Aqua Cloud Native Security Platform

Vulnerability Management

Integrate security into the CI/CD pipeline to provide image risk analysis and rapid remediation early during the build process by scanning container images for known vulnerabilities, malware, secrets, open source licenses, misconfigurations and permissions issues. Leverage out-of-the-box plug-ins with industry leading CI/CD platforms like Jenkins, Azure DevOps, CircleCI, Bamboo, GitLab, and many others.

Image Assurance

Create and enforce an image assurance policy that only allows images that adhere to security and compliance guidelines to be deployed - including vulnerabilities, embedded secrets, malware, secure configuration, and more. Aqua will encrypt container images during build to protect data and intellectual property, and block high-risk images that violate security policies from running in a production environment.

User Access Control

Define permitted commands to granularly control user access, configuring privilege definitions per container, host, cluster, application and storage volume. Allow or disallow specific user actions to enforce segregation of duties and least privilege principles, and enable Aqua to automatically detect and block unauthorized activities like log access or privilege escalations.

Secrets Management

Securely deliver encrypted secrets to runtime containers in memory, with no persistence on disk. Leverage Aqua's integrations with industry leading secrets vaults like CyberArk, HashiCorp and others to rotate, update and revoke secrets in runtime with no container downtime or restart.

Runtime Protection for Containers and VMs

Whitelist intended activity based on machine-learned behavioral profiling to ensure container and VM integrity and immutability, host and orchestrator hardening, and least-privilege enforcement on container behaviors, without sacrificing application performance and availability. Monitor activity to detect and granularly block suspicious processes in runtime.

Workload Firewall

Visualize workload network connections to automatically generate whitelist firewall rules that enforce network segmentation - blocking unauthorized connections based on orchestrator concepts (pod name and namespaces), IP/CIDR addresses, and DNS. Automatically alert on and block unauthorized communications flows with no container downtime.

Auditing and Compliance

Apply compliance best practices across your cloud environment by automating out-of-the-box runtime policies for PCI, HIPAA, NIST and GDPR, and benchmarking against CIS certified tests for Linux, Docker and Kubernetes. Leverage your SIEM tool of choice to monitor granular reporting on scan results, policy changes and secrets rotations.

Risk-Based Analysis

Leverage Aqua's Risk Explorer to see a live map of all the hosts and images running in your production environment. Risk Explorer gives you the ability to identify the namespaces and objects (representing a deployment, daemonset or job) and their respective risk levels to perform an accurate root cause investigation.