Aqua Security has launched Real-Time CSPM, a next-gen cloud security posture management (CSPM) solution, which provides a complete view of multi-cloud security risk, pinpoints threats that evade agentless detection, and reduces noise so security practitioners can identify, prioritize, and remediate the most important cloud security risks, saving time and money.
“Customers have told us that they are bogged down by too much noise from current CSPM offerings,” said Amir Jerbi, CTO, Aqua Security.
“They receive too many findings yet lack complete visibility and therefore the ability to properly prioritize. Simply put, they fix the wrong things and end up compromised. This is where Aqua comes in. We are introducing Real-Time CSPM so security practitioners can pinpoint the most significant cloud risks and remediate them quickly,” Jerbi continued.
With Real-Time CSPM, teams have a complete view of cloud security risk and surface the most critical findings. This includes the ability to match correlated findings across multi-cloud environments, deduplicate findings and focus on identifying real cloud risks with smarter insights.
Instead of wasting time on issues with low effective risk, customers can focus on what truly matters most and provide the context needed for resource owners to remediate and secure their cloud applications.
“One of the world’s largest telcos turned to Aqua to provide better visibility and context. They went from 120M risk findings to 50k and they saw a reduction in their attack surface by 99% in just months. If everything is a priority, then nothing is – that’s why they chose Aqua,” said Jerbi.
Detailed context also allows teams to connect issues found in their cloud to their respective code repositories. With better prioritization and the ability to identify risk ownership, Real-Time CSPM then allows for remediation of those most critical issues. Security professionals can focus their limited resources to manage, investigate and respond faster.
Point-in-time scanning opens the door for increased attacks. According to the IDC report, “The State of Cybersecurity Maturity in Vulnerability Management Among U.S. Organizations,” 74% of organizations scan less than 85% of their IT assets when they do scan, leaving an opportunity for many vulnerabilities to go undiscovered until an attacker makes use of them. By then it is too late.
Aqua Real-Time CSPM eliminates that risk and delivers real-time visibility and risk prioritization in a single, unified platform for faster, more effective risk management. Unlike point-in-time scanning solutions, Aqua Real-Time CSPM provides a deeper layer of visibility for better context, leading to the ability to prioritize the most critical cloud security risks.
“Other CSPM solutions give you a false sense of security. Whether you scan daily or monthly, you’re only seeing a portion of the risks with a point-in-time scan. And that’s not true security,” said Jerbi.
Further data from Aqua Nautilus, Aqua’s cloud security research team, supports the need for real-time scanning. Nautilus uses an extensive honeypot network to detect and analyze over 80,000 attacks a month. Of those attacks, one in three do not leave a footprint and would be missed by point-in-time scanning solutions. Similarly, zero-day attacks are missed, whilst other standard operating procedures like ephemeral containers and transient attacks raise that number to 50%.