Cloud native detection and response

New Cloud Native Detection and Response (CNDR) uses a growing body of behavioural indicators from Aqua’s cyber research team, Nautilus, to detect patterns and respond with granular runtime controls.

Aqua Security has unveiled what it says are the most powerful cloud native detection and response (CNDR) capabilities in the industry. CNDR uses a growing body of more than 80 behavioural indicators to identify zero-day attacks from low level eBPF events, which are surfaced by the open source project Tracee. The new detection capabilities, combined with Aqua’s unique runtime security controls, makes Aqua the only vendor that can both detect and granularly prevent malicious activity from spreading without disrupting the production environment.

Newly identified behavioural indicators

CNDR leverages continually updated, runtime behavioural indicators that are based on thousands of real-world attacks observed in the wild on cloud native environments, including Linux, Containers, Serverless and Kubernetes workloads. For example, a rootkit tactic that involves loading a malicious kernel, execution of fileless malware, reverse shell, etc.

In addition to behavioural indicators, Aqua’s threat intelligence includes IP and DNS reputation intel and a malware database, giving CNDR and Aqua’s customers access to the most complete threat intelligence feed for Cloud Native Application security.

“The cloud native threat landscape is constantly evolving. Adversaries are advancing their techniques to craft more sophisticated and targeted attacks at a rate faster than enterprises can track, which makes the cloud native cyber research performed by Team Nautilus so important,” said Amir Jerbi, co-founder and CTO, Aqua Security. “By incorporating the output of this research and intelligence with industry leading detection capabilities and surgical runtime policies, Aqua delivers the industry’s most comprehensive protection for cloud native environments.”

Built on eBPF-based open source technology

Aqua CNDR is built on the open source project Tracee, which uses Linux eBPF technology to surface suspicious application behaviour at runtime. Tracee uniquely takes advantage of eBPF features that prevent circumvention by evaders and exploits, ensuring accurate detection of suspicious behaviour. Since its creation in 2019, Tracee has evolved from an open source system tracing tool into a robust runtime security solution for DevOps that includes a powerful eBPF engine, easy deployment, and a list of behavioural indicators to also identify malicious patterns and attacks from eBPF events.

A pioneer in cloud native detection and response

The addition of CNDR is a significant milestone in the industry and for Aqua Security, which already offers the most unified and integrated Cloud Native Application Protection Platform (CNAPP) on the market. While a small number of solutions leverage eBPF for observability and monitoring, they lack a broad set of continuously updated behavioural intelligence specific to novel attacks in cloud native environments. Aqua goes beyond mere detection to stop the detected attacks using its granular, highly focused runtime controls.

“It is absolutely critical for application development and Security teams to keep the business and production environment running while at the same time maintaining an effective security posture. This is impossible if runtime controls are binary – letting the container run with security issues or kill the container. That is why we focus on the most granular, least intrusive enforcement capabilities available, so the business can continue running securely,” says Ehud Amiri, VP Product Management at Aqua Security.

Oracle names Informatica a preferred partner for enterprise cloud data integration and data governance for data warehouse and lakehouse solutions on Oracle Cloud Infrastructure.
New report provides key recommendations to MSPs on how to best grow their cloud businesses.
Grid Operations Platform as a Service unlocks rapid innovation with agile cloud solutions managed as a service.
Advances Broadcom's strategy to build the world's leading infrastructure technology company, with track record of acquiring established, mission-critical platforms.
Only 1 in 5 employees feel their organisation is very prepared for hybrid working.
HCL Technologies has signed an end-to-end IT services transformation agreement with the VELUX Group, the leading manufacturer of roof windows.
BUPA is harnessing Nutanix solutions to address performance, scalability and management issues impacting its business-critical Citrix environment that supports over 5,000 users. These issues were quickly resolved by migrating from a legacy infrastructure to the Nutanix Cloud platform and Nutanix Acropolis Hypervisor (AHV). Beyond this initial phase, BUPA has also begun using Nutanix Calm to fully automate management of its DaaS computing system and allow for rapid deployment of this and other workloads to any cloud in accord with long term multicloud strategy.
New research details cloud connectivity offerings and international WAN services of more than 200 service providers.