Aqua Dynamic Threat Analysis (DTA) is a sophisticated cloud-based security solution designed to scan and analyze container images for potential threats and malicious behavior. It integrates directly with registries and CI pipelines to prevent the deployment of compromised containers in production environments, effectively shifting security measures left in the development process.

Key Features

Advanced Threat Detection Identifies various indicators of compromise in container images

• Detects container escapes and reverse shell backdoors
• Identifies malware, cryptocurrency miners, and code injection attempts

MITRE ATT&CK Framework Integration Classifies detected behaviors according to the MITRE ATT&CK framework

• Enables SecOps teams to visualize the entire kill chain
• Helps identify and strengthen weaknesses in security infrastructure

Communication Tracking Monitors and maps all external communications from containers

• Tracks file downloads and command and control (C&C) server interactions
• Identifies potential data exfiltration destinations

Seamless Integration Integrates directly with existing container infrastructure

• Scans images from registries and CI pipelines
• Prevents deployment of malicious images in production environments

Benefits

Enhanced Security Posture Improves overall container security through proactive threat detection

• Prevents deployment of compromised containers
• Reduces the risk of successful cyberattacks

Improved Incident Response Enables faster and more effective incident response

• Provides full tracing of all container activities
• Offers detailed insights for forensics teams

Streamlined Security Operations Simplifies security management for containerized environments

• Automates threat detection and analysis processes
• Integrates seamlessly with existing DevOps workflows

Compliance Support Aids in meeting regulatory and compliance requirements

• Provides detailed audit trails of container activities
• Helps demonstrate due diligence in security practices