native Protection Warranty to guarantee it. As the pioneer and largest pure-play cloud native security company, Aqua helps customers unlock innovation and build the future of their business. The Aqua Platform is the industry's most integrated Cloud Native Application Protection Platform (CNAPP), prioritizing risk and automating prevention, detection and response across the lifecycle. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL with Fortune 1000 customers in over 40 countries. For more information, visit https://www.aquasec.com/.  

Contact:
Jennifer Tanner
Look Left Marketing
aqua@lookleftmarketing.com