Prioritize immediate risks in your cloud production environment
Recently added Intezer Protect features for reducing the likelihood of an attack have a unique runtime component. Here is what makes configuration checks and vulnerability assessment for installed packages so useful.
Note: Scanning for vulnerabilities is typically done in pre-runtime before new code is deployed to production. Risk reduction programs like these are vital. But they also have shortcomings. Even when a vulnerability or misconfiguration is found, there is no guarantee that it will be fixed in time before an attacker exploits it. On top of this, unknown vulnerabilities and backdoors in the supply chain can lead to malicious or unauthorized code being executed in runtime.
Runtime threat detection and response is an essential last line of defense for your application workloads. Research and advisory firm Gartner mentions that as cloud-native security shifts left, workloads are often deployed without adequate runtime protection. When you get attacked, you must be able to detect it.
In addition to Intezer’s award-winning threat detection and response capabilities, these features will help you reduce the attack surface by shoring up the basics.
- Prioritize active vulnerable packages: This is running, therefore you should address it first. Intezer monitors for vulnerable packages at runtime, not when they are installed on the host. Vulnerable packages not running still pose a risk since they can easily run. But as long as they are not running, active packages should be prioritized first. Each CVE links to its dedicated NVD (National Vulnerability Database) page for additional information and remediation. Check out our docs to see how it works.
- Scan for misconfigurations within your host or other levels: Doki is a Linux backdoor residing in a non-malicious container image. It relies on a misconfigured Docker API to curl a malicious payload. Intezer Protect alerts on misconfigurations and detects malicious code execution should it run successfully.
- Root Cause Analysis: If an attack has occurred, you have visibility into the infection vector to correlate how it happened. Instantly know how you got attacked in the process tree. Intezer also provides instructions for fixing the vulnerability and securing the host.
Many great cloud security tools focus on hardening and fixing vulnerabilities but they lack adequate threat detection. Intezer Protect not only reduces the likelihood of an attack but also continuously monitors at runtime to ensure that if an attacker has breached your defense, you can respond quickly and effectively.
Safeguard your compute resources and meet compliance for CIS checks, SOC 2, and more. Try Intezer Protect for free on up to 10 hosts. You can also test our lab environment, hosted on AWS, without having to set up your own playground. Built-in attack scenarios let you exploit vulnerabilities and infect with malware.