Download PDF version Contact company
Related Links

Aqua Security, global platform provider for securing container-based and cloud native applications, has announced version 3.5 of its cloud native security platform, which now protects a wide range of cloud native technologies, including applications using serverless functions. Customers can deploy end-to-end security to establish a consistent policy enforcement layer spanning container, serverless containers (such as AWS Fargate) and serverless functions (such as AWS Lambda).

Aqua CSP v3.5

In addition, driven by continued enterprise adoption of the Aqua platform in some of the largest global enterprises, Aqua CSP v3.5 raises the bar in terms of ease of management of complex, multi-application and multi-team enterprise environments by enabling flexible policy scopes and highly granular user role definitions, and adds container encryption for protection of intellectual property.

Moving to a serverless model allows developers to prioritise simplicity and agility by abstracting infrastructure concerns to provide a straightforward execution environment for applications and microservices. However, serverless architectures also introduce new security risks. Attackers may leverage a weakness or vulnerability in the serverless function code itself or outsourced libraries; or attempt to take advantage of the complexity of cloud infrastructure permissions to reach services or networks that contain sensitive information. Building on Aqua’s experience in securing containers, Aqua CSP v3.5 addresses these serverless threat vectors and minimises their potential impact.

Security for hybrid cloud deployments There is a growing need for scalable security that is easy-to-manage across multi-cloud and hybrid cloud deployments, covering both containers and serverless functions"

As the adoption of containers and serverless continues to expand within a greater number of enterprises, and to greater numbers of applications within those enterprises, there is a growing need for scalable security that is easy-to-manage across multi-cloud and hybrid cloud deployments, covering both containers and serverless functions,” said Amir Jerbi, CTO and co-founder of Aqua Security.

Our customers now run multiple cloud native applications and require a unified platform to manage security across teams, while providing security and DevOps teams segregation of duties coupled with the control they require.

Features and capabilities

  • Risk Assessment for Serverless functions: Checks functions for known vulnerabilities, embedded secrets (keys and tokens), and cloud permissions, to ensure that function privileges are secure and minimised. Serverless support is fully integrated with Aqua’s extensive controls for container runtime deployments and is managed via the same console.
  • Container Encryption: Aqua now makes it possible to encrypt the entire contents of a container image, decrypting it with a key when it is instantiated as a container. This feature enables companies with sensitive intellectual property embedded in their container images to protect them against unauthorised use and prevents unauthorised access to code in case of a registry breach or when code is given under license to partners and customers.
  • Greater Visibility through Workload Explorer: With a tabular and visual view of running workloads on Kubernetes and Docker environments, Workload Explorer provides visibility into large, distributed runtime environments, highlighting vulnerable or risky components (i.e., namespaces, deployments, pods, containers). Operations and security staff can easily filter the data and drill down to view detailed information quickly to ensure compliance.
  • Contextual Runtime Policies: Based on feedback from some of Aqua’s largest customer implementations, Aqua runtime security policy models now allow the definition of a highly specific scope for each policy, to be applied to an application context. The scope can be defined according to dozens of parameters, including Kubernetes deployment and namespace, image registry prefix, environment variables, and many more. This flexibility allows customers to easily differentiate between multiple applications, for example by applying stricter policy to applications with higher trust requirements, such as mission critical applications, even if they use the same images as other applications.
  • Fine-Grained Administrative Access Control: An enhanced RBAC engine enables fine-grained permissions for DevOps, security and compliance teams on the Aqua platform, enabling true segregation of duties between teams and roles. For example, different teams may be granted access to different sets of images or registries, while their ability to view or change Aqua policies for images, serverless functions, runtime, secrets, and compliance will vary according to their specific role.
Download PDF version Download PDF version

Related videos

Upgraded feature for Xesar - Now with smartphone as well!

Upgraded feature for Xesar - Now with smartphone as well!
Enhancing government security with proactive threat detection from Wavestore

Enhancing government security with proactive threat detection from Wavestore
Join the biggest hour for Earth

Join the biggest hour for Earth

In case you missed it

AMPELMANN GmbH enhances security with ASSA ABLOY eCLIQ solution
AMPELMANN GmbH enhances security with ASSA ABLOY eCLIQ solution

The Ampelmännchen (“little traffic light man”) from the former GDR is a cult figure around the globe. For tourists, the shops of AMPELMANN GmbH in Berlin are a big...

What are the unique challenges of the government market for security?
What are the unique challenges of the government market for security?

Factors such as stable demand and large contracts make the government market particularly enticing for security companies and professionals. However, entering and thriving in the g...

RapidSOS enables critical data sharing to improve emergency response
RapidSOS enables critical data sharing to improve emergency response

In an emergency, information is pivotal. More information provides better understanding of an emergency and empowers potentially life-saving decision-making. Emergency response tea...

Featured white papers
Honeywell GARD USB threat report 2024

Honeywell GARD USB threat report 2024

Download
The role of artificial intelligence to transform video imaging

The role of artificial intelligence to transform video imaging

Download
Access control system planning phase 1

Access control system planning phase 1

Download
Key Findings from the 2024 Thales Cloud Security Study

Key Findings from the 2024 Thales Cloud Security Study

Download
Artificial intelligence

Artificial intelligence

Download
Quick poll
Which feature is most important in a video surveillance system?
More corporate news
Seagate and IBM work together to reduce product counterfeiting using blockchain and security technologies

Seagate and IBM work together to reduce product counterfeiting using blockchain and security technologies
ASSA ABLOY simplifies rebranding phases of ASSA products from ASSA ABLOY in the UK

ASSA ABLOY simplifies rebranding phases of ASSA products from ASSA ABLOY in the UK
BCDVideo partners with Scale Computing to deliver turnkey hyperconverged solutions based on HC3 software

BCDVideo partners with Scale Computing to deliver turnkey hyperconverged solutions based on HC3 software
Featured products
Anviz iCam-B25: Versatile Surveillance Solution for Business and Public Safety

Anviz iCam-B25: Versatile Surveillance Solution for Business and Public Safety
Dahua's AI-powered Bullet WizMind Network Camera

Dahua's AI-powered Bullet WizMind Network Camera
Illustra Flex Gen4 AI-powered Dual Sensor Multi-directional camera

Illustra Flex Gen4 AI-powered Dual Sensor Multi-directional camera