Kubernetes Security for the Enterprise

Aqua tames the complexity of securing Kubernetes deployments with policy-driven controls that leverage native K8s capabilities, while adding deeper image assurance, runtime protection, and network security controls.

As a contributing member of the CNCF and a Kubernetes Technology Partner, Aqua leads the way to secure Kubernetes deployments across all platforms, by enhancing K8s native capabilities while making them easier to manage and scale.

Assess the security posture
of your K8s clusters

Aqua's open source tool kube-bench assesses your K8s clusters against the 100+ tests of the CIS Benchmark for Kubernetes, while Aqua open source kube-hunter performs penetration tests using dozens of known attack vectors.

Control image deployment at Kubernetes scale

Ensure the use of trusted images across entire clusters with Aqua's image assurance, optimized to work at the K8s master node level, preventing unapproved, risky images from being deployed on any node.

Protect workloads running on Kubernetes in real time

Protect the application level by enforcing container immutability, least-privilege profiling, node OS-level controls, and container-level network rules to automatically detect and block any suspicious activity
Aqua's Full Lifecycle Security Solution for Kubernetes
Kubernetes-Based Image Assurance
Prevent Kubernetes from running unvetted or unapproved images, based on policies that include vulnerability severities and scores, embedded secrets, malware found, image configuration issues, and custom compliance checks. Apply across entire Kubernetes clusters to easily enforce security at scale.
Automated Runtime Protection
Protect containers in runtime using Aqua's automated machine-learned profiles used to whitelist legitimate behavior, greatly reducing container capabilities. Ensures that the application behaves as expected, blocking or alerting on suspicious activity, and preventing zero-day attacks and privileged user abuse.
Kubernetes-Native Network Controls
Enforce container-level network rules with Aqua's container firewall - visualize network connection, automatically map legitimate connections, and create rules based on Kubernetes namespaces, clusters and deployments. Works seamlessly with network plug-ins, including Weave, Calico, Flannel, and Contiv.
CIS Kubernetes Benchmark Checks
Run compliance checks of your Kubernetes environment according to the CIS Kubernetes Benchmark (in addition to Docker CIS Benchmark), that includes more than 100 individual checks to ascertain the environment's security posture. Aqua provides daily scans and a detailed report with the findings.
Fine-Grained User Access Control
Enforce fine-grained access control roles (RBAC) and policies that manage access to kubectl commands by specific Kubernetes deployments and nodes. Manage at scale with Aqua's label management scheme. Natively leverages Kubernetes webhook admission controller to ensure upstream compatibility of your security for any commercial Kubernetes implementation.
Kubernetes Context for Audit Events
Aqua’s event logging includes Kubernetes-specific information, such as pod name, type, deployment and namespace data, in addition to user access, container start/stop and other events. This data is crucial for compliance and makes it possible to conduct thorough forensics and incident response.