Container Network Nano-Segmentation

Container Network Nano-Segmentation

Limit the "blast radius" of attacks by limiting container communications to defined nano-segments based on application context. Automatically discover container network topology both within a host and across hosts, and apply context-based firewall rules that alert or prevent unauthorized network connections.
Visualize Network Topology
Automatically discover and visualize containerized application topology, dynamically updated based on actual activity.
Nano-Segment The Network
Segment the container network: Group containers into services regardless of physical location or IP address, establish communication rules within and between services.
Context-Based Container Firewall
Detect and prevent unauthorized network connections based on a hierarchical set of service-oriented firewall rules.

How Aqua Nano-Segmentation Works

Aqua monitors container network activities in runtime, identifies all inbound and outbound network connections to/from other containers, services, IP addresses and public Internet. Nano-segmentation is automatically created based on monitored traffic.
See It in Action ›
Securosis Whitepaper
Assembling a Container Security Program
Download
eBook for Security Pros
Five Things Security Pros Need to Know
About Containers
Download