Aqua tames the complexity of securing Kubernetes deployments with policy-driven controls that leverage native K8s capabilities, while adding deeper image assurance, runtime protection, and network security controls.
As a contributing member of the CNCF and a Kubernetes Technology Partner, Aqua leads the way to secure Kubernetes deployments across all platforms, by enhancing K8s native capabilities while making them easier to manage and scale.
Aqua's open source tool kube-bench assesses your K8s clusters against the 100+ tests of the CIS Benchmark for Kubernetes, while Aqua open source kube-hunter performs penetration tests using dozens of known attack vectors.
Ensure the use of trusted images across entire clusters with Aqua's image assurance, optimized to work at the K8s master node level, preventing unapproved, risky images from being deployed on any node.
Protect workloads running on Kubernetes in real time
Protect the application level by enforcing container immutability, least-privilege profiling, node OS-level controls, and container-level network rules to automatically detect and block any suspicious activity
Aqua's Full Lifecycle Security Solution for Kubernetes
Kubernetes-Based Image Assurance
Prevent Kubernetes from running unvetted or unapproved images, based on policies that include vulnerability severities and scores, embedded secrets, malware found, image configuration issues, and custom compliance checks. Apply across entire Kubernetes clusters to easily enforce security at scale.
Protect containers in runtime using Aqua's automated machine-learned profiles used to whitelist legitimate behavior, greatly reducing container capabilities. Ensures that the application behaves as expected, blocking or alerting on suspicious activity, and preventing zero-day attacks and privileged user abuse.
Enforce container-level network rules with Aqua's container firewall - visualize network connection, automatically map legitimate connections, and create rules based on Kubernetes namespaces, clusters and deployments. Works seamlessly with network plug-ins, including Weave, Calico, Flannel, and Contiv.
Run compliance checks of your Kubernetes environment according to the CIS Kubernetes Benchmark (in addition to Docker CIS Benchmark), that includes more than 100 individual checks to ascertain the environment's security posture. Aqua provides daily scans and a detailed report with the findings.
Aqua’s event logging includes Kubernetes-specific information, such as pod name, type, deployment and namespace data, in addition to user access, container start/stop and other events. This data is crucial for compliance and makes it possible to conduct thorough forensics and incident response.
Aqua Security helps enterprises secure their cloud native applications from development to production, whether they run using containers, serverless, or virtual machines. Aqua bridges the gap between DevOps and security, promoting business agility and accelerating digital transformation.
Aqua’s Cloud Native Security portfolio provides full visibility and security automation across the entire application lifecycle and infrastructure, using a modern zero-touch approach to detect and prevent threats while simplifying regulatory compliance. Aqua customers include some of the world’s largest financial services, software development, internet, media, hospitality and retail companies, with implementations across the globe spanning a broad range of cloud providers and on-premise technologies.