Chat with us, powered by LiveChat

Aqua Container Security Platform

Full lifecycle security for containers and cloud-native applications, from your CI/CD pipeline to runtime production environments.
Aqua runs on-prem or in the cloud, at any scale.

Leverages Containers to Improve Security

We secure applications before they are deployed, enforcing container immutability, and easily detecting and blocking anomalies based on the application context.

Designed for Scale
and Performance

We built our platform for the growing needs of the world's largest enterprises. It can scan thousands of images daily, and protect clusters with thousands of nodes, with minimal performance impact.

Built for Multi-Tenant Environments

Manage multiple team deployments or multiple customer tenancies using from a central console. Maintain separation of data and access, ensuring complete isolation between tenants.

Secure Once, Run Anywhere

Wherever you run your cloud-native applications, Aqua integrates with your choice of infrastructure to deliver comprehensive security and compliance.
Architecture: how Aqua fits into your existing environment

Hover over parts of the diagram for more information

aqua v3 architecture diagram 31 export
Vulnerability Management
Aqua scans container images and serverless functions for known vulnerabilities, embedded secrets, configuration and permission issues, malware and open-source licensing. Based on a constantly updated stream of aggregate sources (CVEs, vendor advisories, and proprietary research), we ensure up-to-date, broad coverage while minimizing false positives that often occur when using only a single source.
Any of the parameters can be used to create custom image assurance policies that prevent images from being built, progress in the CI pipeline, or run in your environment.
Runtime Protection
Aqua prevents untrusted images from running, and ensures that containers remain immutable, preventing any changes to running containers compared with their originating images.
You can monitor and control container activity in real time, based on custom policies and machine-learned behavioral profiles. Alert on or block suspicious activities and processes without killing or pausing containers, ensuring business continuity or your critical applications.
Secrets Management
Aqua securely delivers secrets to containers at runtime, encrypted in transit and at rest, loading them in memory with no persistence on disk, where they are only visible to the container that needs them. Integrate with your existing enterprise vault, such as Hashicorp, CyberArk, AWS KMS or Azure Vault, and transparently update, revoke, and rotate secrets with no need to restart containers. We also give you visibility into which secrets are being used, and in which running containers.
Embedded CI/CD Scanning
Aqua provides native plug-ins as well as a CLI tool that automate image scanning within CI tools such as Jenkins, Bamboo, Azure DevOps or TeamCity. As a step in the image build, developers can view scanning results and suggested mitigation from within a familiar environment. Security teams can this to prevent images that violate policy from being built and ensure that dev teams have the information they need to secure images early on.
Container Firewall
Aqua limits the "blast radius" of attacks by limiting container networking to defined nano-segments based on application context. Automatically discover container network connections and get suggested contextual firewall rules that whitelist legitimate connections. Block or alert on unauthorized network activity.
The Aqua container firewall works seamlessly with popular network plugins such as Weave or Flannel, and with service meshes such as Istio.
Compliance & Auditing
Aqua makes it easy to prove compliance with regulations such as PCI-DSS and HIPAA, as well as to adhere to best practices from NIST and CIS, with out-of-the-box default policies. We help you ensure that your clusters, nodes, containers and functions are properly hardened and monitored, and provide granular event logging for everything from login attempts, to secrets use, to container start/stop events, to policy violations.
Aqua integrates with many log analysis and SIEM tools, such as Splunk, ArcSight, LogRhythm and others, to enable you to manage auditing centrally.
Platform Integrations
Aqua integrates into your existing infrastructure, making it easy to manage DevSecOps collaboration, event monitoring, logging and reporting, and incident response. With dozens of pre-built integrations, you can share alerts through Slack, open vulnerability tickets in Jira, send event data to Splunk or ArcSight, or monitor with DataDog or SumoLogic, as well as many others.
With full REST API access, we can easily integrate with additional systems.