itb-nz logo
Story image

Prevasio unveils threat analysis sandbox for containers

13 Jul 2020

Prevasio today emerged from stealth with the launch of the industry’s first dynamic threat and vulnerability analysis system for Docker containers. Prevasio Analyzer allows enterprises to easily integrate, monitor, and guarantee the security posture of containerized services and applications, ensuring the readiness for production throughout their CI/CD release process. IT professionals are welcome to check for any security gaps in their container images at at no charge.

“Coming from a threat management background, we quickly realized that existing security solutions are relying only on static scans for containers. Some vendors misuse a 'dynamic scan' term. These solutions are not preventing any zero-day threats to modern cloud hosted applications,” says Prevasio CEO and cofounder Rony Moshkovich.

“Enterprises that embraced DevSecOps culture have long ago acknowledged the risks associated with Docker Containers. Until now, it was near impossible to make dynamic preventive assessment of a container before allowing it into the corporate infrastructure.”

“Prevasio's friendly SaaS self-service approach makes the prevention and CI/CD integration super easy without overburdening the end consumer’s IT and engineering teams with expensive deployments and saving on their resources to supervise uptime,” comments NTT Cybersecurity Australia national solution architect Vijay Chakravarthy.

“Released Group ventures is proud to back the first company capable of detecting stealth threats in Docker containers,” says early investor Released Group’s Nick Beaugeard.

How it works

Built as an elegant solution to a complex problem, Prevasio Analyzer provides a quick, easy and reliable way to dynamically analyse a Docker container image.

Prevasio Analyzer performs a smart detection of the tech stack and then attacks it with an automated full-scale penetration test that conforms to the cyber kill chain. The test consists of highly-tailored attacks that target the services running inside the analysed container with surgical precision. Prevasio carries out these operations in an isolated environment hosted outside the customer's infrastructure for a risk-free SaaS experience.

Prevasio Analyzer uses a proprietary Machine Learning (ML) classifier to distinguish malicious Linux executables within a container. The usage of ML allows Prevasio to detect zero day malware without using any signatures. As a result, Prevasio Analyzer is resistant to code modification techniques that are often employed by attackers to fly under the radar of signature-based detectors used by all existing container security vendors.

Prevasio lifts the bar by providing a visual graph of all system events that take place within a container. It understands the relationship between them, exposing events in such a way that the customers can effortlessly see and understand the risks. In one particular case, a visual of an unusually large number of geographically distributed hosts led the customer to a discovery of a hidden decentralized cryptocurrency mining application.

Users can sign up to Prevasio at no cost, receiving a free quota of 10 container image submissions. The generated reports are available online, in PDF, or JSON files. 

Prevasio accepts container image submissions in the form of Docker image files hosted in public or private Docker Hub, AWS, Azure, and GCP repositories. Enterprise pricing is based on deployment size. 

About Prevasio

Prevasio was founded in 2020 by a group of DevOps and threat research experts. The company aims to bridge the gap between DevSecOps and threat research, allowing IT professionals to look at containers from a vastly different perspective - through the eyes of attackers.

Download image
Strengthen the weakest link in your security chain
Globalisation. Remote working. High-turnover workforces. These factors and more add up to make increasingly dynamic workforces - and without proper management, your business could fall behind.More
Story image
Interview: Cloudera outlines the key tenets of hybrid cloud
We spoke to Cloudera A/NZ country manager Nick Hoskins about how cloud adoption is trending across A/NZ, hybrid cloud benefits and drawbacks, and data security.More
Link image
Take your CX to the next level with intelligent automation
Complete projects more quickly, generate invoices accurately and efficiently, decrease accounts receivable cycles - all while meeting the growing demands of customers.More
Story image
Location tech crucial for the future of transport and logistics, research finds
The transport and logistics sector has been hard hit by recent events, however location technologies are paving the way for post COVID-19 growth and, as a result, commercial telematics system revenue in Asia-Pacific is set to hit US$14 billion by 2025. More
Story image
Megaport grows partnership with Cloudflare to provide greater network connectivity
The Network as a Service (NaaS) provider has announced direct access to Cloudflare's global network for its customers on Megaport's global Software Defined Network (SDN). More
Link image
Nine developer enablement practices to achieve DevOps at enterprise scale
Senior software engineering leader with experience at multiple Fortune 500 companies shares how a metrics-driven mindset can dramatically improve software quality and enable DevOps at enterprise scale.More