SEARCH FINANCIAL SERVICES INFRASTRUCTURE SECURITY SCIENCE INTERVIEWS

 

     

Aqua 3.0 Includes Compliance Features

April 9, 2018

Aqua Security touted the advanced compliance features as an enhancement to Aqua 3.0, which Aqua announced last month. The new compliance features make it easier for organizations that develop and run containers to meet GRC requirements and continuously ascertain the security and compliance posture of their entire application environment.

Key new features and enhancements include:

•Scanning of container hosts: Aqua now performs scheduled scans of hosts running containers, to find both known vulnerabilities as well as malware. This allows organizations to avoid using separate tools for scanning hosts and container images.

•Malware scanning in images: Aqua now scans container images for malware, whether as part of the build in CI (continuous integration) tools or in image registries. The presence of malware is also a component in the Aqua image assurance policy, allowing organizations to prevent images with malware from completing builds in CI/CD as well as from running in their environment.

•Open-source license scanning in images: Aqua now scans container images for the presence and type of open-source licenses, whether as part of the build in CI (continuous integration) tools or in image registries. OSS licensing is now a component in the Aqua image assurance policy, allowing organizations to prevent certain types of OSS licenses from being deployed in their environments.

•Sensitive data scanning in images: Aqua automatically scans for embedded “secrets” in images, such as private keys and tokens. Aqua’s Image Assurance policy can be set to block images where such secrets were found from running.

•Custom compliance checks in images: Using Aqua’s custom compliance checks feature, admins can scan for PII and other sensitive data using their own scripts, such as social security numbers or credit card numbers. Aqua’s Image Assurance policy can be set to block images where such secrets were found from running.

•CIS Kubernetes and Docker benchmarks: The Center for Internet Security, of which Aqua is a SecureSuite member, has issued detailed benchmarks that list several hundred checks to ensure that Kubernetes nodes and Docker hosts are adequately secured. Aqua provides automated scheduled checks for both benchmarks (including the recently updated Docker benchmark version 17.06), as well as detailed reports that show the status of the environment of each test.

“As our customers deploy an increasing number of applications using cloud-native technologies and architecture, the need to adapt compliance controls is apparent,” notes Amir Jerbi, CTO and co-founder of Aqua Security. “With Aqua’s advanced compliance controls and reports, we make it easier for organizations to maintain compliance and satisfy regulatory requirements.”

Aqua’s platform is currently in use by dozens of Global 1000 customers, providing the most comprehensive full-lifecycle solution for securing container-based and cloud-native applications, running on-prem or in the cloud, supporting both Linux and Windows runtime environments. The Aqua platform drives DevSecOps automation, and provides visibility and runtime protection for cloud-native workloads, including both host-level and network-level controls.

As a member of the PCI Council, and a SecureSuite member of the CIS (Center for Internet Security), Aqua closely follows developments in compliance requirements and contributes both industry expertise as well as code. For a free tool to assess Kubernetes nodes against the CIS Kubernetes benchmark, try Aqua’s open source tool: kube-bench.

Terms of Use | Copyright © 2002 - 2018 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement