Aqua Security launches the eBPF Lightning Enforcer

Aqua Nautilus researchers reveal 1/3 of attacks go undetected in runtime.

  • Thursday, 17th November 2022 Posted 2 years ago in by Phil Alsop

Aqua Security has introduced its new Lightning Enforcer to stop zero-day attacks and shield critical vulnerabilities in production until a patch can be applied. With its new eBPF technology, Aqua’s Lightning Enforcer provides total visibility into running workloads and allows security professionals to quickly and easily identify and stop the most advanced attacks in real-time.  

While “shift left” security is a key piece to prevent vulnerabilities, misconfigurations, and supply chain threats from reaching production environments, sometimes it’s not enough. This has led to a vast increase in the number of zero-day vulnerabilities that are exploited in runtime. On average, a new "in the wild" exploit is discovered every 17 days. These incidents emphasise the criticality in runtime protection and that simple scanning isn't enough.

“Last year we saw the highest number of zero-days in history,” said Amir Jerbi, CTO and co-founder at Aqua. “As organisations around the globe strengthen their cybersecurity measures, threat actors are seeking out new attack vectors to evade detection such as the identification and exploitation of previously unknown vulnerabilities. To combat this growing threat, Aqua is bringing to market an easy, safe solution for security teams to broadly deploy runtime security and prevent zero-days.”

While snapshot-based scanning of workloads provides fast and low-friction visibility, recent data from Aqua Nautilus shows that risks increase significantly when relying exclusively on snapshot scanning of running workload images. In the past three months, the Aqua Nautilus research team saw that in one third of those cases, no file was written to disk or no attack executed from memory, which means those techniques could evade detection with a purely agentless solution.

Aqua Lightning Enforcer Powered by eBPF

eBPF is a revolutionary technology with origins in Linux that can run sandboxed programs in an operating system kernel. It is used to safely and efficiently extend the capabilities of the kernel without changing kernel source code or loading kernel modules. With eBPF’s flexibility, it is now possible to achieve kernel-level visibility without compromising execution efficiency or safety.

The benefits of the Aqua Lightning Enforcer include: 

First and last line defence against zero-day attacks. 

Frictionless threat detection at the kernel-level without the workload instability often found with traditional agents.

Advanced malware detection helps meet regulatory mandates and compliance requirements. 

Small footprint and resource consumption. 

Application-agnostic deployment across all workloads. 

The Full Suite of Runtime Protection to Stop Real-time Attacks 

Aqua is the only vendor that provides a full suite of runtime options, and Lightning rounds out Aqua’s levels of protection. With three tiers of runtime protection, customers can balance speed and ease-of-use with the level of protection they need. Aqua offers Cloud Workload Scanning for the easiest and quickest snapshot security, Lightning Enforcer for a higher level of security and quick value with little-to-no configuration and full-agent custom mode for the most technical teams who require the most advanced security. 

Aqua’s detection of anomalous behaviour goes beyond only point-in-time snapshots and catches malicious behaviour of known and unknown threats in real time—this includes both known vulnerabilities and zero-day exploits that have yet to be disclosed. Aqua’s Runtime Protection was built based on ongoing threat intelligence feeds from Aqua Nautilus, who detect and analyse 80,000 attacks a month using Aqua’s open source eBPF-based threat detection engine, Aqua Tracee. The result is real-time visibility that alerts customers the moment an attacker breaches a running workload, reducing attackers’ dwell time from months to milliseconds.

“Other security vendors are recognizing that agentless simply can’t deliver holistic cloud security,” said Jerbi. “Aqua has offered an agent-based solution since day one.  We’ve incorporated years of innovation and research into our new Lightning Enforcer, allowing organisations to benefit from active protection that is simple and frictionless, complemented by Aqua’s agentless scanning.”