We asked these tool providers to share more information on how their solutions help companies secure cloud-native applications. Their responses are below.
Rani Osnat, VP strategy and product marketing at Aqua Security
From day one, we started out focusing on containers, because that was the big technology that was pushed in the earlier days with Docker and later on with Kubernetes. Now, we support containers of various flavors, as well as serverless, VMs, and cloud infrastructure.
With security, we took this approach of a full life cycle security solution because we felt that was the only way to really solve these issues. If you’re just looking at runtime, the attack surface is too big, and you’re basically chasing endless risks that you can’t really address that effectively. If you’re only focusing on shift-left and only handling developers, you’re doing what’s necessary, but it’s insufficient, because not everything is based on vulnerabilities. You have to have these multiple control points and layers.
Our solution helps organizations at any scale to address the key challenges of cloud-native security across development, DevOps, cloud and security teams. Our Complete Cloud Native Application Protection Platform (CNAPP) has the ability to give each type of stakeholder the information and ability to control what they need.
Also, Aqua’s Cloud Security Posture Management (CSPM) scans monitors and remediate configuration issues in public cloud accounts according to best practices and compliance standards, across AWS, Azure, Google Cloud, and Oracle Cloud.
There are also additional add-ons, like vShield, that allow you to specifically detect and block vulnerabilities that you weren’t able to fix, and we have a product called Dynamic Threat Analysis, (DTA), which addresses a different risk we see in the supply chain: hidden malware.
To learn more about Aqua’s Cloud Native Application Protection Platform or start a free trial of the plan that’s right for your organization, visit us online at https://www.aquasec.com/.
Blake Connell, director of product marketing at Contrast Security
Organizations are turning to serverless environments to help realize the full potential of DevOps/Agile development. Serverless technologies enable instant scalability, high availability, greater business agility, and improved cost efficiency. While serverless is quickly becoming a preferred approach for helping organizations accelerate the development of new applications, their existing tool sets for application security testing (AST) perpetuate inefficiencies that ultimately bottleneck release cycles. There are also some key differences that create some unique challenges:
- An expanded attack surface. Serverless has more points of attack to potentially exploit. Every function, application programming interface (API), and protocol presents a potential attack vector.
- A porous perimeter is harder to secure. Serverless applications have more fragmented boundaries.
- Greater complexity. Permissions and access issues can be challenging and time-consuming to manage.
Contrast Serverless Application Security is designed specifically for serverless development. The complimentary, purpose-built solution for serverless AST ensures that security and development teams get the testing and protection capabilities they need without legacy inefficiencies that delay release cycles. Key benefits include:
- Visibility. Gain complete security visibility across your serverless architecture.
- Speed. Onboarding takes two minutes, with zero configuration and immediate results after scanning.
- Frictionless. Automatically discovers any new change deployed to the tested environment, issues new tailored security tests, and validates finding in close to real-time.
- Accuracy. Provides near zero false positive results with vulnerability evidence for true vulnerabilities.