Aqua DTA empowers businesses to preemptively identify & prevent sophisticated attacks against containerized applications
BOSTON, June 20, 2024 – Aqua Security, the pioneer in cloud native security, today announced that it has been granted a patent (12001543) for its Dynamic Threat Analysis (DTA) technology. This innovative capability assesses the risks that container images pose before they are run as containers in a live environment. With Aqua’s newly patented technology, organizations can find and stop malicious threats before deployment, preventing them from infecting running applications.
Aqua DTA operates by running container images in a secure, isolated sandbox environment combining signature-based detection with advanced behavioral analysis. This dual approach enables DTA to identify novel malware and zero-day attacks that static scanners miss. It monitors behavioral patterns and Indicators of Compromise (IoCs) such as malicious behavior and suspicious network activity to detect container escapes, malware, cryptocurrency miners, code injection backdoors, & other threats.
When an image scan is initiated from a container registry, Aqua DTA analyzes the image while running it in a sandbox and provides detailed analysis results. This process determines the potential risk level that the image presents if allowed to run in an open, networked environment. Based on the results, security & DevOps teams can make an informed decision and set up a specific assurance policy to accept or reject the image for deployment.
This capability helps prevent a wide range of attacks such as data exfiltration, the use of containers for Distributed Denial of Service (DDoS) attacks, cryptomining, fileless & polymorphic malware. Aqua DTA complements “shift left” vulnerability scanning by serving as an additional preventive control in the CI/CD pipeline, effectively catching known & unknown threats early in the application lifecycle before they reach production.
“Our Nautilus team has detected an increase in sophisticated methods to evade existing security measures and fly under the radar, as well as a significant rise in software supply chain attacks. Given these complex & advanced threats, organizations must elevate their security practices beyond basic vulnerability scanning," said Amir Jerbi, Aqua co-founder & CTO.