Container Security for Google Cloud – GKE, GCR

Aqua Secures The Entire Container Lifecycle on Google Cloud Platform

Google Kubernetes Engine (GKE) is a production-ready environment, managed by Google, to run containerized applications at scale. Launched in 2015, GKE is one of the most reliable, efficient, and secure way to run Kubernetes clusters.

The Aqua platform works seamlessly on Google Cloud Platform, integrating with its container services as well as with Google’s Cloud Security Command Center to deliver container-level alerts that help security teams gather data, identify threats, and act on them before they result in business damage or loss. 

Image Vulnerability Scanning & Assurance

Prevent unauthorized images from running in your GKE environment. Continuously scan images stored in Google Container Registry (GCR) to ensure that DevOps teams do not introduce vulnerabilities, bad configurations, malware, or secrets into container images. Get actionable recommendations for remediation of security issues.

Runtime Protection

Aqua works seamlessly with Google Kubernetes Engine (GKE) to prevent unvetted containers from running, and prevent approved containers from performing unauthorized actions. It automatically learns container behavior and ensures that containers only do what they are supposed to do in the application context. It detects and prevents activities that violate policy, defending against container-specific attacks.

Secrets Management

Leverage 3rd party vaults including HashiCorp Vault and CyberArk EPV to securely deploy secrets (passwords, keys and tokens) to containers in runtime. Aqua makes it easy to manage, rotate, and revoke secrets in containers with no downtime, running only in memory without persistence on disk.

Visibility for Compliance and Security

Aqua integrates with 3rd party SIEM and security management tools including Google’s Cloud Security Command Center to provide single pane-of-glass visibility into security and compliance-related events, and policy management for container security monitoring and policy violation detection.