Aqua Cloud Native Application Protection Platform

OpenShift Security Posture Management

Aqua's Security Posture Management enables security and compliance teams to enforce and monitor configurations and best practices via policies as well as runtime protection for the cloud native applications orchestration layer. Enhance the security posture of your Kubernetes workloads with continuous security risk assessment, dynamic insights across clusters and guided remediation. Use Aqua’s image assurance policies to prevent the deployment of unsafe and non-compliant workloads.

Risk Based Vulnerability Management

Aqua’s vulnerability scanning and management drives focus on the most important and urgent vulnerabilities and efficient remediation in large, complex environments. Based on contextual factors like exploitability, customizable severity, and running workloads in combination with proprietary threat intelligence, Aqua’s insights helps prioritize the highest risks to your environment. Aqua integrates with CI/CD pipeline tools, including Jenkins, Azure DevOps, CircleCI, Bamboo and GitLab.

Role Based Access Control & Scoping

Aqua’s comprehensive role-based access controls (RBAC) deliver effective separation of duties (SoD) to support security and compliance initiatives for complex and multi-cloud deployments and provide the flexibility to support all deployment configurations and organizational structures. Administrators can configure hierarchies and role-based permissions based on defined scopes, down to the pod level. Limit the use default policies with embedded OPA-based, declarative assurance policies.

Runtime Protection for Containers and VMs

Aqua enables you to configure runtime controls that are applicable to all containers, functions, and VMs, permitting only legitimate behaviors and preventing several types of privilege abuse, suspicious behaviors, and attack vectors. Get alerted to configuration violations and view detailed remediation steps. Contextual-based Drift Prevention identifies changes from container’s original image and enforces container immutability at run time.

Malware & Supply Chain Attack Detection

Aqua’s Dynamic Threat Analysis (DTA) ensures that those advanced threats and malware in container images are detected before they are pushed to production. Aqua DTA helps to mitigate the risk of data theft, container use for DDoS, and resource abuse by advanced persistent threats and polymorphic malware. Analyze container behavior directly from your registries and CI pipelines and help incident response to “shift left”.

Infrastructure and Workload Assurance Policies

Aqua Kubernetes Assurance Policies allow you to evaluate specific conditions related to your workloads and check for potential unsafe security configurations, whether in your cluster, node or pod. Compatible with Open Policy Agent (OPA) and using Rego expressions, it provides out-of-the-box rules and allows you to add custom Rego rules to comply with your security requirements.

Auditing and Compliance

Apply compliance best practices across your cloud environment by automating out-of-the-box runtime policies for PCI, HIPAA, NIST and GDPR, and benchmarking against CIS certified tests for Linux, Docker and Kubernetes. Leverage your SIEM tool of choice to monitor granular reporting on scan results, policy changes and secrets rotations.

Risk Explorer

Leverage Aqua's Risk Explorer to see a live map of all the hosts and images running in your production environment. Risk Explorer gives you the ability to identify the namespaces and objects (representing a deployment, daemonset or job) and their respective risk levels to perform an accurate root cause investigation. Gain a clear view of the security posture of Kubernetes environments across clusters.