Aqua Security announced the launch of Real-Time CSPM, a
next-gen cloud security posture management (CSPM) solution, offering the best
visibility and context in the industry. Real-Time CSPM provides a complete view of multi-cloud security risk,
pinpoints threats that evade agentless detection, and dramatically reduces noise so security practitioners
can rapidly identify, prioritize, and remediate the most important cloud
security risks, saving time and money.
"Customers have told us that they are bogged
down by too much noise from current CSPM offerings," said Amir Jerbi, CTO and
co-founder, Aqua Security. "They receive too many
findings yet lack complete visibility and therefore the ability to properly prioritize.
Simply put, they fix the wrong things and end up compromised. This is where Aqua comes in. We are introducing Real-Time CSPM so security
practitioners can pinpoint the most significant cloud risks and remediate them quickly."
With Real-Time CSPM, teams have a complete view of cloud security risk and surface
the most critical findings. This includes the ability to match correlated
findings across multi-cloud environments, deduplicate findings and focus on
identifying real cloud risks with smarter insights. Instead of wasting time on
issues with low effective risk, customers can focus on what truly matters most
and provide the context needed for resource owners to remediate quickly and
secure their cloud applications.
"One of the world's largest telcos turned to
Aqua to provide better visibility and context. They went from 120M risk
findings to 50k and they saw a reduction in their attack surface by 99% in just
months. If everything is a priority, then nothing is -
that's why they chose Aqua," said Jerbi.
Detailed context also allows teams to connect
issues found in their cloud to their respective code repositories. With better
prioritization and the ability to identify risk ownership, Real-Time CSPM then allows
for rapid remediation of those most critical issues. Security professionals can
focus their limited resources to manage, investigate and respond faster.
Identify Attacks That Agentless Solutions Cannot
See
Point-in-time scanning opens the door for
increased attacks. According to the IDC report, "The State of Cybersecurity
Maturity in Vulnerability Management Among U.S. Organizations," 74% of
organizations scan less than 85% of their IT assets when they do scan, leaving
an opportunity for many vulnerabilities to go undiscovered until an attacker
makes use of them. By then it is too late.
Aqua Real-Time CSPM
eliminates that risk and delivers real-time visibility and risk prioritization
in a single, unified platform for faster, more effective risk management.
Unlike point-in-time scanning solutions, Aqua Real-Time CSPM provides a deeper
layer of visibility for better context, leading to the ability to prioritize
the most critical cloud security risks.
"Other CSPM solutions give you a false sense
of security. Whether you scan daily or monthly, you're only seeing a portion of
the risks with a point-in-time scan. And that's not true security," said Jerbi.
Further data from Aqua Nautilus, Aqua's cloud
security research team, supports the need for real-time scanning. Nautilus uses
an extensive honeypot network to detect and analyze over 80,000 attacks a month.
Of those attacks, one in three do not leave a footprint and would be missed by point-in-time
scanning solutions. Similarly, zero-day attacks are missed, whilst other
standard operating procedures like ephemeral containers and transient attacks
raise that number to 50%.
Real-Time
CSPM is part of the Aqua Cloud Security
Platform, a cloud
native application protection platform (CNAPP). The
Aqua Platform is composed of a fully integrated set of security and compliance
capabilities to discover, prioritize, and eliminate risk in minutes across the
full software development life cycle. Aqua improves operational efficiency by
connecting cloud to code and tracing runtime risks to the code and developer
who can fix them. By connecting CSPM to runtime, it shields risks that cannot
be immediately addressed with a code fix.