Aqua Security’s new Dynamic Threat Analysis (DTA) solution was designed to protect container-based environments against malware that can only be detected through dynamic analysis of a running container. 

The company said that it has seen a sharp increase in sophisticated attacks on containers that use obfuscation and evasion techniques to avoid detection by static scanners. These attacks aim for cryptocurrency mining, credential theft, data exfiltration, or using containers for DDoS attacks.

“To achieve these [attacks], the container will exhibit a variety of suspicious behaviors, such as unpacking malicious payloads during runtime, opening reverse shell, executing malware from memory to avoid detection, connecting to known command & control servers, and more. By identifying these behaviors before deploying images, Aqua DTA ‘shifts left’ what used to be done only as a late response to incidents during runtime,” said Amir Jerbi, the CTO and co-founder of Aqua. “Aqua DTA addresses these risks by automatically running images in a secure sandboxed environment, then analyzing, tracing, and classifying the detected behaviors.”  

Aqua DTA allows security and DevOps teams to improve the security of their software supply chain and reduce risk of runtime environments by approving public images and their open source packages, approving ISV’s third-party Images, offering a pre-production security gate, and providing analysis and forensics. 

Aqua also extended its cloud security posture management (CSPM) solution following its acquisition of CloudSploit in 2019. The solution is now called Aqua CSPM and it offers Preview versions of both Aqua DTA, as well as integrated container image vulnerability scanning based on Aqua’s Trivy open source scanner. The vulnerability scanner currency supports AWS environments and additional registry support is planned throughout the year, according to the company. 

Recent enhancements to Aqua CSPM also include the general availability of its support for Google Cloud and Oracle Cloud environments, the scanning of Terraform templates, and automated GDPR compliance reports. 

Additional details are available here.