Aqua provides end-to-end security for applications running on Docker Enterprise Edition or Community Edition, protecting the DevOps pipeline and production workloads in runtime with full visibility and control.
With Aqua, you can protect your Docker applications running on either Linux (docker or containerd runtimes) or Windows, with powerful image assurance, container immutability and least-privilege enforcement, and container firewall.
Integrate security controls into your DevOps pipeline
Scan images within your CI tools, registries, and on Docker hosts to find and fix issues early, going beyond vulnerabilities to hard-coded secrets, bad image configuration, and malware.
Protect Docker applications at runtime, in real time
Control the deployment of trusted images, enforce container immutability, and automatically learn and enforce least-privilege behavior to detect and prevent suspicious activity and attacks.
Apply enterprise-grade security to your Docker environment
Use Aqua's highly automated and customizable security policies to govern multi-tenant, multi-cloud and multi-orchestrator deployments, from development to production.
Aqua scans images for vulnerabilities, malware, embedded secrets, configuration issues and OSS licensing, allowing you to create custom policies that determine which images will be allowed to run on your Docker hosts. Based on a constantly updated data stream, Aqua's vulnerabilities database is aggregated from multiple sources, and consolidated to ensure that only the most up-to-date data is included, increasing accuracy and reducing false positives and negligible CVEs.
Aqua provides multiple layers of security to protect Docker applications at runtime: enforcing container immutability and preventing changes to running containers, enforcing least-privileges using a machine-learned behavioral profile, isolating the container from the host by creating custom seccomp profiles, and controlling network connections with a container firewall.
Aqua securely delivers secrets to containers at runtime, encrypted in transit and at rest, loading them in memory with no persistence on disk, where they are only visible to the container that needs them. Integrate with your existing enterprise vault, such as Hashicorp, CyberArk, AWS KMS or Azure Vault. Unlike other secrets solutions, you can transparently update, revoke, and rotate secrets without restarting containers.
Run compliance checks of your Kubernetes environment according to the CIS Docker Benchmark (in addition to Docker K8s Benchmark), that includes more than 100 individual checks to ascertain the environment's security posture. Aqua provides daily scans and a detailed report with the findings.
Container Firewall for Docker
Enforce container-level network rules with Aqua's container firewall - visualize network connection, automatically map legitimate connections, and create rules based on application services. Only whitelisted connections will be permitted, both within a Swarm or Kubernetes cluster, as well as between clusters.
Granular Security Events Auditing
Aqua provides a detailed event stream of all Docker-related commands, such as start/stop of containers, user ID changes, and container security policy violations. This data can easily be transferred to a cloud monitoring, log management or SIEM tool of your choice, such as Splunk, ArcSight, Datadog or Sumologic.
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and accelerate their digital transformations. The Aqua Platform is the leading Cloud Native Application Protection Platform (CNAPP) and provides prevention, detection, and response automation across the entire application lifecycle to secure the supply chain, secure cloud infrastructure and secure running workloads wherever they are deployed. Aqua customers are among the world’s largest enterprises in financial services, software, media, manufacturing and retail, with implementations across a broad range of cloud providers and modern technology stacks spanning containers, serverless functions and cloud VMs.