aqua logo fullcolor

Security Means Freedom
Aqua unleashes the power of cloud native security so your business and applications can run free.

Aqua Security enables enterprises to secure their container-based and cloud-native applications from development to production, accelerating container adoption and bridging the gap between DevOps and IT security.

Aqua’s Container Security Platform provides full visibility into container activity, allowing organizations to detect and prevent suspicious activity and attacks, providing transparent, automated security while helping to enforce policy and simplify regulatory compliance.



Container Security

Full Lifecycle Container Security

Protect container-based cloud native applications from development to production, using the industry’s most advanced container security solution.

  1. Risk and Compliance
  2. Mitigate Attacks
  3. Cross-Platform Security

Reduce Risk and Prove Compliance of Containerized Applications

Gain constant visibility into vulnerability posture in your pipeline, reducing the attack surface before containers are deployed. The get detailed auditing and forensics data of your container and Kubernetes runtime environment to track violation events and compliance posture.

Mitigate Supply Chain and Zero-Day Attacks

Get granular, automated response based on Indicators of Compromise, drift prevention and behavioral profiling to stop malicious behavior, blocking only activities that violate policy with no impact on legitimate container operation.

Protect Containers Across All Platforms and Formats

Secure Linux and Windows containers, and protect containers running on VM, bare-metal, on Container-as-a-Service offerings such as AWS Fargate and ACI, even on Tanzu Application Service. Aqua has purpose-built runtime instrumentation (the Aqua Enforcer family) for each of these environments.

Aqua scans CI builds and images

Aqua scans container images based on a constantly updated stream of aggregate sources of vulnerability data (CVEs, vendor advisories, and proprietary research), which ensures up-to-date, broad coverage while minimizing false positives. Additionally, find malware, embedded secrets, OSS licenses, and configuration issues in your images to further reduce the attack surface.

Aqua scans CI builds and images For Web


Dynamic Threat Analysis For Web

Dynamic Container Analysis

Discover sophisticated malware hidden in open source packages and 3rd party images, preventing attacks on your container-based applications, including credential theft, cryptocurrency mining, and data exfiltration. Aqua DTA dynamically analyzes images before they in a secure isolated sandboxed environment, examining and tracing behavioral anomalies to uncover advanced malware that cannot be detected by static scanners.

Aqua DTA >


Serverless Security

Security for Serverless Functions (FaaS)

Ensure that serverless functions are secured and in compliance. Reduce the attack surface, control deployment, and protect functions in runtime using performance-optimized controls.

  1. Risk-free Serverless
  2. Secure AWS Lambda
  3. Centralize Security
Reduce the risk from serverless functions
Gain visibility into running functions, assess and control risk in the pipeline, preventing OWASP top 10 serverless threat.
Protect AWS Lambda applications
Ensure least-privilege permissions, automatically deploy runtime protection, and detect behavioral anomalies
Centralize security and compliance
Combine serverless security with all cloud native application and infrastructure, using unified policy management and control.

Integrate in your CI/CD pipelines

Aqua enables you to “shift left” security into early stages of development by scanning functions as they are built, shortening the fix cycle for security issues. We provide native plug-ins as well as a CLI tool that automate scanning within CI tools such as Jenkins, Bamboo, and Azure DevOps. As a step in the build, developers can view scanning results and suggested mitigation from within a familiar environment.

Aqua scans CI builds and images For Web


Dynamic Threat Analysis For Web

Ensure least-privilege permissions

A key risk in serverless functions is over-provisioned permissions, that allow a potential attacker to gain access to additional resources. Aqua prevents this by flagging over-provisioned permissions, as well as monitoring for unused permissions and roles over time, allowing you to reduce them to what’s needed.


VM Security

Protecting Cloud VMs and Instances

Automate VM security in private, public & hybrid cloud environments. Ensure compliance with PCI-DSS, HIPAA and other requirements, detect configuration issues quickly, and protect VM-based workloads in runtime.

  1. Configuration & Compliance Assessment
  2. Real-Time Protection
  3. Intrusion Prevention
Assess cloud VM configuration and ensure compliance
Implement security configuration best practices by evaluating OS configuration against the CIS Benchmark for Linux, scanning for malware and vulnerabilities, and ensuring that your VMs are properly hardened.
Real-time monitoring and VM protection
Keep VMs configuration immutable, protecting Linux and Windows machines against drift and tampering. Monitor user logins suspicious and activity.

Prevent intrusions and safeguard data

Use real-time controls to detect suspicious activity on cloud VMs such as Amazon EC2 instances. Monitor files and folders for read, write, and attribute changes.


Vulnerability scanning

Scan cloud VMs for known vulnerabilities and malware, check OS configuration against the CIS Benchmark for Linux, ensuring that the security posture of your cloud VMs is aligned with compliance policy and free from malwares

Aqua scans CI builds and images For Web


Dynamic Threat Analysis For Web

Host assurance

Get alerts on system and application configuration violations, define a compliance baseline for VMs by using built-in and custom configuration checks, review remediation steps for aligning non-compliant VMs.



aqua logo fullcolor