Aqua Security Introduces Industry's First Serverless Function Assurance for Securing Serverless Environments

BOSTON, March 4, 2019 /PRNewswire/ -- Aqua Security, the leading platform provider for securing container-based and cloud native applications, announced today the availability of version 4.0 of the Aqua cloud native security platform, introducing new security and compliance controls for serverless functions and Linux hosts. As enterprise development and deployment of cloud native microservices-based applications continue to accelerate, Aqua enables security teams to manage and enforce security policies across a blend of VM-based containers, Containers-as-a-Service (CaaS) and Function-as-a-Service (FaaS) spanning both multi-cloud and on-premises environments.

Gartner Distinguished VP Analyst, Neil MacDonald, notes that "securing serverless will force information security and risk professionals to focus on the areas we retain control over. Specifically, the integrity and assurance of the code, identities of the code and developers, permissioning, and serverless configuration, including network connectivity."

(Gartner, Security Considerations and Best Practices for Securing Serverless PaaS,
4 September 2018, by Neil MacDonald)

Aqua's comprehensive serverless security solution now includes a full chain of controls to discover functions across multiple cloud accounts, scan them for vulnerabilities, detect excessive permissions and configuration issues, and provide function assurance - preventing the execution of untrusted or high-risk functions based on defined policies. The key controls for serverless environments include:

    --  Functions discovery: Creating an inventory of functions stored across
        cloud accounts.
    --  Vulnerability scanning: Deep scanning of a functions packages and
        dependencies for known vulnerabilities (CVEs), based on multiple sources
        and supporting multiple programming languages.
    --  CI/CD Integration: "Shifting left" beyond scanning existing functions,
        Aqua provides development teams with plug-ins for Continuous Integration
        environments to detect security issues as functions are being built.
    --  Permissions Assessment: Identifying use of excessive or over-provisioned
        permissions specific to the serverless cloud environment, and monitoring
        for unused permissions -reducing the potential attack surface of a
        function.
    --  Sensitive Data Assessment: Detecting secrets and hard-coded keys within
        the functions themselves, or within environment variables, specific to
        the cloud environment - for instance AWS credentials or Azure
        Authentication keys.
    --  Function assurance: Security teams can set policies to determine the
        risk threshold to allow or disallow function execution, based on a
        variety of factors including CVE severity, CVSS score, sensitive data,
        and permissions.
    --  Function anomaly detection: Monitoring of function usage patterns and
        alerting on sudden spikes in the frequency or duration of function
        execution.

Another significant addition to the Aqua platform is tighter controls to secure the Linux hosts that run containers. This addresses potential risks from vulnerabilities such as the one discovered earlier this year when a severe new vulnerability (CVE-2019-5736) was disclosed in runc, a component used in most container runtimes which is part of Linux OS distributions, highlighting the need for securing the container stack at both the workload and host levels.

"The new technologies supporting cloud native applications require a holistic approach to security and compliance, across the application lifecycle as well as up and down the stack, and this has become more evident in recent months with significant vulnerabilities discovered in Kubernetes and runc for example," notes Amir Jerbi, CTO and co-founder at Aqua Security. "With this new release from Aqua, our customers can protect their applications against those, as well as yet undiscovered vulnerabilities by implementing tight compliance and whitelisting-based zero-trust security."

Aqua 4.0 builds on previous Aqua host protections that already included testing hosts according to CIS (Center for Internet Security) benchmarks, scanning hosts for known vulnerabilities, and monitoring user logins, to provide:

    --  Malware Scanning: Detecting malware in the host OS, or any of its
        components.
    --  Vulnerability scanning: Scanning for CVEs found in the host OS, or any
        of its components.
    --  Whitelisted and Blacklisted Users and OS Packages: Security teams can
        specify which types of users and OS packages are either allowed or
        forbidden from being used on a host.
    --  User Activity Monitoring: Aqua now logs all user commands on the host OS
        for security and compliance tracking (in addition to the previously
        available user logins and login attempts tracking).
    --  CIS Benchmarks Testing: Having achieved CIS certification for its
        Kubernetes benchmark, Aqua now provide detailed information on each
        benchmark test success/failure to provide teams with remediation
        information.
    --  Custom Benchmark Scripts: Enabling the upload of scripts that customize
        benchmarks to account for configurations that aren't supported in the
        standard CIS benchmarks, including Kubernetes clusters on Red Hat
        OpenShift.
    --  Host Assurance: Allowing to set policies that will determine a threshold
        for host compliance and security risk based on the results of the above
        scans and checks and generate alerts and audit events upon policy
        violations.

Aqua CSP v4.0 will be generally available in mid-March for existing customers and new deployments.

About Aqua Security

Aqua Security enables enterprises to secure their container and cloud-native applications from development to production, accelerating application deployment and bridging the gap between DevOps and IT security. Aqua's Cloud native Security Platform provides full visibility into container activity, allowing organizations to detect and prevent suspicious activity and attacks in real time. Integrated with container lifecycle and orchestration tools, the Aqua platform provides transparent, automated security while helping to enforce policy and simplify regulatory compliance. Aqua was founded in 2015 and is backed by Lightspeed Venture Partners, Microsoft Ventures, TLV Partners, and IT security leaders, and is based in Israel and Boston, MA. For more information, visit www.aquasec.com or follow us on twitter.com/AquaSecTeam

View original content:http://www.prnewswire.com/news-releases/aqua-security-introduces-industrys-first-serverless-function-assurance-for-securing-serverless-environments-300804751.html

SOURCE Aqua Security