In an industry first, Aqua Security announce the release of their new Vulnerability Shield, a solution for the detecting and blocking attempts when container vulnerabilities face potential exploitation.

 The latest release from Aqua Security, who are market leaders serverless and cloud native applications as well as container-based protection, also brings forth an advanced runtime to protect serverless application. Their newest product is the updated version of their Aqua CSP cloud native security platform. Aqua CSP 4.2 now boasts a technology which detects and prevents attacks of vulnerabilities in containers and has been appropriately named Aqua Vulnerability Shield.

Earlier in April this year, the company revealed they had raised $62 million in Series C funding which was headed by Insight Partners. Because of this backing, they have since exploded in growth, enabling them to invest in research, development and grow in employee figures.

Rani Osnat, Vice President of Product Marketing for the organisation spoke of how despite having had the means to scan for susceptibilities for a while, the need of a step-up in container protection came from the fact that trying to fix certain issues was having an impact on other components of the software.

On coming up with a solution for these issues and on creating the upgraded platform, he said, “Our research team realized that we could essentially monitor for attempts to exploit these known vulnerabilities, and then provide the option to block malicious activity. We still recommend developers fix the underlying code as soon as possible, but Vulnerability Shield provides a strong compensating control.”

He continued, “Virtual patching capabilities exist for other runtime environments, including operating systems, databases, and other software components, however until now, there was no solution for containers.”

“Users either needed to update their images as soon as possible (assuming fixes were available for base images), shutdown the vulnerable applications (potentially impacting business operations) or accept the risk of running in a vulnerable state and attempt to monitor for attacks using other methods.”

How does the technology work? 

The new technology works by using automated vulnerability and component analysis which generates runtime polices that can detect and block vulnerable container modules as a form of “virtual patching” which in turn, acts as a shield towards liabilities.

“As organizations increase their use of containers, CI/CD pipelines, and open source components, managing vulnerabilities is increasingly challenging,” Says Fernando Montenegro, Senior Analyst, Information Security at 451 Research.

“Vulnerability scanning has been a key component of container security, and is largely automated. But patching remains a manual process, creating backlogs and leaving organizations running vulnerable applications, for lack of other choices.”

Using DevOps in developing the venerability shield.

Aqua security claim to bridge the gap between security and DevOps through the promotion of businesses agility and pushing for digital change.

When asked how the company maximizes their use of DevOps, Rani Osnat told DevOps Online “Our own engineering team includes a core DevOps group that supports our various development teams, as well as the rollout of supporting cloud-based services such as our CyberCenter. “

The Vice President of the company continued by saying “Our own CI/CD pipeline automates the build of all images and rollout onto both on-premise and numerous cloud infrastructures (for example: ECS, EKS, GKE, AKS, and many more) for our very broad range of supported platforms, to enable our QA processes.”

The shield can identify and protect from known vulnerabilities without requiring any developer intervention, until such time as a permanent fix can be deployed.