Layered, Full Lifecycle Cloud Native Security Platform

Securing containerized, serverless and VM-based applications, from CI/CD pipelines to production runtime environments.
Runs on-prem or in the cloud, at any scale.

Leverages Modern SDLC to Improve Security

We secure applications before they are deployed, mitigating risk, enforcing immutability and easily detecting and blocking anomalies based on the application context.

Designed for Scale
and Performance

We built our platform for the growing needs of the world's largest enterprises. It can scan thousands of images daily, and protect clusters with thousands of nodes, with minimal performance impact.

Built for Multi-Tenant Environments

Manage multiple team deployments or multiple customer tenancies using a central console. Maintain separation of data and access, ensuring complete isolation between tenants.

Secure Once, Run Anywhere

Wherever you run your cloud-native applications, Aqua integrates with your choice of infrastructure to deliver comprehensive security and compliance.
Cloud Native security architecture: How Aqua fits into your environment

Hover over parts of the diagram for more information

Cloud VM Security and Compliance
Automate the security of VMs in your private, public and hybrid cloud environments, using a policy-driven approach with single-pane-of-glass visibility across containers, serverless, and VM-based workloads. Scan VMs for vulnerabilities and malware, apply File Integrity Monitoring (FIM), track user activity, and prevent VM configuration drift.
Learn about VM Security ›
Vulnerability Management
Aqua scans VMs, container images and serverless functions for known vulnerabilities, embedded secrets, configuration and permission issues, malware and open-source licensing. Based on a constantly updated stream of aggregate sources (CVEs, vendor advisories, and proprietary research), we ensure up-to-date, broad coverage while minimizing false positives that often occur when using only a single source.
Any of the parameters can be used to create custom image assurance policies that prevent artifacts from being built, progressed in the CI pipeline, or run in production.
Runtime Protection
Aqua prevents untrusted code from running, and ensures that VMs, containers and functions remain immutable, preventing any changes to running workloads compared with their originating images.
You can monitor and control activity in real time, based on custom policies and machine-learned behavioral profiles. Alert on or block suspicious activities and processes without killing or pausing workloads, ensuring business continuity for your critical applications.
Secrets Management
Aqua securely delivers secrets to containers at runtime, encrypted in transit and at rest, loading them in memory with no persistence on disk, where they are only visible to the container that needs them. Integrate with your existing enterprise vault, such as HashiCorp, CyberArk, AWS KMS or Azure Vault, and transparently update, revoke, and rotate secrets with no need to restart containers. We also give you visibility into which secrets are being used, and in which running containers.
Aqua's integration with Vaults ›
Embedded CI/CD Scanning
Aqua provides native plug-ins as well as a CLI tool that automate image scanning within CI tools such as Jenkins, Bamboo, Azure DevOps or TeamCity. As a step in the image build, developers can view scanning results and suggested mitigation from within a familiar environment. Security teams can use this to prevent artifacts that violate policy from being built and ensure that dev teams have the information they need to secure images early on.
Dynamic Analysis of Container Images
“Shift left” attack prevention by automatically scan container images in your registries and CI/CD pipelines for hidden malware by dynamically analyzing their behavior in a secure sandbox. Discover sophisticated malware hidden in open source packages and 3rd party images, preventing attacks on your container-based applications, including credential theft, cryptocurrency mining, and data exfiltration.
More about Dynamic Container Analysis ›
Workloads Firewall
Aqua limits the "blast radius" of attacks by limiting VM, container, and serverless function networking to defined nano-segments based on application context. Automatically discover network connections and get suggested contextual firewall rules that whitelist legitimate connections based on service identity, URLs or IPs. Block or alert on unauthorized network activity.
The Aqua workloads firewall works seamlessly with popular network plugins such as Weave or Flannel, and with service meshes such as Istio.
Compliance & Auditing
Aqua makes it easy to prove compliance with regulations such as PCI-DSS and HIPAA, as well as to adhere to best practices from NIST and CIS, with out-of-the-box default policies. We help you ensure that your clusters, VMs, nodes, containers and functions are properly hardened and monitored, and provide granular event logging for everything from login attempts, to secrets use, to container start/stop events, to policy violations.
Aqua integrates with many log analysis and SIEM tools, such as Splunk, ArcSight, LogRhythm and others, to enable you to manage auditing centrally.
More on Compliance and Auditing ›
Platform Integrations
Aqua integrates into your existing infrastructure, making it easy to manage DevSecOps collaboration, event monitoring, logging and reporting, and incident response. With dozens of pre-built integrations, you can share alerts through Slack, open vulnerability tickets in Jira, send event data to Splunk, QRadar or ArcSight, or monitor with Datadog or Sumo Logic, as well as many others.
With full REST API access, we can easily integrate with additional systems.