cloud native application protection platform

Dror Davidoff, CEO & Co-Founder at Aqua Security about cloud native application protection platform

We spoke to Dror Davidoff about cloud native application protection platform.

Dear Dror Davidoff, could you tell us a little bit about your background, and what led you to founding Aqua?

Seven years ago, when I was looking for a new venture and the next “big thing,” I met my co-founder Amir Jerbi, and it was love at first sight. We shared a similar vision and acknowledged a big market opportunity: the transition to cloud native technologies was in its infancy, and it was opening the door for security problems.

Companies were moving to the cloud for not just shared computing and storage but to modernize their application infrastructure. Just as the technology stack was about to change, so would the security stack. There was an opportunity to do security differently, more granularly and add it into the development cycle.

Traditional on-prem security vendors didn’t have the technology in place to protect cloud native environments. The public cloud providers weren’t prepared to provide their own security. There was an enormous market emerging and a need for a new approach to security – one to enable organisations to move to cloud native safely. Thus, Aqua Security was born.

What is a CNAPP, or a cloud native application protection platform and what makes it unique?

At Aqua, to simplify cloud native application protection platform, we explain it backwards. A CNAPP is a platform that protects applications in cloud native environments. It is a category of security solutions that helps identify, assess, prioritize, and adapt to risk in cloud native applications, configurations, and infrastructure. Unlike traditional approaches to cloud security, the goal of a CNAPP is to

provide complete end to-end security for cloud-native environments. CNAPPs should have the capabilities of several existing cloud security categories, mainly “shift left” artifact scanning, cloud security posture management (CSPM), Kubernetes security posture management (KSPM), infrastructure as-code (IaC) scanning, cloud infrastructure entitlements management (CIEM), a runtime cloud workload protection platform (CWPP), and software supply chain security capabilities. From the beginning, Aqua’s vision has been to deliver a single end-to-end security solution for the entire cloud-native application lifecycle in one holistic platform. We’ve always believed that to be a true CNAPP, a solution must include shift-left scanning, broad visibility, and crucially strong runtime controls that can detect and stop attacks in progress. Aqua offers the industry’s first and only unified cloud native application protection platform. Our cloud security platform provides users with better context and prioritization when identifying threats to secure and protect cloud native assets in real time from day one.

You recently launched 2 new solutions in shift left and shift right. Can you tell us more about these and what they do?

Aqua protects the entire development cycle from code to cloud and back. To support that, we have recently launched more solutions including software supply chain security (on the left for dev security) as well as Real-Time CSPM (on the right for cloud security). Here’s why:

High-profile cyber incidents, such as the infamous SolarWinds or SUNBURST attacks, have directed attention to the resilience of supply chains. These attacks demonstrated how vulnerabilities in third-party products and services can be exploited by cybercriminals to affect hundreds of thousands of organizations at the same time. As a result, software supply chain attacks are dramatically on the rise; our data shows a 300% increase year-over-year. This type of threat is now recognized as a security priority, including to the White House, which recently released executive orders to enhance software supply chain security. In September 2022, we released the industry’s first, and only, end-to-end software supply chain security solution as part of our fully integrated CNAPP, thereby enabling DevOps teams to implement security throughout the software development lifecycle (SDLC), so they can proactively prevent and stop supply chain attacks on cloud-native applications. We identify software supply chain risks as threats coming from third-party artifacts, open-source dependencies and malicious actors targeting the unique developer toolset and environment. These capabilities make ours the only solution on the market that protects against supply chain risk, from code all the way through to runtime, across both the application and underlying infrastructure.

When it comes to CSPM, customers have told us that they are bogged down by too much noise from current CSPM offerings. They receive too many findings yet lack complete visibility and therefore the ability to properly prioritize. This is why Aqua launched Real-Time CSPM in May 2023. With Real-Time CSPM, teams have a complete view of cloud security risk and surface the most critical findings. This includes the ability to match correlated findings across multi-cloud environments, deduplicate findings and focus on identifying real cloud risks with smarter insights. Instead of wasting time on issues with low effective risk, customers can focus on what truly matters most and provide the context needed for resource owners to remediate quickly and secure their cloud applications.

Detailed context also allows teams to connect issues found in their cloud to their respective code repositories. With better prioritization and the ability to identify risk ownership, Real-Time CSPM then allows for rapid remediation of those most critical issues. Security professionals can focus their limited resources to manage, investigate and respond faster.

Also of note, point-in-time scanning opens the door for increased attacks. According to the IDC report, “The State of Cybersecurity Maturity in Vulnerability Management Among U.S. Organizations,” 74% of organizations scan less than 85% of their IT assets when they do scan, leaving an opportunity for many vulnerabilities to go undiscovered until an attacker makes use of them. By then it is too late.

Aqua Real-Time CSPM eliminates that risk and delivers real-time visibility and risk prioritization in a single, unified platform for faster, more effective risk management.

The threat landscape is constantly evolving. What have you seen specific to cloud native threats and how is Aqua helping combat those threats?

Most cloud breaches once resulted from cloud account misconfigurations, but organizations have improved their security posture for cloud infrastructure causing attackers to shift their approach and increasingly look to exploit vulnerabilities in cloud workloads. For example, advanced cloud workload attacks that are in-memory leave no trace on the workload’s filesystem – we are seeing more and more of attackers taking this approach.

We have also witnessed a rise in software supply chain attacks in recent years, and we now see attacks on the development environment itself. All these attack vectors illustrate the need for a full application lifecycle approach to security—this has always been Aqua’s approach.

To combat these threats, we remain on the forefront with Aqua Nautilus, the world’s only dedicated team of cloud native security researchers. With a global network of honeypots, Nautilus catches more than 80,000 cloud-native attacks every month, specifically those unique to containers and microservices that other platforms lack the visibility to see. Nautilus uses eBPF to study patterns of executing processes in Linux kernels. It then defines behavioral attack signatures and codifies them into Aqua products so that customers can be protected out of the box, without even understanding the specifics of cloud-native attacks.

Each month, Nautilus also finds tens of thousands of instances of in-memory and fileless attacks that wouldn’t be seen or stopped without kernel-level visibility. As a result of ongoing research by Nautilus, Aqua has written and implemented over 200 behavioral signatures in its products to protect its customers to date.

We have many SME companies as customers which have been rather passive towards cloud scenarios and still run most IT on-prem. What is your advise for companies which are just beginning cloud migration projects? What are the 3 most important Cloud Security measures to consider?

First of all, understand that the attack surface in a cloud environment looks very different from a traditional on-prem environment. APIs, microservices, containers, serverless functions, and then of course the CI/CD development process itself delivers new software to production at record pace – all introducing layers of complexity that traditional security solutions are not designed for. This creates visibility gaps and risks to your business.

3 Measures to Consider:

  1. Cloud misconfigurations remain a key vector for successful attacks — use CSPM to identify misconfigurations and ensure compliances to best practices and regulatory frameworks
  2. Implement Shift Left Security — Work to identify known vulnerabilities during the development phase so that they never make it to production.
  3. Runtime visibility and control is still needed — Despite prevention efforts, zero days happen. You need visibility in runtime and an ability to stop an initial attack before lateral spread and persistence can be gained.

Thanks to Dror Davidoff for his time!

In our day-to-day business, as your independent partner we analyze customer requirements towards cybersecurity and identify suitable providers of products and services. Therefore, we have collected a significant number of interesting provider and solution profiles. Of course, this does not include any recommendations for products or providers. If you are interested in an interview with us, please send a short message to cybercompare@bosch.com.

Please remember: This article is based our knowledge at the time it was written – but we learn more every day. Do you think important points are missing or do you see the topic from a different perspective? We would be happy to discuss current developments in greater detail with you and your company’s other experts and welcome your feedback and thoughts.

And one more thing: the fact that an article mentions (or does not mention) a provider does not represent a recommendation from CyberCompare. Recommendations always depend on the customer’s individual situation.