Container Security for Red Hat OpenShift

How Aqua Secures Container Deployments on Red Hat OpenShift

Red Hat® OpenShift is the industry’s most secure and comprehensive enterprise-grade container platform based on industry standards, Docker and Kubernetes.

As a Certified container security platform for Red Hat OpenShift, the Aqua Container Security Platform can be deployed natively with Red Hat OpenShift Container Platform, Red Hat Atomic Host and Red Hat Enterprise Linux environments — running both Linux and Windows containers — while offering image assurance, runtime controls, added protection against attacks, as well as increased visibility and compliance for containerized applications. 

Manage Risk in The Container Development Pipeline

Continuous scan the Red Hat OpenShift Registry and other CI/CD tools to verify that DevOps teams do not introduce vulnerabilities, bad configurations, and secrets into container images, and prevents unauthorized images from running in Red Hat OpenShift Container Platform environments.

Protect Applications in Runtime

Ensure that containers only do what they are supposed to do in the application context, by leveraging machine learning to whitelist normal container behavior. Get alerts on and automatically prevent policy violations around usage of host resources, role-based user access, and network activity. Defend against specific attack vectors targeting containerized applications.

Achieve Visibility and Compliance

Monitor container activity in real-time, gain full visibility and audit trail into containers deployed in Red Hat OpenShift Container Platform. Log events such access attempts, network access, running executables, privilege escalations and more, and produce reports for regulatory compliance requirements such as PCI DSS, HIPAA and GDPR.

Securely Inject Secrets into Containers

Securely inject secrets — such as passwords, keys and tokens — into containers in runtime, with no container downtime. Leverage your existing enterprise secrets stores such as HashiCorp Vault and CyberArk Enterprise Password Vault, and easily manage, rotate, and revoke secrets in containers, running only in memory with no persistent storage on disk.