Securing K8s Apps on Google Cloud Platform

Aqua provides full lifecycle security for cloud native applications running on Google Cloud Platform, including automated deployment on GKE via the GCP Marketplace.

Get Aqua on the GCP Marketplace

Cloud Security Posture Management (CSPM)

Ensure that your Google Cloud accounts and services are configured according to best practices, including the CIS Foundation Benchmark for Google Cloud. Continuously scan hundreds of settings for risks and monitor events for anomalies. Automatically create and retain compliance reports for PCI, HIPAA and more.

Cloud VM Security and Compliance

Protect workloads running on Google Compute Engine instances and ensure they are properly hardened. Scan for vulnerabilities and malware, apply File Integrity Monitoring (FIM), check configuration against the CIS Benchmark for Linux, and monitor user access and activity. Create command-level audit trail for compliance and forensics.

Image Vulnerability Scanning & Assurance

Prevent unauthorized images from running in your GKE environment. Continuously scan images stored in Google Container Registry (GCR) to ensure that DevOps teams do not introduce vulnerabilities, bad configurations, malware, or secrets into container images. Get actionable recommendations for remediation of security issues.

Runtime Protection

Aqua works seamlessly with Google Kubernetes Engine (GKE) to prevent unvetted containers from running, and prevent approved containers from performing unauthorized actions. It automatically learns container behavior and ensures that containers only do what they are supposed to do in the application context. It detects and prevents activities that violate policy, defending against container-specific attacks.

Secrets Management

Leverage 3rd party vaults, including HashiCorp Vault and CyberArk EPV, to securely deploy secrets (passwords, keys and tokens) to containers in runtime. Aqua makes it easy to manage, rotate, and revoke secrets in containers with no downtime, running only in memory without persistence on disk.

Visibility for Compliance and Security

Aqua integrates with 3rd party SIEM and security management tools, including Google’s Cloud Security Command Center (SCC) to provide single-pane-of-glass visibility into security and compliance-related events, and policy management for container security monitoring and policy violation detection.

Aqua support for Google Grafeas

Aqua supports Google Grafeas, providing image vulnerability results to Grafaes.