Full Lifecycle Security for Azure Container Workloads
Protect your pipeline on Azure DevOps, and protect your applications running on AKS, ACI and Windows Containers
The Aqua platform works seamlessly on Azure Container Service, integrating with Azure Container Registry (ACR), Azure Container Instances (ACI), and on both Docker and Windows container formats. In addition, Aqua provides a native plug-in for Azure DevOps (formerly VSTS), enabling developers to automate security testing into their CI/CD pipeline.
Automated full-stack security for Azure AKS
Provide zero-configuration security for AKS deployments from development to production, enforcing consistent security policy and least privileges principle across the board.
Protect containers running on Azure Container Instances (ACI)
Aqua MicroEnforcer injects security controls into containers, making it possible to monitor and enforce policy in this serverless environments.
Protect Azure Functions
Assess the risk of Azure Functions by discovering vulnerabilities and sensitive data in function’s code and its environment variables. Prevent execution of functions that violate your organization’s security policy.
Cloud Security Posture Management (CSPM)
Ensure that your Azure accounts and services are configured according to best practices, including the CIS Foundation Benchmark for Azure. Continuously scan hundreds of settings for risks and monitor events for anomalies. Automatically create and retain compliance reports for PCI, HIPAA and more.
Cloud VM Security and Compliance
Protect workloads running on Azure Virtual Machine instances and ensure they are properly hardened. Scan for vulnerabilities and malware, apply File Integrity Monitoring (FIM), check configuration against the CIS Benchmark for Linux, and monitor user access and activity. Create command-level audit trail for compliance and forensics.
Automate Security in the CI/CD Pipeline
Automated security into your CI/CD pipeline, including Aqua native plug-in for Azure DevOps (formerly Visual Studio Team Services), to prevent the introduction of vulnerabilities, bad configurations, or secrets into container images. Aqua continuously monitors Azure Container Registry (ACR) to ensure that no new vulnerabilities are present in stored images.
Get Aqua Scanner from the Visual Studio Marketplace to scan images and functions directly in Azure DevOps
Runtime Protection
Aqua works seamlessly with Azure AKS and Azure Container Instances (ACI) to prevent unvetted containers from running. It automatically learns container behavior and ensures that containers only do what they are supposed to do in the application context. It detects and prevents activities that violate policy, defending against container-specific attacks.
Serverless Function Risk Assessment and Mitigation
Continuously scan Azure functions to ensure that developers don’t introduce vulnerabilities into function code, or leave sensitive data (keys and tokens) unencrypted in code or in environment variables. Define security policies for Azure Functions and alert on or prevent the execution of functions that violate policy.
Secrets Management
Leverage Azure Key Vault and other secrets store to securely deploy secrets, such as passwords, keys and tokens – into containers in runtime. Aqua makes it easy to manage, rotate, and revoke secrets in containers with no downtime, running only in memory without persistence on disk.
Visibility for Compliance and Forensics
Aqua integrates with 3rd party analytics and SIEM tools including Microsoft OMS to provide single pane-of-glass visibility into security and compliance-related events, with a granular audit trail of container activities.
”We strive to make the Azure Container Service as secure as possible, and empower our customers to use best practices and advanced 3rd party solutions with zero friction. We’re thrilled to partner with Aqua to make this possible for image security in ACR.”
Steve Lasker
Principal Program Manager at Microsoft
Principal Program Manager at Microsoft