Aqua Security Automates Compliance for Cloud-Native and Containerized Applications
New compliance-focused features take the hassle out of ensuring compliance with key requirements according to PCI-DSS, HIPAA, GDPR, CIS and NIST guidelines
BOSTON, April 9, 2018 /PRNewswire/ -- Aqua Security, the market-leading platform provider for securing container-based and cloud-native applications, today announced the availability of advanced compliance features as an enhancement to Aqua 3.0, which Aqua announced last month. The new compliance features make it easier for organizations that develop and run containers to meet GRC requirements and continuously ascertain the security and compliance posture of their entire application environment.
Key new features and enhancements include:
- Scanning of container hosts: Aqua now performs scheduled scans of hosts running containers, to find both known vulnerabilities as well as malware. This allows organizations to avoid using separate tools for scanning hosts and container images.
- Malware scanning in images: Aqua now scans container images for malware, whether as part of the build in CI (continuous integration) tools or in image registries. The presence of malware is also a component in the Aqua image assurance policy, allowing organizations to prevent images with malware from completing builds in CI/CD as well as from running in their environment.
- Open-source license scanning in images: Aqua now scans container images for the presence and type of open-source licenses, whether as part of the build in CI (continuous integration) tools or in image registries. OSS licensing is now a component in the Aqua image assurance policy, allowing organizations to prevent certain types of OSS licenses from being deployed in their environments.
- Sensitive data scanning in images: Aqua automatically scans for embedded "secrets" in images, such as private keys and tokens. Aqua's Image Assurance policy can be set to block images where such secrets were found from running.
- Custom compliance checks in images: Using Aqua's custom compliance checks feature, admins can scan for PII and other sensitive data using their own scripts, such as social security numbers or credit card numbers. Aqua's Image Assurance policy can be set to block images where such secrets were found from running.
- CIS Kubernetes and Docker benchmarks: The Center for Internet Security, of which Aqua is a SecureSuite member, has issued detailed benchmarks that list several hundred checks to ensure that Kubernetes nodes and Docker hosts are adequately secured. Aqua provides automated scheduled checks for both benchmarks (including the recently updated Docker benchmark version 17.06), as well as detailed reports that show the status of the environment of each test.
"As our customers deploy an increasing number of applications using cloud-native technologies and architecture, the need to adapt compliance controls is apparent," notes Amir Jerbi, CTO and co-founder of Aqua Security. "With Aqua's advanced compliance controls and reports, we make it easier for organizations to maintain compliance and satisfy regulatory requirements."
Aqua's platform is currently in use by dozens of Global 1000 customers, providing the most comprehensive full-lifecycle solution for securing container-based and cloud-native applications, running on-prem or in the cloud, supporting both Linux and Windows runtime environments. The Aqua platform drives DevSecOps automation, and provides visibility and runtime protection for cloud-native workloads, including both host-level and network-level controls.
As a member of the PCI Council, and a SecureSuite member of the CIS (Center for Internet Security), Aqua closely follows developments in compliance requirements and contributes both industry expertise as well as code. For a free tool to assess Kubernetes nodes against the CIS Kubernetes benchmark, try Aqua's open source tool: kube-bench.
To learn more, check out the following compliance guides from Aqua:
- Achieving PCI-DSS Compliance for Containers
- Achieving HIPAA Compliance for Containers
- Achieving GDPR Compliance for Containers
- NIST SP 800-190 Container Security Guide
About Aqua Security
Aqua Security enables enterprises to secure their container and cloud-native applications from development to production, accelerating application deployment and bridging the gap between DevOps and IT security. Aqua's Container Security Platform provides full visibility into container activity, allowing organizations to detect and prevent suspicious activity and attacks in real time. Integrated with container lifecycle and orchestration tools, the Aqua platform provides transparent, automated security while helping to enforce policy and simplify regulatory compliance. Aqua was founded in 2015 and is backed by Lightspeed Venture Partners, Microsoft Ventures, TLV Partners, and IT security leaders, and is based in Israel and Boston, MA. For more information, visit www.aquasec.com or follow us on twitter.com/AquaSecTeam.
SOURCE Aqua Security
WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?
Newsrooms &
Influencers
Digital Media
Outlets
Journalists
Opted In
Share this article