Review: How Aqua secures containers from development to production

The Aqua Cloud Native Security Platform uses an inherent advantage of containers, the fact that they are always highly specialized for their jobs, to create a cybersecurity structure based on whitelisting.

Containerization continues to gain popularity with many large enterprises, where thousands of new containers can be deployed every day. Containerization provides the benefits of cloud computing, like infinite expandability, but also individual control over each independent container, which can act as anything from tiny microservices to full-blown programs and operating systems. Yet, despite these advantages, and the increasing reliance on containers, security has been slow to catch up. Traditional security programs and their one-size-fits-all approach, even if created to work inside the cloud, often fare poorly trying to protect thousands of independent containers, which may all have different functions, components and hidden vulnerabilities.

Part of the challenge is the way containers are usually created. Developers will pull images from various places — including previously created containers and open-source repositories — and use them as the baseline for their new containers. The problem is that those images might harbor everything from unnecessary operating system components to vulnerabilities. None of that might be a problem, depending on where and how the new container is being deployed, or it might be just the opening that an enterprising attacker needs to compromise an entire network.

The Aqua Cloud Native Security Platform secures individual containers from the time they are first developed all the way through when they land in a production environment. It uses an inherent advantage of containers, the fact that they are always highly specialized for their jobs, to create a cybersecurity structure based on whitelisting.

aqua security enforce security policies John Breeden II

The Aqua Cloud Native Security Platform is able to enforce security policies while containers are being created, preventing any insecure or risky code from creeping into containers in the first place. Here it works with a Jenkins plugin.

The platform is embedded into the development process for containers, and can work with just about any platform, including Kubernetes, Rancher, Docker, Red Hat Openshift, Mesosphere and others. Pricing for the platform is an annual subscription model based on the number of nodes being protected, but there are also hourly pricing schemes available for cloud deployments like Google Cloud and Amazon Web Services.

To continue reading this article register now

FREE Download: Get the Spring 2019 digital issue of CSO magazine today!