Unlike many of the built-in AWS cloud provider tools, such as AWS Security Hub, Config Service, and Trusted Advisor, the Aqua is a complete end-to-end cloud security platform. The following are some of the top advantages to using a hosted CSPM product like the Aqua:


  • Single Pane of Glass
    Aqua provides complete visibility into all of your cloud accounts in a single, unified interface with very little configuration. Unlike Security Hub and Config Service, which require a complicated Organization-level account set up to work (and are not fully enabled for cross-account sharing), the Aqua allows you to connect all of your infrastructure accounts using a sample CloudFormation template.

  • Fully Managed
    With Aqua CSPM, the cloud security experts at Aqua are continually writing new security control plugins and platform updates that are automatically deployed to your environment with no configuration required. When AWS adds new services, controls, and features, CSPM is updated automatically, behind-the-scenes, to begin checking for new security risks. Unlike Security Hub, you do not need to manually enable new conformance packs or configure additional checks across your fleet of infrastructure accounts.

  • Multi-Cloud
    If you operate any infrastructure outside of AWS in Azure, GCP, or Oracle Cloud, Aqua CSPM can integrate with those accounts, allowing you to monitor for the same security controls without being limited to a single cloud provider's dashboard.

  • Infrastructure as Code Scanning
    Aqua ships with powerful tools that are not included in AWS's default security toolset. These include infrastructure as code scanning services that enable you to audit CloudFormation and Terraform templates for security risks. These scanning services are also available via API for easy integration with CI/CD systems.

  • Third-Party Integrations
    Aqua understands that you may want to monitor your cloud security posture or respond to potential incidents using tools that you are already familiar with, such as Slack, Microsoft Teams, PagerDuty, OpsGenie, and Splunk. Aqua CSPM supports these integrations out-of-the-box, with no custom tooling required.

  • Powerful REST API
    For integrations without native support, or for custom use cases, all Aqua functionality is available via REST API. Aqua users have integrated our APIs into CI/CD systems, automated testing frameworks, deployment tools, custom dashboards, and many other locations.

  • Reporting
    Aqua scan reports contain a wealth of information that can help you investigate and remediate discovered vulnerabilities. These reports can easily be exported to PDF or CSV format, and include high-level executive summaries as well as detailed information on each detected risk.

  • Built-In Compliance Auditing
    With zero additional configuration, all Aqua CSPM scan reports include detailed tracking with popular compliance frameworks such as PCI, HIPAA, GDPR, SOC 2 Type II, CIS Benchmarks, AWS Well-Architected Framework, and others. These do not require any opt-in or additional setup.

  • Automated Remediations
    Aqua CSPM has additional remediation capabilities that, after opting in, allow you to configure issues in your AWS accounts to be automatically remediated. For example, if an S3 bucket is found to be unencrypted, the Aqua can automate the addition of encryption to the bucket. This tool is highly customizable, but, unlike AWS Config Service, does not require the deployment of additional resources for each control beyond the initial Remediator setup.