Comprehensive Kubernetes Security

Least Privilege Access for Kubernetes

Minimize risks from over-provisioned roles and service accounts while reducing dependency on deep Kubernetes security expertise.

CIS Kubernetes Benchmarking

Automatically assess Kubernetes environments against CIS Benchmarks with over 100 individual checks, daily scans, and detailed audit reports.

Kubernetes Cluster Penetration Testing

Run automated penetration tests on Kubernetes clusters to detect vulnerabilities exploitable by attackers.

Firewall Rules

Enforce container-level network policies using Aqua’s identity-based firewall. Seamlessly integrates with Kubernetes CNI plugins such as Weave, Calico, Flannel, and Contiv.

Build Protection

Shift security left to stop threats and vulnerabilities early, enabling DevOps teams to identify and fix issues rapidly.
Aqua scans artifacts during development and staging for vulnerabilities, malware, secrets, and other risks. It allows dynamic policy controls to govern deployment into runtime environments.

Infrastructure Protection

Automate compliance and security posture for public cloud IaaS and Kubernetes infrastructure using best practices.
Aqua audits cloud services, infrastructure-as-code templates, and Kubernetes settings to ensure secure and compliant configurations.

Workload Protection

Secure VMs, containers, and serverless workloads with fine-grained controls, real-time visibility, detection, and response.
Aqua enforces application immutability during runtime using modern microservices principles, builds zero-trust networks, and detects and blocks suspicious activity, including zero-day attacks.

Risk-Based Vulnerability Management for Container Images

Aqua classifies, filters, and prioritizes vulnerabilities based on continuously updated threat intelligence and runtime context using:

CVE Severity & CVSS Scores

Exploitability: Whether the vulnerability is exploitable and reachable over a network

Exposed Workloads: Whether the workload is affected by the CVE in runtime

Running Images: Active workload detection for vulnerable images

CI/CD Pipeline Integration for Automated Security

Aqua CSP integrates into CI/CD pipelines to enforce application delivery security. It flags or blocks policy violations and provides developers with real-time feedback. Supported tools include Jenkins, Azure DevOps, Bamboo, GitLab, and Codefresh.

Dynamic Threat Analysis (DTA) for Containers

Detect advanced malware hidden in open-source and third-party images that can evade static scanners. Prevent attacks like credential theft, cryptojacking, and data breaches.
Aqua DTA analyzes container images in a secure, isolated sandbox environment, tracking behavioral anomalies.

Drift Prevention and Runtime Protection for Containers

Aqua maintains container immutability and blocks malware from attacking live containers, mitigating attack vectors such as cryptominers, data exfiltration, and zero-day exploits.

Sensitive Configuration & Secrets Protection

Enforce access controls using trusted identity sources (e.g., Active Directory, LDAP, cloud identity platforms). Authenticate against trusted sources to tightly control access to passwords and encryption keys.

Kubernetes Risk Visualization

Aqua Risk Explorer provides a visual interface for managing Kubernetes risks, with intuitive prioritization of threats originating from multiple sources.
It displays namespaces, deployments, nodes (hosts), containers, and image sources, and calculates risk scores for namespaces and internal network connections.