vShield: Control Known Vulnerabilities Detected in Container Images

Automatically Detect and Prevent Attacks Targeting Known Vulnerabilities in Containers

It’s one thing to know you have vulnerabilities, it’s another to know whether any exploit attempts were made on those vulnerabilities.  Known vulnerabilities (CVEs) are often found in container images in large numbers, and it’s not always easy, quick, or at all possible to fix them.  That’s where our form of “virtual patching” comes in, acting as a shield against exploitation of the vulnerabilities. 

Learn about this new capability that uses automated vulnerability and component analysis, combined with expert security research, to generate runtime policies that can detect and block access to vulnerable components in containers.

We’ll show you a non-intrusive way to prioritize the patching of vulnerabilities, allowing you to:

• Fix the vulnerability without any developer intervention of code change
• Efficiently prioritize patching while buying time to patch the lower priority vulnerabilities since they are being monitored/blocked
• Apply a runtime policy to monitor access to resources (files, executables, etc.) that would be used to exploit a specific vulnerability

Presented by: 
Omer Benedict
Sr. Director of Product Management at Aqua