Cloud Native ChannelAligning to the DORA Regulations with Aqua
The webinar provides an overview of DORA regulatory framework and Aqua Security's role in meeting DORA requirements, emphasizing operational resilience in financial services and customer trust. It covers regulatory requirements, evolving threat landscape, and resilience as code frameworks by Aqua Security, along with the integration of resilience principles into IT operations. The session highlights the importance of policies in security strategy, enforcement and monitoring of security policies, and demonstrating compliance with DORA through policies. It also discusses the significance of blocking privileged containers and root users, alignment with DORA articles, and the adoption of a multilayered defense approach. The incident of a banking application container exploit is used to illustrate the impact on regulatory noncompliance and the role of drift prevention in maintaining a secure and resilient environment, showcasing the effectiveness of Aqua runtime policies in enforcing security measures and aligning seamlessly with DORA requirements.
“Compliance is only the starting point — resilience is what regulators truly expect organizations to demonstrate.”
Phil TM Pearson, Field CISO, AquaTranscript
Hello, everyone.
Thank you for joining today's webinar on how AQUA can help you meet the requirements of the Digital Operational Resilience Act or DORA.
Field CISO at Aqua Security, and I'm excited to share how our solutions can enhance your operational resilience and cybersecurity.
Let's begin with a brief overview of DORA.
DORA is a regulatory framework introduced by the European Union to strengthen the resilience of financial institutions against
ICT related disruptions. It focuses on robust ICT risk management, prompt incident reporting, regular resilience testing, and effective management of third party risks.
Aqua Security's role is to provide the necessary tools and policies to help you meet these DORA requirements.
Our runtime security policies and Kubernetes assurance controls are designed to manage risk effectively, ensure continuous operation, and enhance your overall security posture.
Key policies and controls.
In this webinar, we will cover key Aqua policies, such as blocking privileged containers, enforcing least privilege, auditing network activity, and more.
These controls are crucial for reducing vulnerabilities and ensuring compliance with DORA.
By the end of this session, you'll understand how Aqua Security not only helps you comply with DORA, but also strengthens your operational resilience and cybersecurity.
Let's get started and explore how Aqua Security can support your journey toward DORA compliance.
Operational resilience.
Now let's delve into operational resilience and why it is critical for financial services in 2024 and beyond.
Operational resilience refers to the ability of an organization to prevent, respond to, adapt, and recover from operational disruptions.
These disruptions can range from cyberattacks, technical failures, natural disasters, to any unexpected events that might affect critical business services. In the financial sector,
operational resilience is paramount. Here's why.
Customer trust and confidence, financial services are built on trust.
Customers rely on financial institutions to safeguard their ad seats and provide uninterrupted access to services.
Any disruption can erode customer confidence and damage the institution's reputation.
Regulatory requirements, regulations like DORA, emphasize the importance of operational resilience.
Financial institutions must demonstrate their ability to withstand and quickly recover from disruptions to ensure stability and compliance with regulatory standards.
Financial stability.
The financial sector is a cornerstone of the global economy. Disruptions in financial services can have far reaching impacts on economic stability.
Ensuring operational resilience helps maintain the stability of financial markets and protects the broader economy.
Evolving threat landscape.
The threat landscape is constantly evolving with sophisticated cyberattacks, increasing dependency on digital infrastructure and complex supply chains.
Financial institutions must be resilient to adapt to these emerging threats and minimize their impact.
Components of operational resilience.
To achieve operational resilience, financial institutions need to focus on several key components, identify important business services, determine which services are
critical to operations and the wider financial system.
These are the services whose disruption could cause significant harm to the institution and its customers.
Set impact tolerances establish thresholds for acceptable levels of disruption.
These impact tolerances reflect the maximum tolerable level of disruption from any operational incident.
Map and test.
Understand and map the people, processes, technology, and information supporting critical services.
Conduct scenario testing to assess the ability to operate within impact tolerances under various disruption scenarios.
Communications and governance.
Implement effective communication strategies and governance structures to maintain resilience, including clear roles and responsibilities for decision making during incidents,
learn and adapt, continuously learn from disruptions and near misses, update risk assessments and response plans based on new threats and vulnerabilities to improve resilience.
Third party risk management.
Manage risk associated with third party service providers to ensure they do not exceed the organization's impact tolerances.
This is crucial given the reliance on external ICT services and cloud providers.
Aqua plays a pivotal role in bolstering the operational resilience of financial institutions, particularly in meeting the
stringent requirements of the Digital Operational Resilience Act.
Let's delve into the specifics of how Aqua can support financial institutions in achieving compliance and enhancing the overall security posture.
Resilience as code frameworks.
Aqua's resilience as code
frameworks represent a
transformative approach to
embedding resilience directly
into the development and
deployment processes.
This method integrates
resilience principles into the
very fabric of IT operations,
ensuring that resilience
is not an afterthought,
but a core component
of system design,
codifying policies.
Aqua provides frameworks
that allow customers to their
operational resilience policies
directly into their Kubernetes
and cloud deployments.
This means that
resilience measures are automatically
applied and enforced whenever new
services or applications are deployed.
Automated enforcement.
These frameworks enable the
automated enforcement of
resilience policies,
reducing the risk of human
error and ensuring consistent
application across
all environments.
Scalability.
Resilience as code frameworks
are highly scalable,
making it easier for financial
institutions to maintain
resilience as they grow and their
IT environments become more complex.
By integrating resilience
into the code base,
financial institutions can
ensure that their systems are
designed to withstand
disruptions from the ground up.
This proactive approach is
essential for maintaining
operational continuity in
the face of evolving threats.
Enhanced incident
reporting tools.
Effective incident reporting is
a cornerstone of DORA compliance,
and Aqua Security's enhanced
incident reporting tools are
designed to streamline
this process.
These tools provide a
comprehensive solution for
detecting, logging, and
reporting related incidents.
We will go into this topic in much
more detail later in the presentation.
Real time detection.
Aqua's tools integrate with
existing monitoring solutions
to detect incidents
in real time.
This immediate detection is
critical for minimizing the
impact of disruptions,
detailed logging, aqua logs,
all relevant details
of an incident,
including the nature
of the disruption,
affected systems,
and actions taken.
This detailed logging ensures
that financial institutions
have a complete record of
incidents for auditing and
compliance purposes.
Automated reporting,
Aqua's incident reporting tools
automatically generate the
details you need to meet your
reporting obligation that meet
DORA stringent
reporting guidelines.
This automation ensures that
your reports are accurate,
consistent, and submitted
in a timely manner.
By enhancing incident
reporting capabilities,
Aqua helps financial
institutions meet regulatory
requirements and improve their overall
incident response effectiveness.
Managing third party risks
is a critical component
of operational resilience,
especially in an era where
financial institutions
increasingly rely on third
party service providers,
including cloud services.
Aqua offers comprehensive
solutions to manage these risks
effectively, including
regular scans, policy
enforcement, and
threat assessments.
Continuous monitoring.
Once third party
relationships are established,
Aqua's tools continuously
monitor these providers to
detect any changes in
their risk profile.
This ongoing vigilance helps
financial institutions stay
ahead of potential issues.
In this section, I want to take a
moment to discuss how you would align a
control to a DORA article.
For this example,
we will use a popular control
from AQA to demonstrate how you
would approach
and document this.
For the example, we need to focus on
mitigation rather than remediation.
At Aqua, we have a
critical tool that can significantly
enhance your containerized
environment security,
vulnerability
shields or v shields.
These v shields are designed to
provide a smart and efficient
way to protect against
vulnerabilities.
Let's dive into how VShields
work, their benefits, and how
they align with DORA.
So what exactly are v shields?
Think of them as
virtual patches.
Aqua's technology analyzes
vulnerabilities in your
container images and generates
these vShields to mitigate
those vulnerabilities
automatically.
They provide a quick fix,
reducing risks while permanent
solutions are being developed.
So how do VShields align
with specific DORA articles?
Firstly, we have article six,
which focuses on the risk
management framework.
DORA requires financial
institutions to have a
comprehensive and well documented
framework to manage risks.
VShields play a significant
role here by automatically
managing vulnerabilities
in your containerized
environments, creating
an effective risk
management framework.
They offer a proactive
and automated solution,
helping your organization
stay ahead of threats.
Next is article nine.
Article nine emphasizes
continuous monitoring.
Continuous monitoring is all about
keeping an eye on your
systems constantly.
VShields integrate seamlessly into
your continuous monitoring processes,
detecting and mitigating
vulnerabilities in real time.
They provide ongoing oversight and
immediate responses to vulnerabilities,
aligning perfectly with DORA's
requirements for continuous monitoring.
Moving on to article ten, which
deals with incident detection.
VShields enhance incident
detection by providing real
time alerts and detailed logs of any
attempts to exploit vulnerabilities.
This aligns perfectly with
Dura's mandate to identify
incidents promptly.
With VShields, you get real time capabilities
that ensure quick detection and response.
Then we have article eleven,
which focuses on incident
response and recovery.
VShields facilitate quick responses
to detected vulnerabilities,
allowing your institution to
mitigate risk while working
on permanent fixes.
This helps maintain operational
resilience as emphasized by
DORA. Article thirteen
deals with the resilience.
VShields contribute
significantly to this by
providing an additional layer of
security through virtual patches.
They help maintain the
integrity and availability of
your systems, ensuring
resilience as required by DORA.
Article fourteen covers the
testing of your systems.
Regular testing is essential, and
v shields can be included
in these tests to ensure they
effectively mitigate vulnerabilities.
This ensures your defenses
are robust and effective,
meeting Dura's requirements
for resilience testing.
Finally, article sixteen requires
comprehensive logging and
reporting of incidents.
VShields enhanced logging by
providing detailed records of
all actions taken to
mitigate vulnerabilities.
This supports DORA's
requirement for transparent and
accountable logging
and reporting.
In conclusion, VShields are a fantastic
tool that aligns perfectly with
Dora's requirements.
They provide immediate
risk reduction, enhance
continuous monitoring,
improve incident detection and
response, and support comprehensive
logging and reporting.
By integrating VShields
into your security strategy,
you can ensure compliance
with DORA while significantly
enhancing your
operational resilience.
Next, I'd like to shift our focus
to the critical role that policies
play within the framework
of our security strategy.
Policies are not
just guidelines.
They are the backbone of
our approach to mitigating risks
and ensuring
compliance with DORA.
In today's complex
digital landscape,
the enforcement of security
policies is paramount.
It's not enough to simply
have policies in place.
They must be actively enforced
and continuously monitored.
This enforcement is
what transforms a theoretical
framework into a practical
effective strategy for meeting
regulatory standards and
protecting our systems.
Enforcement of these policies
ensures that every aspect of
your environment adheres to best
practices and regulatory requirements.
It's about creating a security
culture that is proactive
rather than reactive,
where compliance is built into the
very fabric of your operations.
Proving adherence to these
standards is equally important.
Through comprehensive
logging, reporting,
and continuous monitoring,
we can demonstrate our
compliance to regulatory bodies.
This transparency not only helps
in meeting Dora requirements,
but also builds trust with
stakeholders and clients,
showing them that their data
and operations are secure.
In the next section,
we will delve into the
specific policies that Aqua provides and
discuss their essential role in
meeting Dora's stringent requirements.
From blocking privileged
containers and root users to
ensuring continuous monitoring
and threat detection,
these policies form the
foundation of a resilient and
secure framework,
blocking privileged
containers and root users.
We start by blocking privileged
containers and root users.
This reduces the attack surface
and prevents unauthorized
access and potential
container breakouts.
For example, blocking root users means
even if an attacker gains access,
they can't escalate their
privileges to cause more damage.
Next, we limit new privileges and
enforce a no new privileges policy.
This upholds the principle
of least privilege,
ensuring applications run
with minimal permissions.
By doing so, we reduce the risk
of privilege escalation attacks,
aligning with Dura's focus
on robust risk management and
operational resilience.
Alignment with DORA for blocking
privileged containers and root users.
Blocking privileged containers and
root users directly aligns
with article six of DORA,
which requires a comprehensive
risk management framework.
By reducing the attack surface,
these measures also support
article thirteen's focus on
protection and prevention
against related incidents.
Limiting new privileges and
enforcing no new privileges
align with article six by
ensuring a well documented risk
management framework.
These measures support Article
thirteen by minimizing risks
associated with high
privilege operations,
thereby enhancing protection
and prevention efforts.
The next selected policy covers
integrity and immutability,
only allowing registered images,
enabling image lockdown,
and drift prevention.
So to ensure software integrity,
we only allow registered images.
This prevents the deployment
of unverified or malicious images.
Additionally, enabling image lockdown
and drift prevention maintains the
immutability of
deployed containers,
ensuring that configurations
remain unchanged post deployment,
ensuring only registered images
and maintaining immutability
align with article eight,
which emphasizes protecting
the availability, authenticity,
integrity, and
confidentiality of data.
These measures also support
article eleven's requirement
for secure development
practices by ensuring only
vetted software is deployed,
continuous monitoring
and threat detection,
auditing network activity,
IP reputation checks,
and port scan protection.
Continuous monitoring is a
cornerstone of our security strategy.
We audit all network activity
providing visibility into
potential threats by logging all
incoming and outgoing network traffic.
Enabling IP reputation checks
and port scan protection
enhances threat
detection by blocking
traffic from known malicious
IPs and detecting unauthorized
scanning attempts.
Auditing network activity,
enabling IP reputation checks,
and port scan protection
align with article nine,
which mandates continuous
monitoring and detection of
anomalous activities.
These policies also support
article ten by establishing
robust detection processes for
potential threats and anomalies.
We adopt a multilayered defense
approach by combining various
security policies to prevent incidents
and limit the impact of breaches.
For instance, layers of security controls
reduce the chance of successful attacks.
In case of critical incidents,
we ensure prompt and
accurate reporting
to regulatory authorities
as required by DORA.
A multilayered defense approach
and structured incident
reporting aligned
with article eleven,
which focuses on implementing
resilient systems and tools.
These measures also support
article fourteen by ensuring
effective response and
recovery procedures
to handle incidents.
Managing third party
risk is crucial.
By only allowing
registered images,
we ensure third party software
complies with security standards.
Continuous monitoring and
enforcement of security
policies for third party
components help manage third
party risk effectively, aligning
with Dora's requirements.
Policies like only allowing
registered images ensure third
party software complies with
security standards addressing
article twenty eight's focus
on managing third party risk,
continuous monitoring and
enforcement support, article thirty,
by ensuring third party
providers of adopted services
are thoroughly monitored,
maintaining comprehensive logs
of activities and operational
events is essential for
demonstrating compliance.
Our policies ensure detailed
logging and reporting
of major incidents to competent
authorities fulfilling Dura's
mandates and supporting
transparent regulatory audits.
Aqua's policies ensure
comprehensive logging of
network activities
and security events,
aligning with article sixteen,
which requires logging of
activities and operational events.
Additionally, the capability to
log and report incidents supports
article nineteen's mandate to report
major incidents to authorities.
Preventing attacks
and misconfigurations
is vital for maintaining
operational continuity.
Our policies ensure that critical
services are not disrupted,
directly supporting Dora's
goal of ensuring continuous
operations and robust
business continuity measures.
Preventing attacks and
misconfigurations aligns with
article eleven, which focuses
on ensuring ICT systems can
withstand operational outages.
These measures also
support article thirteen by
implementing business
continuity policies that
prevent disruptions.
In summary, Aqua Security's runtime
policies provide a robust and
comprehensive security framework
for containerized environments.
By aligning with
Dora's requirements,
we help financial firms enhance
their operational resilience
and cybersecurity posture.
From risk management and
integrity to continuous
monitoring, incident response,
and third party risk management,
Our policies ensure proactive
protection and compliance,
meeting Dora's
stringent standards,
enhanced operational resilience,
and a strong cybersecurity posture
are critical for financial firms.
Aqua Security's runtime
policies ensure proactive
protection,
continuous monitoring,
and the ability to
demonstrate compliance,
making us your ideal partner
in meeting DORA regulations.
Next, let's discuss and demonstrate
the importance of enforcing the
pod security standards in
restricted mode and how Aqua's
cube enforcer plays a
crucial role in this process.
This is vital for maintaining
a secure and compliant
containerized environment.
Let's start by
discussing the scenario.
Implementing a policy to
enforce the pod security
standard in restricted mode
ensures that containers run
with minimal privileges and
adhere to security best practices.
The restricted mode in the
pod security standard includes
several key features
designed, to enhance security.
Privilege escalation is
a feature that prevents
privilege escalation by
disallowing the allow privilege
escalation setting to be true.
This means that even if
an attack against access,
they cannot elevate their
privileges to cause more harm.
Containers should only run
as with non root users.
This is a critical step.
This feature mandates that
containers do not set runners
user to zero, which would
grant root privileges.
A SECCOM profile must be
explicitly set to runtime
default or local host.
This limits the system calls
that containers can make that
reducing the attack
surface significantly.
All capabilities are
dropped by default,
and only essential capabilities
like Netbind service can be
added back if necessary.
This ensures that containers
operate with the minimum
permissions required
to function correctly.
Now let's discuss how AquaCube
Enforcer supports this framework.
AquaCube Enforcer acts as
an admission controller.
During the deployment
of containers,
it enforces the pod
security standard policies,
ensuring that all workloads
comply with the set security
standards right from the start.
By enforcing pod
security standard,
AquaCube enforcer ensures that workloads
adhere to security best practices,
significantly enhancing the
overall security posture.
This reduces the risk of
privilege escalation and other
common attack vectors.
Maintaining operational integrity
is another crucial aspect.
AquaCube enforcer prevents
unauthorized changes,
ensuring that containerized
applications run with the
intended security
configurations.
This helps in maintaining
the integrity of your deployments
and ensures that any deviation
from the defined policies is
immediately flagged
and dealt with.
In conclusion, enforcing the pod
security standard through an aqua policy
and using aqua cube enforcer
is essential for ensuring that
your containerized workloads
run with minimal privileges.
This not only enhances
security, but also maintains compliance
with industry standards and regulations.
By integrating these practices,
you can significantly reduce
the risk of security breaches
and ensure a robust, secure,
and compliant
operational environment.
Let's jump back onto our system
to show off these features.
In this part of
the demonstration,
we're gonna do a quick test,
to look at the
benefits of Secomp,
of the Secomp profile if you
configure it to meet it within
the pod security
standard of restricted.
So as you can see here in the
code that we've got spec dot
security context dot secomp
profile with the value of
runtime default.
If it's configured this way,
then you'll be able to enforce
the policy to ensure that
SecComp is actually in place.
But what exactly does that mean?
So as we've already mentioned,
SecComp is is all
about the system calls.
So the goal with specifically
with the the core principle of
least privileged
access management
is that we reduce the,
the the landscape by
preventing all of the system
calls that you simply
don't require to not run.
So in this case, if
we turn on secomp,
we should see a difference in
the amount of system calls that
are being called upon, to operate
this very simple container.
So in this case, then I'm going
to I'm going to run a script.
This script is going
to deploy a pod.
And then in that pod, it's
going to exec into it.
As you can see there, it's
gonna run the ls command.
And as you can see
through the test there,
there the total system calls
without seccomp is one hundred.
The next thing we're gonna do
is we're gonna we're currently
removing that pod.
Once that's removed,
it's now been deleted.
We're then going to
deploy a second container.
And in this container, we're
going to apply the or the
default will be seccomp
runtime default.
And what we should see is a
significant reduction in the
amount of system calls that are required
just to run the simple ls command.
So we're at hundred percent.
Okay. So it's creating
the pod. It's completed.
And as you can already see
there that the reduction in
system calls is
eighty nine percent.
If we go up just a little bit,
you can see here that we've
analyzed the system calls.
And now with the sec comp, with
the value of runtime default
turned on, you can see that
the total system calls with
SecComp is eleven.
I've even listed out
what those calls are.
And as you can see, they're
simple things like open, close.
The standard out is print to
the screen so that you can see
the results of the
ls or the output.
And they are all required for that
ls command to function correctly.
All those other system calls,
and you can see here system
calls dangerous ones,
right, like exec,
the e, ptrace, etcetera,
have been removed.
So they're no longer required,
to run that LS command
and could be used potentially,
nefariously against your firm.
Thank you.
Let's now dive into a real
world scenario that underscores
the importance of Aqua's
drift prevention capabilities.
Imagine a banking application
container configured to process
customer transactions and
manage account services.
Unfortunately, this container had a known
vulnerability in its software stack.
This vulnerability opened
the door for external access,
and a threat actor
decided to exploit it.
The sequence of the attack
started with a threat actor
using a simple curl command to
download a malicious payload
from a command and
control server.
This payload included a binary
that, once executed, granted
the attacker persistent
access to the banking system.
The situation got worse as this
persistent access was managed
by an access broker on the dark
web who sold it to multiple
other threat actors further
exploiting the system.
Let's talk about the
impact of this attack.
First, there was a significant
compromise of data integrity
and confidentiality.
The malicious binary could access and
manipulate sensitive customer data.
This is a nightmare scenario
for any financial institution.
Then came the
service disruption.
The execution of the binary
caused significant slowdowns
and disruptions in
customer transactions
and account services affecting
thousands of customers.
This isn't just an IT issue.
It's a direct hit to customer
trust and the bank's reputation.
Regulatory noncompliance was
another severe consequence.
The exploitation of the
vulnerability and unauthorized
binary execution violated
regulatory requirements,
potentially leading to hefty
fines and legal consequences.
Finally, there was
extended threat exposure.
Persistent access sold on the dark web
led to continuous and varied attacks,
exacerbating the damage and
making it extremely difficult
to contain the threat.
Under DORA, this incident would
be classified as a major incident
due to its high adverse impact
on critical financial services.
Such incidents must be reported
within specified DORA timelines.
In this case, an initial
notification within twenty four
hours, intermediate
notification within seventy two
hours, and full and final
report within a month,
ensuring that regulators are promptly
informed about the situation.
Now let's discuss how drift
prevention plays a crucial role
in such scenarios.
Aqua's drift prevention
capabilities provide proactive
detection by
identifying unauthorized
changes and
vulnerability exploitation immediately.
This means the moment there's
an anomaly, it's prevented.
Immediate response is
another key feature.
Drift prevention
automates the termination
of unauthorized processes
and alerts security teams,
ensuring swift action
to mitigate the threat.
Lastly, maintaining
compliance is critical.
By adhering
regulatory requirements,
drift prevention ensures that similar
incidents are prevented in the future,
thus maintaining a secure
and resilient environment.
This example highlights
the devastating impact of a
critical drift event and
underscores the importance of
robust drift
prevention mechanisms.
Aqua security solutions not
only help in detecting and
mitigating such threats,
but also ensure compliance
with regulatory standards like DORA,
safeguarding both your
operations and your reputation.
To highlight the
importance of this point,
let's jump into a live environment
and show these features.
For this part of
the presentation,
we're going to have a
look at drift prevention.
So as we've already
mentioned drift,
drift prevention is is all
about enforcing a policy that
would prevent a binary that
wasn't part of the original
scanned image to
execute in runtime.
This is the ultimate control for
defending against a zero day,
certainly for defending against
a live attack in production.
So to do this then,
I have to make sure that I'm
in a namespace called NGINX.
Okay.
Let's have a look to see if
we've got anything in here.
Okay.
We we already have a container
in here called engine net,
so let's remove that.
Okay. That should be now gone.
Okay.
So now what we're going to
do is we're going to deploy,
through the script here.
We're gonna deploy a
new pod with our Nginx
server on it.
Okay? That should take
just just a moment.
Okay. It should be there.
So let's clear that off.
Okay. We can see here
now that we have Nginx.
Now what we're going to
do, we're going to exec
inside our running container.
Okay. We're gonna get
a bash there. Okay.
So now we've got access and
we're actually on the inside of
the running container.
Okay.
So in order to
create a Drift event,
then we need to be able to
create and then execute a binary that
wasn't part of the original image.
Now NGINX is an
approved application,
and Aqua is happy with that,
but there's nothing
else inside of Nginx.
So, so for example,
if we run nano, which
is a code editor,
as you can see that there
is no Nano inside here.
So what we're gonna do for this
demonstration is that we're going
to go and install this application.
Okay. So now we've installed
it. Let's run Nano again.
And as you can see, we have
our code editor in the cloud.
Okay. So let me or inside
this this nano container here.
Okay.
So the next part of the presentation then is that we're gonna move over to aqua.
We're going to create a drift policy and then we're going to rerun that command there.
And the the enforcer
would prevent Nano
from being able to
execute because it again,
it wasn't part of the
original container.
It's an additional buyer that's
been executed at run time.
So right now, Aqua isn't
aware of that nano nano.
And of course we have no
policy currently that would prevent it
so it's allowed to run.
So if we go to our
runtime policies,
we're going to go over
to custom policies.
We're going to add a new
policy in container runtime.
We'll call this policy nano.
We'll give it a scope of global.
Make sure we get
it it everywhere.
We're going to reinforce.
We're going to turn
on drift prevention.
We're going to make
sure that it's enabled.
We're going to save the policy.
We're gonna go back over to
over to our code here, and
we're gonna rerun
our nano command.
And as you can clearly
see, Aqua was able to kill,
that execution.
So hopefully, you'll see that
that's a perfect demonstration that
demonstrates the power of
Aqua runtime enforcement.
Thank you.
Thank you, everyone, for joining us today.
As we conclude, I'd like to leave you with a final word on the importance of enhanced operational resilience and a strong cybersecurity posture.
Aqua's runtime policies and many other features ensure proactive protection, continuous monitoring, and the ability to demonstrate compliance with regulatory standards.
These measures are crucial for financial firms aiming to meet the stringent requirements of the Digital Operational Resilience Act while significantly enhancing their
operational resilience and cybersecurity posture in containerized environments.
To summarize, Aqua's runtime policies align seamlessly with Dora requirements,playing a critical role in safeguarding financial firms.
By integrating these policies into your security framework, you not only ensure compliance, but also build a robust defense against the myriad of cyber threats facing the financial sector today.
If you'd like to know more about how Aqua Security can support your organization, please feel free to get in touch.
Follow Aqua on various platforms, including our website, LinkedIn, and all of the social media platforms for the latest updates and insights.
We're here to help you navigate the complexities of regulatory compliance and operational resilience.
Once again, thank you for your time and attention today. It's been a pleasure discussing how Aqua can help you achieve and maintain a secure, compliant, and resilient operational environment.
I look forward to connecting
with you and exploring how we
can work together to
enhance your cybersecurity strategy.
Thank you, and have a great day.
Thank you for joining today's webinar on how AQUA can help you meet the requirements of the Digital Operational Resilience Act or DORA.
Field CISO at Aqua Security, and I'm excited to share how our solutions can enhance your operational resilience and cybersecurity.
Let's begin with a brief overview of DORA.
DORA is a regulatory framework introduced by the European Union to strengthen the resilience of financial institutions against
ICT related disruptions. It focuses on robust ICT risk management, prompt incident reporting, regular resilience testing, and effective management of third party risks.
Aqua Security's role is to provide the necessary tools and policies to help you meet these DORA requirements.
Our runtime security policies and Kubernetes assurance controls are designed to manage risk effectively, ensure continuous operation, and enhance your overall security posture.
Key policies and controls.
In this webinar, we will cover key Aqua policies, such as blocking privileged containers, enforcing least privilege, auditing network activity, and more.
These controls are crucial for reducing vulnerabilities and ensuring compliance with DORA.
By the end of this session, you'll understand how Aqua Security not only helps you comply with DORA, but also strengthens your operational resilience and cybersecurity.
Let's get started and explore how Aqua Security can support your journey toward DORA compliance.
Operational resilience.
Now let's delve into operational resilience and why it is critical for financial services in 2024 and beyond.
Operational resilience refers to the ability of an organization to prevent, respond to, adapt, and recover from operational disruptions.
These disruptions can range from cyberattacks, technical failures, natural disasters, to any unexpected events that might affect critical business services. In the financial sector,
operational resilience is paramount. Here's why.
Customer trust and confidence, financial services are built on trust.
Customers rely on financial institutions to safeguard their ad seats and provide uninterrupted access to services.
Any disruption can erode customer confidence and damage the institution's reputation.
Regulatory requirements, regulations like DORA, emphasize the importance of operational resilience.
Financial institutions must demonstrate their ability to withstand and quickly recover from disruptions to ensure stability and compliance with regulatory standards.
Financial stability.
The financial sector is a cornerstone of the global economy. Disruptions in financial services can have far reaching impacts on economic stability.
Ensuring operational resilience helps maintain the stability of financial markets and protects the broader economy.
Evolving threat landscape.
The threat landscape is constantly evolving with sophisticated cyberattacks, increasing dependency on digital infrastructure and complex supply chains.
Financial institutions must be resilient to adapt to these emerging threats and minimize their impact.
Components of operational resilience.
To achieve operational resilience, financial institutions need to focus on several key components, identify important business services, determine which services are
critical to operations and the wider financial system.
These are the services whose disruption could cause significant harm to the institution and its customers.
Set impact tolerances establish thresholds for acceptable levels of disruption.
These impact tolerances reflect the maximum tolerable level of disruption from any operational incident.
Map and test.
Understand and map the people, processes, technology, and information supporting critical services.
Conduct scenario testing to assess the ability to operate within impact tolerances under various disruption scenarios.
Communications and governance.
Implement effective communication strategies and governance structures to maintain resilience, including clear roles and responsibilities for decision making during incidents,
learn and adapt, continuously learn from disruptions and near misses, update risk assessments and response plans based on new threats and vulnerabilities to improve resilience.
Third party risk management.
Manage risk associated with third party service providers to ensure they do not exceed the organization's impact tolerances.
This is crucial given the reliance on external ICT services and cloud providers.
Aqua plays a pivotal role in bolstering the operational resilience of financial institutions, particularly in meeting the
stringent requirements of the Digital Operational Resilience Act.
Let's delve into the specifics of how Aqua can support financial institutions in achieving compliance and enhancing the overall security posture.
Resilience as code frameworks.
Aqua's resilience as code
frameworks represent a
transformative approach to
embedding resilience directly
into the development and
deployment processes.
This method integrates
resilience principles into the
very fabric of IT operations,
ensuring that resilience
is not an afterthought,
but a core component
of system design,
codifying policies.
Aqua provides frameworks
that allow customers to their
operational resilience policies
directly into their Kubernetes
and cloud deployments.
This means that
resilience measures are automatically
applied and enforced whenever new
services or applications are deployed.
Automated enforcement.
These frameworks enable the
automated enforcement of
resilience policies,
reducing the risk of human
error and ensuring consistent
application across
all environments.
Scalability.
Resilience as code frameworks
are highly scalable,
making it easier for financial
institutions to maintain
resilience as they grow and their
IT environments become more complex.
By integrating resilience
into the code base,
financial institutions can
ensure that their systems are
designed to withstand
disruptions from the ground up.
This proactive approach is
essential for maintaining
operational continuity in
the face of evolving threats.
Enhanced incident
reporting tools.
Effective incident reporting is
a cornerstone of DORA compliance,
and Aqua Security's enhanced
incident reporting tools are
designed to streamline
this process.
These tools provide a
comprehensive solution for
detecting, logging, and
reporting related incidents.
We will go into this topic in much
more detail later in the presentation.
Real time detection.
Aqua's tools integrate with
existing monitoring solutions
to detect incidents
in real time.
This immediate detection is
critical for minimizing the
impact of disruptions,
detailed logging, aqua logs,
all relevant details
of an incident,
including the nature
of the disruption,
affected systems,
and actions taken.
This detailed logging ensures
that financial institutions
have a complete record of
incidents for auditing and
compliance purposes.
Automated reporting,
Aqua's incident reporting tools
automatically generate the
details you need to meet your
reporting obligation that meet
DORA stringent
reporting guidelines.
This automation ensures that
your reports are accurate,
consistent, and submitted
in a timely manner.
By enhancing incident
reporting capabilities,
Aqua helps financial
institutions meet regulatory
requirements and improve their overall
incident response effectiveness.
Managing third party risks
is a critical component
of operational resilience,
especially in an era where
financial institutions
increasingly rely on third
party service providers,
including cloud services.
Aqua offers comprehensive
solutions to manage these risks
effectively, including
regular scans, policy
enforcement, and
threat assessments.
Continuous monitoring.
Once third party
relationships are established,
Aqua's tools continuously
monitor these providers to
detect any changes in
their risk profile.
This ongoing vigilance helps
financial institutions stay
ahead of potential issues.
In this section, I want to take a
moment to discuss how you would align a
control to a DORA article.
For this example,
we will use a popular control
from AQA to demonstrate how you
would approach
and document this.
For the example, we need to focus on
mitigation rather than remediation.
At Aqua, we have a
critical tool that can significantly
enhance your containerized
environment security,
vulnerability
shields or v shields.
These v shields are designed to
provide a smart and efficient
way to protect against
vulnerabilities.
Let's dive into how VShields
work, their benefits, and how
they align with DORA.
So what exactly are v shields?
Think of them as
virtual patches.
Aqua's technology analyzes
vulnerabilities in your
container images and generates
these vShields to mitigate
those vulnerabilities
automatically.
They provide a quick fix,
reducing risks while permanent
solutions are being developed.
So how do VShields align
with specific DORA articles?
Firstly, we have article six,
which focuses on the risk
management framework.
DORA requires financial
institutions to have a
comprehensive and well documented
framework to manage risks.
VShields play a significant
role here by automatically
managing vulnerabilities
in your containerized
environments, creating
an effective risk
management framework.
They offer a proactive
and automated solution,
helping your organization
stay ahead of threats.
Next is article nine.
Article nine emphasizes
continuous monitoring.
Continuous monitoring is all about
keeping an eye on your
systems constantly.
VShields integrate seamlessly into
your continuous monitoring processes,
detecting and mitigating
vulnerabilities in real time.
They provide ongoing oversight and
immediate responses to vulnerabilities,
aligning perfectly with DORA's
requirements for continuous monitoring.
Moving on to article ten, which
deals with incident detection.
VShields enhance incident
detection by providing real
time alerts and detailed logs of any
attempts to exploit vulnerabilities.
This aligns perfectly with
Dura's mandate to identify
incidents promptly.
With VShields, you get real time capabilities
that ensure quick detection and response.
Then we have article eleven,
which focuses on incident
response and recovery.
VShields facilitate quick responses
to detected vulnerabilities,
allowing your institution to
mitigate risk while working
on permanent fixes.
This helps maintain operational
resilience as emphasized by
DORA. Article thirteen
deals with the resilience.
VShields contribute
significantly to this by
providing an additional layer of
security through virtual patches.
They help maintain the
integrity and availability of
your systems, ensuring
resilience as required by DORA.
Article fourteen covers the
testing of your systems.
Regular testing is essential, and
v shields can be included
in these tests to ensure they
effectively mitigate vulnerabilities.
This ensures your defenses
are robust and effective,
meeting Dura's requirements
for resilience testing.
Finally, article sixteen requires
comprehensive logging and
reporting of incidents.
VShields enhanced logging by
providing detailed records of
all actions taken to
mitigate vulnerabilities.
This supports DORA's
requirement for transparent and
accountable logging
and reporting.
In conclusion, VShields are a fantastic
tool that aligns perfectly with
Dora's requirements.
They provide immediate
risk reduction, enhance
continuous monitoring,
improve incident detection and
response, and support comprehensive
logging and reporting.
By integrating VShields
into your security strategy,
you can ensure compliance
with DORA while significantly
enhancing your
operational resilience.
Next, I'd like to shift our focus
to the critical role that policies
play within the framework
of our security strategy.
Policies are not
just guidelines.
They are the backbone of
our approach to mitigating risks
and ensuring
compliance with DORA.
In today's complex
digital landscape,
the enforcement of security
policies is paramount.
It's not enough to simply
have policies in place.
They must be actively enforced
and continuously monitored.
This enforcement is
what transforms a theoretical
framework into a practical
effective strategy for meeting
regulatory standards and
protecting our systems.
Enforcement of these policies
ensures that every aspect of
your environment adheres to best
practices and regulatory requirements.
It's about creating a security
culture that is proactive
rather than reactive,
where compliance is built into the
very fabric of your operations.
Proving adherence to these
standards is equally important.
Through comprehensive
logging, reporting,
and continuous monitoring,
we can demonstrate our
compliance to regulatory bodies.
This transparency not only helps
in meeting Dora requirements,
but also builds trust with
stakeholders and clients,
showing them that their data
and operations are secure.
In the next section,
we will delve into the
specific policies that Aqua provides and
discuss their essential role in
meeting Dora's stringent requirements.
From blocking privileged
containers and root users to
ensuring continuous monitoring
and threat detection,
these policies form the
foundation of a resilient and
secure framework,
blocking privileged
containers and root users.
We start by blocking privileged
containers and root users.
This reduces the attack surface
and prevents unauthorized
access and potential
container breakouts.
For example, blocking root users means
even if an attacker gains access,
they can't escalate their
privileges to cause more damage.
Next, we limit new privileges and
enforce a no new privileges policy.
This upholds the principle
of least privilege,
ensuring applications run
with minimal permissions.
By doing so, we reduce the risk
of privilege escalation attacks,
aligning with Dura's focus
on robust risk management and
operational resilience.
Alignment with DORA for blocking
privileged containers and root users.
Blocking privileged containers and
root users directly aligns
with article six of DORA,
which requires a comprehensive
risk management framework.
By reducing the attack surface,
these measures also support
article thirteen's focus on
protection and prevention
against related incidents.
Limiting new privileges and
enforcing no new privileges
align with article six by
ensuring a well documented risk
management framework.
These measures support Article
thirteen by minimizing risks
associated with high
privilege operations,
thereby enhancing protection
and prevention efforts.
The next selected policy covers
integrity and immutability,
only allowing registered images,
enabling image lockdown,
and drift prevention.
So to ensure software integrity,
we only allow registered images.
This prevents the deployment
of unverified or malicious images.
Additionally, enabling image lockdown
and drift prevention maintains the
immutability of
deployed containers,
ensuring that configurations
remain unchanged post deployment,
ensuring only registered images
and maintaining immutability
align with article eight,
which emphasizes protecting
the availability, authenticity,
integrity, and
confidentiality of data.
These measures also support
article eleven's requirement
for secure development
practices by ensuring only
vetted software is deployed,
continuous monitoring
and threat detection,
auditing network activity,
IP reputation checks,
and port scan protection.
Continuous monitoring is a
cornerstone of our security strategy.
We audit all network activity
providing visibility into
potential threats by logging all
incoming and outgoing network traffic.
Enabling IP reputation checks
and port scan protection
enhances threat
detection by blocking
traffic from known malicious
IPs and detecting unauthorized
scanning attempts.
Auditing network activity,
enabling IP reputation checks,
and port scan protection
align with article nine,
which mandates continuous
monitoring and detection of
anomalous activities.
These policies also support
article ten by establishing
robust detection processes for
potential threats and anomalies.
We adopt a multilayered defense
approach by combining various
security policies to prevent incidents
and limit the impact of breaches.
For instance, layers of security controls
reduce the chance of successful attacks.
In case of critical incidents,
we ensure prompt and
accurate reporting
to regulatory authorities
as required by DORA.
A multilayered defense approach
and structured incident
reporting aligned
with article eleven,
which focuses on implementing
resilient systems and tools.
These measures also support
article fourteen by ensuring
effective response and
recovery procedures
to handle incidents.
Managing third party
risk is crucial.
By only allowing
registered images,
we ensure third party software
complies with security standards.
Continuous monitoring and
enforcement of security
policies for third party
components help manage third
party risk effectively, aligning
with Dora's requirements.
Policies like only allowing
registered images ensure third
party software complies with
security standards addressing
article twenty eight's focus
on managing third party risk,
continuous monitoring and
enforcement support, article thirty,
by ensuring third party
providers of adopted services
are thoroughly monitored,
maintaining comprehensive logs
of activities and operational
events is essential for
demonstrating compliance.
Our policies ensure detailed
logging and reporting
of major incidents to competent
authorities fulfilling Dura's
mandates and supporting
transparent regulatory audits.
Aqua's policies ensure
comprehensive logging of
network activities
and security events,
aligning with article sixteen,
which requires logging of
activities and operational events.
Additionally, the capability to
log and report incidents supports
article nineteen's mandate to report
major incidents to authorities.
Preventing attacks
and misconfigurations
is vital for maintaining
operational continuity.
Our policies ensure that critical
services are not disrupted,
directly supporting Dora's
goal of ensuring continuous
operations and robust
business continuity measures.
Preventing attacks and
misconfigurations aligns with
article eleven, which focuses
on ensuring ICT systems can
withstand operational outages.
These measures also
support article thirteen by
implementing business
continuity policies that
prevent disruptions.
In summary, Aqua Security's runtime
policies provide a robust and
comprehensive security framework
for containerized environments.
By aligning with
Dora's requirements,
we help financial firms enhance
their operational resilience
and cybersecurity posture.
From risk management and
integrity to continuous
monitoring, incident response,
and third party risk management,
Our policies ensure proactive
protection and compliance,
meeting Dora's
stringent standards,
enhanced operational resilience,
and a strong cybersecurity posture
are critical for financial firms.
Aqua Security's runtime
policies ensure proactive
protection,
continuous monitoring,
and the ability to
demonstrate compliance,
making us your ideal partner
in meeting DORA regulations.
Next, let's discuss and demonstrate
the importance of enforcing the
pod security standards in
restricted mode and how Aqua's
cube enforcer plays a
crucial role in this process.
This is vital for maintaining
a secure and compliant
containerized environment.
Let's start by
discussing the scenario.
Implementing a policy to
enforce the pod security
standard in restricted mode
ensures that containers run
with minimal privileges and
adhere to security best practices.
The restricted mode in the
pod security standard includes
several key features
designed, to enhance security.
Privilege escalation is
a feature that prevents
privilege escalation by
disallowing the allow privilege
escalation setting to be true.
This means that even if
an attack against access,
they cannot elevate their
privileges to cause more harm.
Containers should only run
as with non root users.
This is a critical step.
This feature mandates that
containers do not set runners
user to zero, which would
grant root privileges.
A SECCOM profile must be
explicitly set to runtime
default or local host.
This limits the system calls
that containers can make that
reducing the attack
surface significantly.
All capabilities are
dropped by default,
and only essential capabilities
like Netbind service can be
added back if necessary.
This ensures that containers
operate with the minimum
permissions required
to function correctly.
Now let's discuss how AquaCube
Enforcer supports this framework.
AquaCube Enforcer acts as
an admission controller.
During the deployment
of containers,
it enforces the pod
security standard policies,
ensuring that all workloads
comply with the set security
standards right from the start.
By enforcing pod
security standard,
AquaCube enforcer ensures that workloads
adhere to security best practices,
significantly enhancing the
overall security posture.
This reduces the risk of
privilege escalation and other
common attack vectors.
Maintaining operational integrity
is another crucial aspect.
AquaCube enforcer prevents
unauthorized changes,
ensuring that containerized
applications run with the
intended security
configurations.
This helps in maintaining
the integrity of your deployments
and ensures that any deviation
from the defined policies is
immediately flagged
and dealt with.
In conclusion, enforcing the pod
security standard through an aqua policy
and using aqua cube enforcer
is essential for ensuring that
your containerized workloads
run with minimal privileges.
This not only enhances
security, but also maintains compliance
with industry standards and regulations.
By integrating these practices,
you can significantly reduce
the risk of security breaches
and ensure a robust, secure,
and compliant
operational environment.
Let's jump back onto our system
to show off these features.
In this part of
the demonstration,
we're gonna do a quick test,
to look at the
benefits of Secomp,
of the Secomp profile if you
configure it to meet it within
the pod security
standard of restricted.
So as you can see here in the
code that we've got spec dot
security context dot secomp
profile with the value of
runtime default.
If it's configured this way,
then you'll be able to enforce
the policy to ensure that
SecComp is actually in place.
But what exactly does that mean?
So as we've already mentioned,
SecComp is is all
about the system calls.
So the goal with specifically
with the the core principle of
least privileged
access management
is that we reduce the,
the the landscape by
preventing all of the system
calls that you simply
don't require to not run.
So in this case, if
we turn on secomp,
we should see a difference in
the amount of system calls that
are being called upon, to operate
this very simple container.
So in this case, then I'm going
to I'm going to run a script.
This script is going
to deploy a pod.
And then in that pod, it's
going to exec into it.
As you can see there, it's
gonna run the ls command.
And as you can see
through the test there,
there the total system calls
without seccomp is one hundred.
The next thing we're gonna do
is we're gonna we're currently
removing that pod.
Once that's removed,
it's now been deleted.
We're then going to
deploy a second container.
And in this container, we're
going to apply the or the
default will be seccomp
runtime default.
And what we should see is a
significant reduction in the
amount of system calls that are required
just to run the simple ls command.
So we're at hundred percent.
Okay. So it's creating
the pod. It's completed.
And as you can already see
there that the reduction in
system calls is
eighty nine percent.
If we go up just a little bit,
you can see here that we've
analyzed the system calls.
And now with the sec comp, with
the value of runtime default
turned on, you can see that
the total system calls with
SecComp is eleven.
I've even listed out
what those calls are.
And as you can see, they're
simple things like open, close.
The standard out is print to
the screen so that you can see
the results of the
ls or the output.
And they are all required for that
ls command to function correctly.
All those other system calls,
and you can see here system
calls dangerous ones,
right, like exec,
the e, ptrace, etcetera,
have been removed.
So they're no longer required,
to run that LS command
and could be used potentially,
nefariously against your firm.
Thank you.
Let's now dive into a real
world scenario that underscores
the importance of Aqua's
drift prevention capabilities.
Imagine a banking application
container configured to process
customer transactions and
manage account services.
Unfortunately, this container had a known
vulnerability in its software stack.
This vulnerability opened
the door for external access,
and a threat actor
decided to exploit it.
The sequence of the attack
started with a threat actor
using a simple curl command to
download a malicious payload
from a command and
control server.
This payload included a binary
that, once executed, granted
the attacker persistent
access to the banking system.
The situation got worse as this
persistent access was managed
by an access broker on the dark
web who sold it to multiple
other threat actors further
exploiting the system.
Let's talk about the
impact of this attack.
First, there was a significant
compromise of data integrity
and confidentiality.
The malicious binary could access and
manipulate sensitive customer data.
This is a nightmare scenario
for any financial institution.
Then came the
service disruption.
The execution of the binary
caused significant slowdowns
and disruptions in
customer transactions
and account services affecting
thousands of customers.
This isn't just an IT issue.
It's a direct hit to customer
trust and the bank's reputation.
Regulatory noncompliance was
another severe consequence.
The exploitation of the
vulnerability and unauthorized
binary execution violated
regulatory requirements,
potentially leading to hefty
fines and legal consequences.
Finally, there was
extended threat exposure.
Persistent access sold on the dark web
led to continuous and varied attacks,
exacerbating the damage and
making it extremely difficult
to contain the threat.
Under DORA, this incident would
be classified as a major incident
due to its high adverse impact
on critical financial services.
Such incidents must be reported
within specified DORA timelines.
In this case, an initial
notification within twenty four
hours, intermediate
notification within seventy two
hours, and full and final
report within a month,
ensuring that regulators are promptly
informed about the situation.
Now let's discuss how drift
prevention plays a crucial role
in such scenarios.
Aqua's drift prevention
capabilities provide proactive
detection by
identifying unauthorized
changes and
vulnerability exploitation immediately.
This means the moment there's
an anomaly, it's prevented.
Immediate response is
another key feature.
Drift prevention
automates the termination
of unauthorized processes
and alerts security teams,
ensuring swift action
to mitigate the threat.
Lastly, maintaining
compliance is critical.
By adhering
regulatory requirements,
drift prevention ensures that similar
incidents are prevented in the future,
thus maintaining a secure
and resilient environment.
This example highlights
the devastating impact of a
critical drift event and
underscores the importance of
robust drift
prevention mechanisms.
Aqua security solutions not
only help in detecting and
mitigating such threats,
but also ensure compliance
with regulatory standards like DORA,
safeguarding both your
operations and your reputation.
To highlight the
importance of this point,
let's jump into a live environment
and show these features.
For this part of
the presentation,
we're going to have a
look at drift prevention.
So as we've already
mentioned drift,
drift prevention is is all
about enforcing a policy that
would prevent a binary that
wasn't part of the original
scanned image to
execute in runtime.
This is the ultimate control for
defending against a zero day,
certainly for defending against
a live attack in production.
So to do this then,
I have to make sure that I'm
in a namespace called NGINX.
Okay.
Let's have a look to see if
we've got anything in here.
Okay.
We we already have a container
in here called engine net,
so let's remove that.
Okay. That should be now gone.
Okay.
So now what we're going to
do is we're going to deploy,
through the script here.
We're gonna deploy a
new pod with our Nginx
server on it.
Okay? That should take
just just a moment.
Okay. It should be there.
So let's clear that off.
Okay. We can see here
now that we have Nginx.
Now what we're going to
do, we're going to exec
inside our running container.
Okay. We're gonna get
a bash there. Okay.
So now we've got access and
we're actually on the inside of
the running container.
Okay.
So in order to
create a Drift event,
then we need to be able to
create and then execute a binary that
wasn't part of the original image.
Now NGINX is an
approved application,
and Aqua is happy with that,
but there's nothing
else inside of Nginx.
So, so for example,
if we run nano, which
is a code editor,
as you can see that there
is no Nano inside here.
So what we're gonna do for this
demonstration is that we're going
to go and install this application.
Okay. So now we've installed
it. Let's run Nano again.
And as you can see, we have
our code editor in the cloud.
Okay. So let me or inside
this this nano container here.
Okay.
So the next part of the presentation then is that we're gonna move over to aqua.
We're going to create a drift policy and then we're going to rerun that command there.
And the the enforcer
would prevent Nano
from being able to
execute because it again,
it wasn't part of the
original container.
It's an additional buyer that's
been executed at run time.
So right now, Aqua isn't
aware of that nano nano.
And of course we have no
policy currently that would prevent it
so it's allowed to run.
So if we go to our
runtime policies,
we're going to go over
to custom policies.
We're going to add a new
policy in container runtime.
We'll call this policy nano.
We'll give it a scope of global.
Make sure we get
it it everywhere.
We're going to reinforce.
We're going to turn
on drift prevention.
We're going to make
sure that it's enabled.
We're going to save the policy.
We're gonna go back over to
over to our code here, and
we're gonna rerun
our nano command.
And as you can clearly
see, Aqua was able to kill,
that execution.
So hopefully, you'll see that
that's a perfect demonstration that
demonstrates the power of
Aqua runtime enforcement.
Thank you.
Thank you, everyone, for joining us today.
As we conclude, I'd like to leave you with a final word on the importance of enhanced operational resilience and a strong cybersecurity posture.
Aqua's runtime policies and many other features ensure proactive protection, continuous monitoring, and the ability to demonstrate compliance with regulatory standards.
These measures are crucial for financial firms aiming to meet the stringent requirements of the Digital Operational Resilience Act while significantly enhancing their
operational resilience and cybersecurity posture in containerized environments.
To summarize, Aqua's runtime policies align seamlessly with Dora requirements,playing a critical role in safeguarding financial firms.
By integrating these policies into your security framework, you not only ensure compliance, but also build a robust defense against the myriad of cyber threats facing the financial sector today.
If you'd like to know more about how Aqua Security can support your organization, please feel free to get in touch.
Follow Aqua on various platforms, including our website, LinkedIn, and all of the social media platforms for the latest updates and insights.
We're here to help you navigate the complexities of regulatory compliance and operational resilience.
Once again, thank you for your time and attention today. It's been a pleasure discussing how Aqua can help you achieve and maintain a secure, compliant, and resilient operational environment.
I look forward to connecting
with you and exploring how we
can work together to
enhance your cybersecurity strategy.
Thank you, and have a great day.
Watch Next
