Aqua's Dynamic Threat Analysis, also referred to as DTA, complements Vulnerability Scanning to detect unknown and evasive threats. DTA is an industry-first container sandboxing solution, it runs the container images in an isolated/protected environment that monitors behavioral patterns and detects Indicators Of Compromise (IOC) such as container escapes, malware, crypto miners, code injection backdoors, network anomalies, and more.

What is Included in Dynamic Threat Analysis

Aqua DTA scans designated images directly from your registries. Once an image scan is initiated Aqua DTA runs and analyzes the image for several minutes and displays the analysis results, determining the potential risk level that the image presents if allowed to run in an open, networked environment.


Key capabilities:

  • Native integration with Amazon Elastic Container Registry
  • Auto-discovery of all container repositories used in your AWS account
  • DTA scans for newly built container images
  • Detect suspected behavioral patterns
  • Classification of detected behaviors into categories of the MITRE ATT@CK framework
  • Map Suspicious Network Activity
  • Detailed, Actionable Data on Anomalous Container Behavior


When Should Aqua DTA be Used?

In addition to static scanning of images for malware, vulnerabilities, and other issues, we recommend using Aqua DTA to address the following use cases:

  • Approve public images and their open source packages
    Scan and whitelist public container images and their open source packages as part of the security controls in your software development life cycle (SDLC)


  • Approve ISVs' third-party images
    Scan third-party images from independent software vendors (ISV) before introducing them into the organization. Since the provenance of 3rd party images is often hard to prove, such images might represent unknown risks


  • Pre-production security gate
    Scan release candidate images before being promoted to production from your release registry, as an extra precaution, especially as pertains to sensitive or critical applications


  • Analysis and research
    Scan specific images to quickly analyze and understand their runtime behavior, for example, to understand resource usage anomalies or after a suspected incident as a measure of forensics


Keep Reading