Prevasio unveils threat analysis sandbox for containers
FYI, this story is more than a year old
Prevasio today emerged from stealth with the launch of the industry’s first dynamic threat and vulnerability analysis system for Docker containers. Prevasio Analyzer allows enterprises to easily integrate, monitor, and guarantee the security posture of containerized services and applications, ensuring the readiness for production throughout their CI/CD release process. IT professionals are welcome to check for any security gaps in their container images at prevasio.com at no charge.
“Coming from a threat management background, we quickly realized that existing security solutions are relying only on static scans for containers. Some vendors misuse a 'dynamic scan' term. These solutions are not preventing any zero-day threats to modern cloud hosted applications,” says Prevasio CEO and cofounder Rony Moshkovich.
“Enterprises that embraced DevSecOps culture have long ago acknowledged the risks associated with Docker Containers. Until now, it was near impossible to make dynamic preventive assessment of a container before allowing it into the corporate infrastructure.”
“Prevasio's friendly SaaS self-service approach makes the prevention and CI/CD integration super easy without overburdening the end consumer’s IT and engineering teams with expensive deployments and saving on their resources to supervise uptime,” comments NTT Cybersecurity Australia national solution architect Vijay Chakravarthy.
“Released Group ventures is proud to back the first company capable of detecting stealth threats in Docker containers,” says early investor Released Group’s Nick Beaugeard.
How it works
Built as an elegant solution to a complex problem, Prevasio Analyzer provides a quick, easy and reliable way to dynamically analyse a Docker container image.
Prevasio Analyzer performs a smart detection of the tech stack and then attacks it with an automated full-scale penetration test that conforms to the cyber kill chain. The test consists of highly-tailored attacks that target the services running inside the analysed container with surgical precision. Prevasio carries out these operations in an isolated environment hosted outside the customer's infrastructure for a risk-free SaaS experience.
Prevasio Analyzer uses a proprietary Machine Learning (ML) classifier to distinguish malicious Linux executables within a container. The usage of ML allows Prevasio to detect zero day malware without using any signatures. As a result, Prevasio Analyzer is resistant to code modification techniques that are often employed by attackers to fly under the radar of signature-based detectors used by all existing container security vendors.
Prevasio lifts the bar by providing a visual graph of all system events that take place within a container. It understands the relationship between them, exposing events in such a way that the customers can effortlessly see and understand the risks. In one particular case, a visual of an unusually large number of geographically distributed hosts led the customer to a discovery of a hidden decentralized cryptocurrency mining application.
Users can sign up to Prevasio at no cost, receiving a free quota of 10 container image submissions. The generated reports are available online, in PDF, or JSON files.
Prevasio accepts container image submissions in the form of Docker image files hosted in public or private Docker Hub, AWS, Azure, and GCP repositories. Enterprise pricing is based on deployment size.
Prevasio was founded in 2020 by a group of DevOps and threat research experts. The company aims to bridge the gap between DevSecOps and threat research, allowing IT professionals to look at containers from a vastly different perspective - through the eyes of attackers.