Aqua is the only solution that can secure runtime production workloads on AWS Fargate
and Azure Container Instances (ACI), where containers are run on demand, with no hosts or VMs to manage. For this type of deployment, security controls must be embedded into the container itself, whether built into the image during development, or deployed into the application container from a sidecar (AWS Fargate only).
protects containers from within, embedding itself into the container. The resulting self-policing containers are monitored for runtime security policy violations, which result in alerts or the blocking of specific suspicious processes.
Continuous Image Assurance
Ensure policy-driven image deployment to prevent the use of images with vulnerabilities, embedded "secrets", malware, configuration issues, and custom compliance violations.
Prevent Image-Container Drift
Enforce container immutability, ensuring it is identical to its originating image, and preventing attempts to inject arbitrary code or alter container contents.
Zero-Config Runtime Protection
Protect workloads with Aqua’s automated, machine-learned security profiles, whitelisting legitimate container behavior, and preventing zero-day attacks and privileged user abuse.
Automatically visualize, configure, and enforce container-level network rules that alert on and prevent unauthorized container-level network connections.
Secrets Delivery & Rotation
Securely deliver secrets to containers during runtime in memory with no persistence on the disk . Rotate, update and revoke secrets with no container downtime or restart, based on existing 3rd party secrets vaults.
Enhanced Visibility & Audit
Generate granular audit trails of all access activity, scan events, service activity, and secrets usage. Event logs can easily be streamed to 3rd party analytics and SIEM solutions.