See our complete list of top container and Kubernetes security vendors
Aqua Security is a pioneer in the container security space and was founded in 2015 by a team of IT security veterans from companies such as Intel Security/McAfee, CA Technologies, and Imperva. Today it offers a mature and scalable platform that enables enterprises to secure their container-based and cloud-native applications from development to production, accelerating container adoption and bridging the gap between DevOps and IT security.
In addition to its investment in its core enterprise platform, Aqua has increasingly dedicated resources to providing free and open-source tools to accelerate cloud-native technology adoption and make it easier for individuals and small teams to embed security into their processes. The tools include Kube-Bench, which checks Kubernetes clusters against more than 100 checks, detailed in the Center for Internet Security’s Benchmark for Kubernetes; and MicroScanner, a free vulnerability scanner for Docker images that integrates into the build process, including a free Jenkins plugin.
Aqua is a privately-held company with international headquarters in Tel Aviv, Israel, and North America headquarters in Boston. Co-Founder Dror Davidoff is CEO, and fellow Co-Founder Amir Jerbi serves as CTO.
Since formally launching its solution in May 2016, Aqua has signed dozens of Global 1000 customers, including two of the 10 largest financial services companies and three of the world’s top 10 software companies, as well as others in the retail, media, government, healthcare, telecom, and travel industries.
The container ecosystem is constantly evolving, and it is Aqua’s objective to support all popular stacks and deployment options. This includes a wide range of cloud and virtualization environments spanning on-premises, public cloud and hybrid deployments, as well as various operating systems, orchestrators, registries, CI/CD tools and container engines. To that effect, Aqua has strategic partnerships with AWS, Microsoft, Google, Red Hat, Pivotal, and VMware, among others in the cloud-native and security ecosystems.
Products and Services
The Aqua Container Security Platform delivers a comprehensive solution for securing containerized environments, supporting Linux and Windows containers, for on-premises deployment as well as AWS, Google, IBM, and Azure cloud deployments. By providing a comprehensive platform for securing containerized environments, Aqua says it enables its customers to extract all the cost, agility, and efficiency benefits that containers offer without increasing their risk profiles.
The Aqua Container Security Platform provides a complete, full lifecycle solution for securing containerized applications from development to production.
It includes native image scanning for vulnerabilities, secrets and malware, embedded into the CI/CD process; policy-driven control over image deployment; machine-learning based runtime behavioral policies; detection and blocking of suspicious activities; secrets management; container-level network firewall; and extensive compliance controls for hosts and Kubernetes environments.
Product Performance Metrics
Aqua CSP was built to scale to support enterprise-grade production environments:
- Scanning rate of thousands of images in minutes
- Scalability to protect thousands of nodes and tens of thousands of images
- Multi-tenancy management to support managed services and multiple constituents across an enterprise
- Flexibility to deploy runtime Enforcers either as sidecar containers on the host or embedded at build time as a MicroEnforcer to protect workloads on non-VM-based container services such as AWS Fargate or Microsoft ACI.
- Interoperable with Docker EE, Red Hat OpenShift/CRI-O, Mesosphere DC/OS, and Kubernetes environments
The Aqua Container Security Platform can be deployed on-premises or in a customer’s private or public cloud environment. The platform components are containerized and are easy to deploy using orchestrators, Helm charts, etc.
Additionally, Aqua offers two cloud-based consumption options. Pay-per-scan on AWS Marketplace provides image scanning on a pay-per-scan basis, which can be used in AWS or elsewhere. The customer is billed through their monthly AWS bill. Aqua CSP on the GCP Kubernetes Apps Marketplace offers a full solution, easily deployed into the customer’s GKE clusters, billed by node/hour, aligned with the GKE pricing model. The customer is billed through their monthly GCP bill.
Aqua CSP: Annual subscription, which is priced by node/host for “traditional” orchestrated environments (up to 100 containers per node), and by the number of running containers for AWS Fargate/Microsoft ACI deployments. Actual price varies by the size of deployment. Includes unlimited image scanning, CI/CD integration, and standard support. Premium support available as an option.
Aqua Pay-per-scan on AWS: Priced at $0.29 per scan.
Aqua Container Security on GCP Marketplace: Priced between $0.05 and $0.33 per node per hour, depending on node size.
Aqua MicroScanner and Kube-Bench: Free