Aqua provides the following capabilities for serverless functions:

  • Function Assurance for AWS Lambda, Microsoft Azure, and Google Cloud functions. This comprises these aspects of risk assessment and mitigation:
    • Scanning your functions in cloud accounts for vulnerabilities (opensource libraries or OS dependencies) and sensitive data (such as access and secret keys). AWS and Azure (but not Google) functions are also checked for excessive permissions (e.g., AWS IAM roles). The Aqua CyberCenter maintains a list of known security issues.
    • Evaluating the risk of your functions, based on the scanning findings, according to Function Assurance Policies. You create and configure these policies to define the acceptable risks in your serverless environment.
    • Determining whether your functions are compliant, based on these policies
    • For AWS and Azure (but not Google) functions: Taking security-related actions that you define, such as preventing the execution of risky functions (those which violated the Assurance Policies) or failing the pipeline of your CI/CD development tools.
    • Providing complete auditing of all security risks found. You can review the results of the security evaluation either in the Aqua Server or in a SIEM or other system. 

For more information, refer to the product documentation.

  • Function Runtime Policies provide runtime protection for AWS Lambda functions. You can configure one or more Function Runtime Policies to restrict and monitor the runtime activities of your Lambda functions, according to the security requirements of your organization.

For more information refer to the product documentation.