Aqua Cloud Native Security Platform
By Aqua Security
Certified enterprise ready
Provides a full-stack security solution for enterprises to secure workloads on-prem or in the cloud for containerized, serverless and VM-based applications from your CI/CD pipeline in development to your production runtime environment.
About certification
Leverage granular, continuous data streams on images, containers, orchestrators, and hosts to secure the entire application lifecycle, from scanning and deployment assurance, to automated runtime controls, all using a single pane of glass. Aqua will mitigate risk, enforce immutability, and detect and block anomalies based on the application context.
Vulnerability Management
Integrate security into the CI/CD pipeline to provide image risk analysis and rapid remediation early during the build process by scanning container images for known vulnerabilities, malware, secrets, open source licenses, misconfigurations and permissions issues. Leverage out-of-the-box plug-ins with industry leading CI/CD platforms like Jenkins, Azure DevOps, CircleCI, Bamboo, GitLab, and many others.
Image Assurance
Create and enforce an image assurance policy that only allows images that adhere to security and compliance guidelines to be deployed - including vulnerabilities, embedded secrets, malware, secure configuration, and more. Aqua will encrypt container images during build to protect data and intellectual property, and block high-risk images that violate security policies from running in a production environment.
User Access Control
Define permitted commands to granularly control user access, configuring privilege definitions per container, host, cluster, application and storage volume. Allow or disallow specific user actions to enforce segregation of duties and least privilege principles, and enable Aqua to automatically detect and block unauthorized activities like log access or privilege escalations.
Secrets Management
Securely deliver encrypted secrets to runtime containers in memory, with no persistence on disk. Leverage Aqua's integrations with industry leading secrets vaults like CyberArk, HashiCorp and others to rotate, update and revoke secrets in runtime with no container downtime or restart.
Runtime Protection for Containers and VMs
Whitelist intended activity based on machine-learned behavioral profiling to ensure container and VM integrity and immutability, host and orchestrator hardening, and least-privilege enforcement on container behaviors, without sacrificing application performance and availability. Monitor activity to detect and granularly block suspicious processes in runtime.
Workload Firewall
Visualize workload network connections to automatically generate whitelist firewall rules that enforce network segmentation - blocking unauthorized connections based on orchestrator concepts (pod name and namespaces), IP/CIDR addresses, and DNS. Automatically alert on and block unauthorized communications flows with no container downtime.
Auditing and Compliance
Apply compliance best practices across your cloud environment by automating out-of-the-box runtime policies for PCI, HIPAA, NIST and GDPR, and benchmarking against CIS certified tests for Linux, Docker and Kubernetes. Leverage your SIEM tool of choice to monitor granular reporting on scan results, policy changes and secrets rotations.
Risk-Based Analysis
Leverage Aqua's Risk Explorer to see a live map of all the hosts and images running in your production environment. Risk Explorer gives you the ability to identify the namespaces and objects (representing a deployment, daemonset or job) and their respective risk levels to perform an accurate root cause investigation.
Pricing summary
Plans starting at
Fully automated deployment, scaling and lifecycle management of Aqua CSP via Aqua Security Operator.
Auto-discovery of workloads providing visibility and insights into your complete security posture.
Real-time visibility and control over the compliance posture of images, pods, nodes and clusters.
Shift left by embedding comprehensive security testing and powerful policy-driven controls early on.
Empower DevOps to fail fast and fix early, all while accelerating deployment velocity.
Policy-driven image assurance and compliance to preempt image sprawl and rogue deployment.
Enforce container immutability and perform least-privilege profiling of container behavior.
Microsegmentation via creation of dynamic firewall rules, to limit the impact of network intrusion.
Forensics auditing for security risk management and compliance integrating with your choice of SIEM.
Additional resources
Want more product information? Explore detailed information about using this product and where to find additional help.
DOCUMENTATION
Aqua Security Blog
Expert insight, best practices and advice on cloud native security, trends, threat intelligence and compliance
DOCUMENTATION
Aqua Security channel
Webinars and videos presented by leading industry experts covering Microservices, Container & Serverless security, Kubernetes, DevSecOps, and everything related to the most disruptive area in IT.
COMMUNITY
Aqua Security GitHub
Official GitHub link for Aqua Security containing over 100 repositories dedicated to full lifecycle security for containers and cloud-native applications
DOCUMENTATION
Aqua Solution Brief on Red Hat
Aqua’s comprehensive, purpose-built platform for container security provides full visibility and control over containerized environments, with tight runtime security controls and intrusion prevention capabilities, at any scale.
COMPANY INFORMATION
Aqua Cloud Native Security Platform
Visit the homepage of the software provider.
Reviews
Read what others are saying about this product in our review section.
A
Anonymous
Review source: Invitation from G2Review source: Invitation from G2(0)May 17, 2018"Container management made simple"
What do you like best?
This is an easy to use and well supported solution to container management.
What do you dislike?
There is not much to dislike for this software.
What problems are you solving with the product? What benefits have you realized?
Supporting a number of applications.