Modern Container Security
For Cloud Native Apps

Ensure the flow of “good code” with application-aware controls while automatically detecting and preventing suspicious activity.

Secure once,
run anywhere

Aqua’s security controls are consistently enforced across orchestrators, whether on-prem or in cloud environments

Mitigate zero day and insider threats

Least-privilege whitelisting detects and prevents any anomalous behavior, privilege escalation, or code injection

Ensure business continuity

Granular response ensures that only suspicious activities are blocked without disrupting application uptime

Aqua replaces outdated signature-based approaches with modern controls that leverage the cloud-native principles of immutability, microservices and portability. Using machine-learned behavioral whitelisting, integrity controls and nano-segmentation, Aqua makes applications more secure than ever possible before.

Continuous Image Assurance

Prevents unvetted or unapproved images from running anywhere in your environment, based on known vulnerabilities, embedded secrets, OSS licensing, malware detection, and secure image configuration.

Image-to-Container Drift Prevention

Enforces container immutability and detects any unapproved changes to running containers by continuously comparing them to their originating images, including executables, privilege elevation, and image parameters.

Enforcing Least Privileges

Uses machine learning to automatically profile container behavior, whitelisting runtime parameters such as system calls, file access, network access, and executables, improving isolation and preventing privilege escalation.

Granular Monitoring & Logging

Monitors container, pod, node, and cluster activity to detect and report on all policy violations, run/stop events, login events - all of which can be sent to your choice of SIEM (e.g, Splunk, ArcSight, and more).

Container-Level Application Firewall

Segments workloads by automatically creating dynamic firewall rules between container services, ensuring that only whitelisted connections are allowed, and alerting on or blocking network traversal attempts.

Securosis Container Security Guide

The definitive cookbook for securing containerized applications.
Download Guide