Modern Container Security For Cloud Native Apps

Ensure the flow of “good code” with application-aware controls while automatically detecting and preventing suspicious activity.

Aqua replaces outdated signature-based approaches with modern controls that leverage the cloud-native principles of immutability, microservices and portability. Using dynamic threat analysis, machine-learned behavioral whitelisting, integrity controls and nano-segmentation, Aqua makes applications more secure than ever possible before.

Continuous Image Assurance

Prevent unapproved images from running anywhere in your environment, based on known vulnerabilities, embedded secrets, OSS licensing, dynamic threat analysis, and secure image configuration.

Image-to-Container Drift Prevention

Enforces container immutability and detects any unapproved changes to running containers by continuously comparing them to their originating images, including executables, privilege elevation, and image parameters.

Enforcing Least Privileges

Uses machine learning to automatically profile container behavior, whitelisting runtime parameters such as system calls, file access, network access, and executables, improving isolation and preventing privilege escalation.

Granular Monitoring & Logging

Monitors container, pod, node, and cluster activity to detect and report on all policy violations, run/stop events, login events - all of which can be sent to your choice of SIEM (e.g, Splunk, ArcSight, and more).

Container-Level Application Firewall

Segments workloads by automatically creating dynamic firewall rules between container services, ensuring that only whitelisted connections are allowed, and alerting on or blocking network traversal attempts.
Gartner's 2020 Market Guide for Cloud Workload Protection Platforms
In this report, Gartner advises its clients to favor CWPP vendors specializing in container orchestration monitoring and serverless functionality, and proactively extend workload testing into the CI/CD pipeline.
Get the Report