Aqua 3.0 Delivers Runtime Security for “Zero Infrastructure” Container-as-a-Service Environments

Aqua Security’s patent-pending MicroEnforcer™ technology protects containers from within, reducing the dependency on a host environment

Boston, MA – March 7, 2018 – Aqua Security, the market-leading platform provider for securing container-based and cloud-native applications across their entire lifecycle, today announced the availability of version 3.0 of its platform, featuring a new, patent-pending technology that provides runtime security controls for applications running in a public cloud container-as-a-service (CaaS) environment where the user does not manage VM instances or hosts.

The new release also introduces more than 120 additional features, extending the capabilities of the company’s end-to-end container security platform to address the requirements of today’s multi-platform enterprise customers, from securing the build pipeline and enabling DevSecOps, to runtime protection of production workloads. Aqua 3.0 also introduces extensive new Kubernetes-native controls that leverage recent releases of the popular orchestration software – see separate announcement here.

Last year, several new cloud-based services were launched, which enable users to run containers on demand, without requiring provisioning or management of VM instances. Examples include Azure Container Instances and AWS Fargate. From a security standpoint, approaches that rely on host-level controls to secure the runtime environment are not effective for these environments, since the host is no longer a visible, manageable entity.

Aqua’s new patent-pending MicroEnforcer technology solves this by inserting security controls into the container early in its development lifecycle. As the container image is built, the MicroEnforcer is embedded into it in a way that later allows it to monitor and control instantiated containers, including the ability to prevent specific unauthorized container activities.

“There’s no doubt that containers are becoming easier to use and more pervasive, and while certain aspects of the technology stack are consolidating, options for deployment are becoming more varied and more flexible.” Said Amir Jerbi, Co-Founder and CTO at Aqua Security. “Cloud-native apps present an opportunity to provide much more granular security controls and apply them uniformly regardless of where the application runs, and this has been one of our key benefits to enterprises when moving workloads to hybrid cloud environments”.

Aqua MicroEnforcer secures containers wherever they run:

  • It identifies malicious activity, such as access to unauthorized networks or attempts to inject code into the container, and prevents these attempts at runtime;
  • It securely injects secrets into containers that are authorized to use them at runtime, leveraging existing enterprise secrets stores
  • All alerts generated by MicroEnforcer are sent to the Aqua Command Center, which in turn can send them to integrated SIEM and analytics tools.

How Aqua MicroEnforcer works:

  • MicroEnforcer is added into the container image during build;
  • The secured image is saved to a private or public registry;
  • When the image is run in a CaaS environment, the container operates under the constraints of the image runtime policy, and reports events back to the Aqua Command Center.

Aqua’s MicroEnforcer augments Aqua’s existing Enforcer “sidecar” container that provides security controls on containers running on defined hosts (VMs or bare metal servers running Linux or Windows 2016). The two mechanisms – Enforcer and MicroEnforcer – complement each other, allowing Aqua customers to manage deployments across multiple cloud technologies from a single console.

Aqua’s platform is used by dozens of Global 1000 customers, providing the most comprehensive full-lifecycle solution for securing container-based and cloud-native applications, running on-prem or in the cloud, and supporting both Linux and Windows runtime environments. The Aqua platform drives DevSecOps automation, and provides visibility and runtime protection for cloud-native workloads, including both host-level and network-level controls.

Aqua 3.0 is generally available now. For additional information: