What is Workload Protection?
TABLE OF CONTENTS
Aqua Workload Protection provides full lifecycle security for your cloud native applications (containers, orchestrators, cloud VMs, and serverless functions) at a very granular level. Aqua includes preventive controls to secure the development pipeline; protects applications in runtime; detects and blocks attacks; and provides visibility and auditing for security risk management and compliance.
- Integrates with your existing workflows for building, shipping, running, and securing your cloud workloads
Works with the leading orchestrators and cloud provider platforms
Secures environments consisting of servers running Linux and Windows, as well as CaaS and FaaS cloud services
Provides you with full audit logs of security-related events that have occurred on your hosts or in your containers and serverless functions
The main product documentation for Workload Protection may be found in the Aqua Platform Documentation Portal, under SaaS. The documentation links in this and other topics point to specific information in that portal.
Secure the build
- Image Assurance for assessing container images against vulnerabilities, sensitive data (such as secrets), and malware
- Risk-based Insights helps you focus on the most important and urgent vulnerabilities to mitigate, including running containers based on images with exploits in the wild
- Integration with Aqua Dynamic Threat Analysis (DTA) for dynamic analysis of container behavior in a sand-boxed environment
- Function Assurance for detecting security issues in your AWS Lambda and Microsoft Azure cloud environments
Secure the infrastructure
- Automated penetration testing (pen testing) of Kubernetes clusters, using the kube-hunter, an Aqua Security open-source tool that hunts for security issues in Kubernetes clusters
- Host Assurance for assessing VMs against vulnerabilities, malware, and security best practices (e.g., CIS benchmarks)
- Host Runtime Protection for protecting your VMs against malicious and unauthorized activities
- Automated discovery of Kubernetes resources in your clusters and vulnerability scanning on Linux hosts via the Aqua KubeEnforcer
Secure the workloads
- Kubernetes Assurance determines the compliance of Kubernetes pods with your organization's security requirements.
- Container Runtime Protection blocks the deployment of non-compliant container images, and prevents containers from performing malicious and unauthorized activities.
- Aqua Security Vulnerability Shield™ (vShield) technology provides virtual patches for vulnerabilities, using special Container Runtime Policies to prevent exploitation of vulnerabilities.
- Network micro-segmentation uses automated discovery of network traffic and generates firewall rules for workloads.
- Secrets management for securely injecting secrets into containers.
- Function Runtime Policies provide run-time security for AWS Lambda functions.
Holistic approach to security for Kubernetes and other applications
Aqua secures your application build (e.g., container images), infrastructure, and workloads. See Securing Kubernetes Applications.
Monitoring, auditing, and compliance
- The Risk Explorer presents a dynamic display of the workloads (containers) and host VMs in your cloud native environment, and the security risks associated with them.
- Aqua provides comprehensive auditing of security-related and administrative events.
Aqua can be integrated with a wide variety of:
- Container orchestration platforms (orchestrators and cloud provider stacks). You can also deploy Aqua in environments without an orchestration platform, like a standalone Docker host.
- Container engines
- Host operating systems
- Public and private image registries
- CI/CD systems
- Log management and monitoring systems
- Secret key stores
... and more. See System Requirements and Supported Integrations for complete lists.
Aqua can also be integrated with security tools in your infrastructure to support existing workflows and provide aggregated, consolidated views:
- Threat feeds that include vulnerability data, indications of compromise, and threat mitigation controls
- SIEM (security information and event management) systems
Did you find it helpful? Yes NoSend feedback