Aqua Security’s cloud native security platform reached version 4.0 today, introducing new controls for security and policy enforcement across virtual, containerized and microservice-based infrastructures, on-premises and in the cloud.

“Aqua’s comprehensive serverless security solution now includes a full chain of controls to discover functions across multiple cloud accounts, scan them for vulnerabilities, detect excessive permissions and configuration issues, and provide function assurance – preventing the execution of untrusted or high-risk functions based on defined policies,” the company wrote in its announcement.

New features in Aqua’s platform include:

  • Function discovery, which can find and catalogue functions stored across different cloud accounts
  • Vulnerability scanning, which detects known vulnerabilities in packages and dependencies
  • Integration with CI/CD as part of a “shift left,” providing plugins for developers to detect issues during build
  • Permissions assessment, which will identify excessive permissions across cloud account to reduce attack surface
  • Sensitive data assessment, which will identify sensitive information such as AWS login credentials, and secure them
  • Function assurance, which can determine threat threshold and restrict function usage accordingly
  • Function anomaly detection, which will identify unusual activity spikes in function usage
  • Tighter Linux host container controls, which will address “potential risks from vulnerabilities such as the one discovered earlier this year when a severe new vulnerability (CVE-2019-5736) was disclosed, in runc, a component used in most container runtimes which is part of Linux OS distributions, highlighting the need for securing the container stack at both the workload and host levels,” the company explained.

“The new technologies supporting cloud native applications require a holistic approach to security and compliance, across the application lifecycle as well as up and down the stack, and this has become more evident in recent months with significant vulnerabilities discovered in Kubernetes and runc for example,” notes Amir Jerbi, CTO and co-founder at Aqua Security. “With this new release from Aqua, our customers can protect their applications against those, as well as yet undiscovered vulnerabilities by implementing tight compliance and whitelisting-based zero-trust security.”