Alright. Let's go ahead and get started. We have so much content to cover with you all today, and we have thirty minutes to do it. So welcome again to the aqua cloud security webinar.

I am Erin. I'm joined here today with By Farhan, and we are going to walk you through aqua security.

If you all have been following us, you know that this is the third part of the three part series. So A few weeks ago, we talked to you about the aqua platform covering dev and cloud a few weeks before after that. My, colleague Cassandra walked you through the dev portion of our portfolio. And today, I'm here to talk to you about cloud.

So Apple cloud security is a full stack cloud security solution.

It combines infrastructure and cloud workflow protections for provide you full visibility into your cloud environment and pinpoint your most critical cloud risks. And really unlike other cloud security tools, Aapo solution, our aqua solution focuses on your entire life cycle. So it really tightly integrates the tools that you need to protect both your cloud workloads and your infrastructure from security risks and cyber attacks. So let's get started. I'm going to give us just a brief overview, and then Farhan is going to jump into the demo.

So one of the things that we at Aqua have really been keeping a falls on is how the cloud security market is changing and growing. And really, this evolution that's needed to meet the demanding needs of security practitioner just like you. Right? We need more than just, you know, partial visibility of agentless solutions.

We need deeper real time insight into what's going on across our workloads, across our infrastructure.

And with that real time insight with that real time context, we can better prioritize, you know, what's the most important risks in my cloud environment and remediate them as necessary.

But as we're starting to see, again, as we're talking to industry analysts, sort of this evolution that's happening in cloud security, the combination of CSPM Solutions and CWPP solutions really on this convergence path. And as you see that, stat there from Gartner, by twenty twenty five, which is really, you know, less than eighteen months away at this point, sixty percent of organizations will started to converge these solutions into a single solution.

We know how important vendor consolidation and optimization is for many of you. Especially given the micro macroeconomic climate. And so what we're really starting to see and what we'll talk about today is cloud security is evolving to really meet these needs and this convergence path that some of these solutions are on.

So before I hand it over to Farhana, I just wanted to highlight some of the pieces of the aqua cloud security portfolio that we will be talking about today.

So the first is APOS Cloud Workload Protection solution.

So this is a multilayer protection for cloud workload regardless of where they run.

And really unlike traditional tools, aqua CWPP is an integrated and it's designed specifically for the cloud. So you may be considering other solutions that have, you know, evolved from traditional endpoint security.

So there are limitations of that in those that we'll talk about and show in the demo, but the aqua CWP solution was designed in the cloud and for the cloud.

And the protection policies that Farhan will share with you are informed by real world cyber security research. From in the wild threats and analysis, from aqua's team nautilus.

So instead of going off of, you know, previous learn behaviors and solely rely relying on AI, this is real in the wild threats that are being analyzed, this behavioral detection component of the aqua CWPP solution, really offers that true cloud native detection and response. And it's giving security professionals like you that complete visibility into your running production workloads and providing you the tools necessary to identify, prioritize, and stop known attacks that are running in those workloads. So a little highlight of, aqua's cloud workload protection solution With that, we also offer our real time CSPM. So for those who have been following up over the past six months, you may be familiar with our latest evolution of our CSPM solution, and that's aqua real time CSPM.

And what aqua real time CSPM is doing is it's giving you the complete view of your real time cloud security risks. It's surfacing the most critical issues so that you can focus on what matters that slide that I shared with you when we first started, this evolution path. Right? CSPM Solutions mean more than just baseline visibility this configuration checks. Our aqua real time CSP solution, it helps you to accurately identify those cloud risks and pinpoint threats that may evade agentless detection.

And so what it's giving you is this really rich context based insights and these actual remediation so that you can recover faster.

Really what it's providing you is more effective cloud security management, cloud risk management because instead of just doing those, you know, twenty four hour checks twenty four hour scan, it's going to level deeper. It's providing you with the prioritized list of security risk and vulnerabilities And actually, if again, if you joined us for our platform webinar session a few weeks ago, you know that it actually can go all the way back and trace those vulnerabilities those risks back to the code. So, again, a little highlight on real time CSPM.

And then lastly is our Kubernetes security posture management. So making those same capabilities from our CSPM solution and providing it and, allowing for a holistic solution that ensures ongoing security and compliance for your Kubernetes infrastructure.

This is something that aqua is well known for.

Again, expanding on our, CSPM functionality to focus on your pay eight clusters to minimize the attack surface, prevent any administrative errors, you know, protect against potential attack vectors, and it really leverages and extends the native Kubernetes capabilities enabling security and compliance teams to enforce these policies and to secure the configuration.

So really what, again, it's extending the CSPM functionalities to the complexity that is that we know for Kubernetes, and it really empowers organizations to identify and remediate those risks through these continuous security assessments and, of course, providing that remediation advice, so that you can help and then ensure protection for these complex systems.

So a little highlight of what the aqua cloud security portfolio looks like Farhan is gonna show all of this to you in-depth. So I'm gonna turn it over to him for our cloud security demo. Farhan over to you.

Thank you, Aaron.

Let me go ahead and get my screen shared with everybody here.

Alright.

Looks like, you can see my screen here.

Awesome. Alright. Hi, everyone. So I'll try to give you a brief glimpse of the aqua platform, but focusing specifically on the cloud security portion.

So here, you can see you know, aqua has different modules since aqua has a scene app solution. We work all the way from core to cloud and back. But in this session, we're gonna be focusing on primarily the features aqua provides for the cloud security section. So we'll start off by looking at the aqua hub where All this information actually aggregates together, and we're able to provide detailed information across your, whole cloud environment.

In the main dashboard, as you can see, this highlights some of the things that we look at. We look at your cloud accounts, repos, you know, different workloads and your cloud resources.

How does that work?

We quickly onboard onboarding the dock was pretty straightforward. We support all the major cloud providers.

You onboard your cloud accounts. And what happens is as with this auto discovery feature that we've added, we're we're able to not only just onboard and start looking for CSM related stop. We can start scanning your cloud workloads as well to our agentless scanning. That is the first step without having to deploy an agent. We call it cloud workloads scanning. And what that lets us do is very quickly, lets us start building an inventory of your cloud environment where you're able to see based on different cloud resources that we've discovered across your whole environment.

We are able to detect stuff based on, you know, risk and highlight some of the things that you'll be able to see in your inventory.

This is a first start, obviously, with our quotes, real time PM capabilities, we move one step further with, having, a EVPF based sensors deployed in your environment that provide real time protection. So in this example, let's say if we're looking at, the approach with combining CSPM and workloads together helps identify things a lot faster, what's happening in your environment in real time, essentially.

So if you look at this VM, for instance, if I open this here, you can not only are we able to look at specific risks associated with that particular work in terms of vulnerabilities and any sensitive data there. We're also able to look at if that particular VM or that workload is exposed to their Internet. So if we are having issues where we're finding any vulnerabilities, that can be remotely exploited. And then if we find issues, you know, in terms of internet exposures, that becomes the elevated threat level, and that's where we kind of combine those connect those dots for you and provide you more insights into, you know, hey, this probably is a potentially a bigger issue than your standard, you know, finding a vulnerability in your environment.

So we are we we actively utilize the information that we have to help prioritize what's happening in your environment. And, again, you can filter along these inventories based on specific criteria that you need, looking for specific resources or risks.

Second thing that we can do with acquire, as we scan your environment, we're able to compare your cloud security posture with different inbuilt compliance programs that come prebuilt with aqua.

And we compare how compliant, you are to those industry compliance frameworks.

In addition to those, you can actually build your own compliance frameworks and using the different controls and plugins in aqua for different cloud providers. You can map those to your liking and see how compliant you are. And going into the detail, it takes you to that particular CSPM section, it gives you exact details of where you're failing and what results were passed.

Alright. Now there are things we're able to do with Akwa is we're able to, excuse me, as, that's Oh, see me out here.

The next thing we're able to do with aqua is, again, we're trying to give you an overall picture of what's happening in your environment. Right? For those that have set up side of things.

We're able to I don't know what's the just give me one second, guys. I think I may be having network glitch here.

So, basically, what we'll be able to do is we have this analytics report that we've curated for you guys that explain different areas of your cloud environment. So in this example, we're talking about cloud misconfigurations.

So we'll have that report come up, which will have details about all the different cloud misconfigurations across, you know, focusing on the CSPM portion. Kinda like giving you an executive summary of what's going on. And it'll be very interactive. You can drill down on to looking at only failures. You can make it interactive and focus on specific type of failures that you're focusing on, and you can export these results out. Similarly, we have a report for container vulnerabilities. That's focusing on what's happening in your runtime environment and what kind of risks are present there your current front time environment that you can kind of filter it and look at it based on, exactly how, you know, to narrow it down to your specific custom example.

I do see a question in the chat or Oh, yes. No. Sorry. Aaron was there. I was just gonna bring it up. Yeah. We'll try to add that take those questions, right, at the end of the demo or at the end of the presentation.

Next thing I wanted to highlight with our solution, again, is focusing on ability to help prioritize and make it easier for you to highlight, like, kind of separate the music from the noise, trying to highlight things that need more there are of higher critical importance than anything else. In this example, like I said, we provide these insights that help us narrow down or focus on which India's would look at first. We'd looked at this example earlier. You know, spring four shell vulnerability founds.

Found in your, you know, current running workloads, but we have it's exposed to the internet, all of that. Two things combined from the CSP section, and from, runtime section, make it an elevated risk level. Similarly, talking about what, you know, we identified vulnerable vulnerabilities in your running workloads. How do we, you know, how do we figure out what to fix first?

Right? We found out fifty thousand or a hundred thousand vulnerabilities in your containers.

This with aqua risk based insight, again, we try to help prioritize and help their teams figure out what issues to fix first. We're using this slider. As you can see, out of the hundred thousand vulnerabilities, I probably need to focus on these forty four first because all of these have a remote exploit running on them or or expert available, and they are currently running in my environment. This workloads are running.

And, you know, these are the ones that can be potentially dangerous for us. So and if I click upon it, it will actually tell me details around what if there's a possible fix for it, what package version to use, any information regarding the details around this check. And then if there's an exploit publicly available, we'll highlight that And then one of the latest integrations we've added in Akwa about is the open AI integration where we actually provide a little prompt which tells you how to go about in doing that upgrades for you. And the next gen of this is we're gonna make it environment specific where instead of giving you general information, it'll provide the exact information of what's how to go about and fixing it in your environment.

So we provide a lot of information around that piece, for your running workloads.

Similarly, on the Kubernetes side, we run expensive checks on your environment. Kubernetes environments, make sure, you know, you're not having, any any exposure there, open APIs that can be exposed, we run our cube hunter test on it, we run, our Uber net E CIS benchmarks on your environment and have detailed results based on, you know, individual checks and any failures or past warnings information available there. So you can drill down into each of these issues pretty quickly.

So how is all of this, you know, this is all telling you about, you know, how to go about and finding out issues in your environment. But the next part comes about first part was discovery. Next part is how about setting up some, you know, ground rules on what's considered good, what's allowed, you know, setting up those acceptance dates. You can do that with Akwa using our assurance policies, and we have assurance policies for different functions, whether it's for are underlying hosts that are running your workloads or your images, container images themselves, or if you have container, you know, Kubernetes assurance policies too.

So if you look at container image controls, assurance policies, you can see we have a host of controls that we can enable to look at container images, And if we find that some of these controls are not being met by or checks are not being, you know, the the image is not compliant to some of these checks, We can mark that image as non compliant, or similarly, we can mark that image, you know, Kubernetes resource is non compliant. What that helps us do is On the run time side, we can set up policies because our call is a policy driven tool all across the board. We can set up policies, on the run time side where actually we could block things from doing any activities at run time.

So this is kinda like that hand in hand you know, set up where we set up those rules. If anything doesn't meet them, aqua can block that from running in your environment. Here's an example of our out of the box default run time controls that are quick to set up. They are looking for container drift, file less execution, that's one of the more important things.

Your traditional CSPM tooling doesn't really cover, you know, they're doing snapshot or agent less scanning, they're not able to catch any of these in memory attacks that may be happening in your environment, whereas with Akwa, we're able with our real time CSPM solution. We can catch those in memory attacks or file less execution or any any threats that may be happening in in real time. In addition to also monitoring the behavior of your applications for catching any of those unknown attacks that may happen. You know, our research team Northwest has a host of controls that and map, different checks that it map to based on the micro attack framework and then checks your behavior of your application in runtime to ensure, well, if there's anything going on there, we can did not only detect.

And the next step is, you know, once you've kinda detected stuff, you can set up custom policies where you can go in and start blocking those events from happening in your environment.

Similarly, we'll have the same thing for your underlying host in your assured runtime policies and your Kubernetes cluster where anything that's non compliant or not being scanned by aqua will not be allowed to run.

And then what that lets us do is, again, as we are able to detect and, you know, put find any incidents and potentially block those incidents happening in your environment. We start, you know, building that, you know, you know, cloud native detection and response academy into our system. And under our incidents tab, we're actually able to look at everything that's happening in your environment in real time and actually block it down all the way right when it's happening, catch it, and we'll have full details on, you know, in this example, file as execution detected, we grabbed all the detail, and this is one of the behavioral attacks that was happening.

It was, happening in memory. If we go look at the full incident for your audit teams, will grab will have exact details of each host, what, you know, where it was running. And if you go into the timeline, it actually provides you, like, attack path that was taken and the timeline of exactly, hey, new executable was dropped in memory. There were some drift happening in your container, and then finally, file less execution happen.

And you could get full view, you know, raw data for your, you know, audit or, you know, you know, incident response teams to go look at exact details of what happened for that incident. And the next level is if you enable the blocking controls, this file less execution would be blocked. So this attack wouldn't happen, basically.

And then similarly, the last step is, okay, so now you're able to block things. You're able to view things. You're able to block things. Then now you wanna do what do you do?

You know, you wanna take action against any attack or anything that's happening and automate your sort of, your process of, incident response. With for that, you can use our response policies where you can go set up a policy you can scope it out to look at the whole item, or the whole platform or environment or just scope it out to something very specific, a repo, a workload, or a cluster. And then set up the trigger, either utilize a specific type of insight that you're looking for, whether based on a specific scan result, or if you wanna take an incident response, you can pay, hey, incidents, any incident with critical severity that you predefined what those are.

You can pick that. And then do that action around, you know, what do you wanna do? Do you wanna open a Jira ticket? Do you wanna do a teams message?

Sending the logs over this plan. If you have a ServiceNow integration, which, again, one of the feature, Larkwa has is that native integration with all the major there's a difference that was, alerting mechanisms. We can push that data to support, you know, service now type is set up. So we have that incident response capabilities.

So tying it all back. I just wanna leave leave you guys with this image here. This is This is essentially Akwa's cloud security model where you have this running container.

This talking about, you know, not only the static vulnerabilities that are risks that we found in your environment on that running container, and then we're able to not only that in this case, it's showing detection, but we also do protection of any live in memory attacks or any container drift. Anything that's happening, we can catch at it real time and block it in real time. And then that's where the power of synapse comes in where we're able to tie all of this back because Akwa is a CNA solution, all the way back to the left side, you know, which code repo this image came from and potentially what change their developer made that may have caused us to get to this level where we have this attacks happening. And all of this information is available within a singular platform with detailed information about resources all the way down the supply chain, which exact commit that was made by the developer that may have caused the problem.

Alright. This was a very quick overview of aqua, and I'll hand it back to her right now.

Great. Thanks, Arhan. And as you guys may be familiar with the code to cloud, and that is really the value of the Apple platform being able to connect everything from code all the way through cloud. So, and Sherry, while you're sharing, you can see my free environment?

Yep. Okay. Awesome. So just to wrap up, again, Aqua provides a full stack cloud security solution. And it's really as you can see from Parhan's demo, provide security teams like you all with that complete visibility into your security, cloud security posture, we're prioritizing the most critical risks as you saw in the demo, and, of course, providing the tools necessary to stop zero day attacks and the most sophisticated attacks in real time with our run time policies.

So just as a wrap up, we wanna talk a little bit about some of the value that you as security practitioners gain from the aqua platform and then, of course, aqua cloud security And the first is this full visibility, this complete visibility.

And so the agentless component, the agentless scanning component is a piece that Farhan showed to you all today, and that provides you with the quick visibility into your workloads. Right? It's identifying your risk posture, but it's only detecting some not all of the misconfigurations on all of the vulnerabilities.

And as we know, as Farhan mentioned, cloud native attacks are happening in seconds they're happening across environments. They're designed to evade agentless detection. They're, you know, targeting in memory. They're fileless attacks.

And so this real time visibility of, again, your CSPM solution with your CWPP component combining this to give you that complete view of exactly what's going on in your environment. It's using the behavioral detection components of a cloud workload protection solution. It's using the capabilities of runtime. Right?

We're not only just identifying these threats. You know, that's piece that's part one. Kinda go back to our our two by two, the CS is just one piece. The ability then to stop it.

The ability to do this in all a single platform is very important.

So the first real capability to that real benefit to all of you of the cloud security portfolio from aqua is really the ability to see, to have that visibility that you may not see with a single solution.

And once you have visibility, you can better reduce risks. And by analyzing risks in context, so not by just, you know, aqua doesn't only just deliver better scan results. Right? We're also detecting the presence of these vulnerabilities.

And unlike other solutions, we can identify, you know, what actually is exploitable in them. So where an attacker is going to go. And again, having this deeper detection helps you better prioritize because it allows you to better see what's going on and better reduce risks. And then a really important part that often gets left out is our Kubernetes components, right, and making sure those configurations meet the security best practices.

These predefined guidelines, again, something very complex and maybe still very new to a lot of you, making sure that you can secure your Kubernetes configuration posture. You know, we are one of the very few solutions who offer this dedicated solution to securing Kubernetes.

And again, as we mentioned in our demo, right, cloud workload protection that was built for the cloud in the cloud, it's not repurposing EDR functionality.

And so it's really important to not only observe what's happening in your running workloads, but the ability to automatically block and restrict unapproved activity. You know, again, across environments, across running containers, across VMs, across serverless functions, you know, across your Kubernetes across your platform as a service, all of that, which Farhan showed in his demo earlier, and being able to set up those policies, you know, that helps us to save time. And so if we're focused on, you know, what important. Right? If we go back to the prioritization, if we go back to the screens that Parhan showed, if we're focused on what's important, and we're not spending our time, you know, and our precious resources chasing low priority findings. If we have these smarter insights, then we're enabling that that driver mediation.

And if we go a level deeper and we're able to access this forensic level insight, we can see that detailed outline of the attack process so that we can understand what really needs to happen. We can go back to our incident response teams and say, this is the attack in progress. These are the steps that it took, and this is what we need to do to remediate.

And one of the things that you may not be familiar with from aqua is if you ago, we announced our AI, remediation capabilities.

So not only just using, you know, built in guidance from our team nautilus team that we mentioned earlier in our in house expert of threat researchers, but also using AI to help save time and help remediate even faster. So again, new capabilities that are coming from aqua to help you better protect your cloud name environments, but also save time and remediate faster.

And so just to wrap us up, you know, conquering cloud security is is a big feat. Right? And so Afwa provides us with that unified view. Right? We talked about the visibility.

We talked about the insights so that you can, you know, more quickly and efficiently remediate your security issues. And drive down risk, which is really what we all wanna do at the end of the day. But what's most important is that this is all delivered again you've been joining us for the three part of this series, all of this is delivered by one tightly integrated platform.

So, again, we can extend those capabilities if we dying issues in cloud, you know, in that last screen that Farhan showed, we can trace it all the way back to the code repositories.

We can identify owners we can identify the developers and we can remediate these issues faster.

And by better, more efficiently reducing your attack surface, right, and reducing risk. You're saving costs. You're ensuring better communication between your teams. You report more accurately to auditors, you know, big component that we showed in the demo we didn't touch on too heavily in this presentation is compliance. And so the the time it takes to, you know, put compliance reports together, you know, you can do that more accurately. You can save time, but most importantly, you can improve your organization's cloud native security posture with APA.

So with that, I think we were actually right on the thirty minute mark of of a content. So if anybody has any questions, I think we may have had two or three in the chat. That's probably all we have time for, but we can take a look.

Yep.

And then some of it, we may have to take a and I and one of the two questions I saw, I think we make it we can probably take it offline too. To discuss in exact details, but I'll answer. I'll take the one from Michael first. Is it possible to acquire the solution and have your own talk team?

Absolutely. The idea with Akwa is enabling your teams across the board. You know, because aqua is a senior solution, you can utilize it. The devs integrated to the dev side where devs can use it.

It's integrated into their tools so they can work with it. You know, sec ops teams or, you know, the the the soc teams, you can utilize aqua's product.

To find get the findings and utilize it for helping you prioritize issues and use it the way you want. So aqua can, as a senior platform, can work with different personas across your whole enterprise, whether it's focusing on just security side, operation side, or the dev side, So that's that.

And then, of course, if you wanna have further discussions, feel free to head us up. We'll be able to answer any specifics on that particular piece. And then detailed questions on, Jebez or, I don't know how I I'm how hopeful I'm pronouncing it, connect. His question. So Akwa's SaaS tenants. Typically, each client's tenant is totally isolated from each other. Each one is separate.

We from a data perspective, We do not store any client data onto our environment. We only store metadata about your scan results. So all our TBS and everything are just for that particular tenant, and that's unrestricted only the the users have access even we don't have access to it. And then, of course, we have some definitely have on our data, security protection side. We comply to different SOC reports and some Salk compliance or different frameworks, we'll be happy to share all of that information with you. And then if there is a breach with our system within our systems, we will be there, excuse me, there are, different SLAs set up for it where we'll be able to immediately inform you if that happens. Again, happy to discuss all of that in detail, feel free to hit us up and we'll be able to provide extensive compliance details around our security as well as more information around our SaaS.

Tenant security as well.

Great. Thank you, Farhan. Thank you, everyone, for joining. I know this was a A short thirty minutes of the aqua platform and the aqua cloud security portfolio. Thank you so much for joining, and we look forward to seeing you on our next webinar.

Thank you, everyone.