Aqua provides end-to-end security for applications running on Docker Enterprise Edition or Community Edition, protecting the DevOps pipeline and production workloads in runtime with full visibility and control.
With Aqua, you can protect your Docker applications running on either Linux (docker or containerd runtimes) or Windows, with powerful image assurance, container immutability and least-privilege enforcement, and container firewall.
Integrate security controls into your DevOps pipeline
Scan images within your CI tools, registries, and on Docker hosts to find and fix issues early, going beyond vulnerabilities to hard-coded secrets, bad image configuration, and malware.
Protect Docker applications at runtime, in real time
Control the deployment of trusted images, enforce container immutability, and automatically learn and enforce least-privilege behavior to detect and prevent suspicious activity and attacks.
Apply enterprise-grade security to your Docker environment
Use Aqua's highly automated and customizable security policies to govern multi-tenant, multi-cloud and multi-orchestrator deployments, from development to production.
Continuous Image Assurance
Aqua scans images for vulnerabilities, malware, embedded secrets, configuration issues and OSS licensing, allowing you to create custom policies that determine which images will be allowed to run on your Docker hosts. Based on a constantly updated data stream, Aqua's vulnerabilities database is aggregated from multiple sources, and consolidated to ensure that only the most up-to-date data is included, increasing accuracy and reducing false positives and negligible CVEs.
Aqua provides multiple layers of security to protect Docker applications at runtime: enforcing container immutability and preventing changes to running containers, enforcing least-privileges using a machine-learned behavioral profile, isolating the container from the host by creating custom seccomp profiles, and controlling network connections with a container firewall.
Aqua securely delivers secrets to containers at runtime, encrypted in transit and at rest, loading them in memory with no persistence on disk, where they are only visible to the container that needs them. Integrate with your existing enterprise vault, such as Hashicorp, CyberArk, AWS KMS or Azure Vault. Unlike other secrets solutions, you can transparently update, revoke, and rotate secrets without restarting containers.
Run compliance checks of your Kubernetes environment according to the CIS Docker Benchmark (in addition to Docker K8s Benchmark), that includes more than 100 individual checks to ascertain the environment's security posture. Aqua provides daily scans and a detailed report with the findings.
Container Firewall for Docker
Enforce container-level network rules with Aqua's container firewall - visualize network connection, automatically map legitimate connections, and create rules based on application services. Only whitelisted connections will be permitted, both within a Swarm or Kubernetes cluster, as well as between clusters.
Granular Security Events Auditing
Aqua provides a detailed event stream of all Docker-related commands, such as start/stop of containers, user ID changes, and container security policy violations. This data can easily be transferred to a cloud monitoring, log management or SIEM tool of your choice, such as Splunk, ArcSight, Datadog or Sumologic.
Aqua Security helps enterprises secure their cloud native applications from development to production, whether they run using containers, serverless, or virtual machines. Aqua bridges the gap between DevOps and security, promoting business agility and accelerating digital transformation.
Aqua’s Cloud Native Security portfolio provides full visibility and security automation across the entire application lifecycle and infrastructure, using a modern zero-touch approach to detect and prevent threats while simplifying regulatory compliance. Aqua customers include some of the world’s largest financial services, software development, internet, media, hospitality and retail companies, with implementations across the globe spanning a broad range of cloud providers and on-premise technologies.