Aqua Security’s patent-pending MicroEnforcer™ architecture protects containers running on
“zero infrastructure” container-as-a-service environments
Boston, MA March 7, 2018 – Aqua Security, the market-leading platform provider for securing container-based and cloud-native applications, today announced the availability of version 3.0 of its platform, featuring a new, patent-pending technology that provides runtime security controls for applications running on container-as-a-service (CaaS) environments such as Microsoft’s Azure Container Instances (ACI) and Amazon Web Services (AWS) Fargate. Aqua 3.0 also introduces extensive new Kubernetes-native controls that leverage recent releases of the popular orchestration software – separate announcement here.
AWS Fargate and Microsoft ACI were both announced late last year, and offer a new breed of cloud-based services that enable users to run containers on demand, without requiring provisioning or management of VM instances. From a security standpoint, approaches that rely on host-level controls to secure the runtime environment are not effective for these containers, since the host is no longer a visible, manageable entity.
Aqua’s new patent-pending MicroEnforcer™ technology solves this by inserting security controls into the container early in its development lifecycle. As the container image is built, the MicroEnforcer is embedded into it in a way that later allows it to monitor and control instantiated containers, including the ability to prevent specific unauthorized container activities.
“There’s no doubt that containers are becoming easier to use and more pervasive, and while certain aspects of the technology stack are consolidating, options for deployment are becoming more varied and more flexible.” Said Amir Jerbi, Co-Founder and CTO at Aqua Security. “Cloud-native apps present an opportunity to provide much more granular security controls, and apply them uniformly regardless of where the application runs, and this has been one of our key benefits to enterprises moving workloads to hybrid cloud environments”.
How Aqua MicroEnforcer works:
- MicroEnforcer is added into the container image during build;
- The secured image is saved in a private or public registry;
- When the image is run in a CaaS environment, the container operates under the constraints of the image runtime policy, and reports back to the Aqua Command Center.
Aqua MicroEnforcer secures containers wherever they run:
- It identifies malicious activity, such as access to unauthorized networks or attempts to inject code into the container, and prevents these attempts at runtime;
- It securely injects secrets into containers that are authorized to use them at runtime, leveraging existing enterprise secrets stores, including Hashicorp Vault, Cyberark Password Vault, AWS KMS and Azure Vault;
- All alerts generated by MicroEnforcer are sent to the Aqua Command Center, which can also send them to SIEM and analytics tools such as Splunk, MicroFocus ArcSight or Sumologic.
Aqua’s MicroEnforcer augments Aqua’s existing Enforcer, a “sidecar” container that provides security controls on containers running on defined hosts (VMs or bare metal servers running Linux or Windows 2016). The two mechanisms – Enforcer and MicroEnforcer – complement each other, allowing Aqua customers to manage deployments across multiple cloud technologies from a single console.
Aqua’s platform is currently in use by dozens of Global 1000 customers, providing the most comprehensive full-lifecycle solution for securing container-based and cloud-native applications, running on-prem or in the cloud, and supporting both Linux and Windows runtime environments, as well as the recently announced public beta for Pivotal Cloud Foundry. The platform drives DevSecOps automation, and provides visibility and security for runtime applications, including both host-level and network-level controls.
Aqua 3.0 is compatible with implementations of Kubernetes 1.8 or newer, and is available to existing Aqua customers. For additional information:
- Fargate Blog
- ACI blog
- Webinar: Securing containers in a CaaS world
About Aqua Security
Aqua Security enables enterprises to secure their container and cloud-native applications from development to production, accelerating application deployment and bridging the gap between DevOps and IT security. Aqua’s Container Security Platform provides full visibility into container activity, allowing organizations to detect and prevent suspicious activity and attacks in real time. Integrated with container lifecycle and orchestration tools, the Aqua platform provides transparent, automated security while helping to enforce policy and simplify regulatory compliance. Aqua was founded in 2015 and is backed by Lightspeed Venture Partners, Microsoft Ventures, TLV Partners, and IT security leaders, and is based in Israel and Boston, MA. For more information, visit www.aquasec.com or follow us on twitter.com/AquaSecTeam.