As a contributing member of the CNCF and a Kubernetes Technology Partner, Aqua is leading the way to secure Kubernetes deployments across all platforms, by enhancing the built-in capabilities that Kubernetes offers while making them easier to manage and scale, and ensuring forward compatibility. Aqua also maintains Kube-Bench
, an open source tool for checking your K8s environment's compliance with the CIS Kubernetes Benchmark.
Kubernetes-Based Image Assurance
Prevent Kubernetes from running unvetted or unapproved images based on policies that include: vulnerabilities severities and scores, embedded "secrets", malware found, image configuration issues and custom compliance checks. Apply across entire Kubernetes clusters to easily enforce security at scale.
Automated Runtime Protection
Protect containers in runtime using Aqua's automated machine-learned profiles, used to whitelist legitimate behavior and greatly reduce container capabilities. This ensures that the application behaves as expected, blocking or alerting on suspicious activity, and preventing zero-day attacks and privileged user abuse.
Kubernetes-Native Network Controls
Enforce container-level network rules with Aqua's container firewall: visualize network connection, automatically map legitimate connections, and create rules based on Kubernetes namespaces, clusters and deployments. Works seamlessly with network plug-ins including Weave, Calico, Flannel and Contiv.
CIS Kubernetes Benchmark Checks
Run compliance checks of your Kubernetes environment according to the CIS Kubernetes Benchmark (in addition to Docker CIS Benchmark) , that includes more than 100 individual checks to ascertain the environment's security posture. Aqua provides daily scans and a detailed report with the findings.
Fine-Grained User Access Control
Enforce fine-grained access control roles (RBAC) and policies that manage access to kubectl commands by specific Kubernetes deployments and nodes. Manage at scale with Aqua's label management scheme. Natively leverages Kubernetes webhook admission controller to ensure upstream compatibility of your security for any commercial Kubernetes implementation.
Kubernetes Context for Audit Events
Aqua’s event logging includes Kubernetes-specific information, such as pod name, type, deployment and namespace data, in addition to user access, container start/stop and other events. Such data is crucial for compliance and makes it possible to conduct thorough forensics and incident response.