Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cybersecurity
    • Cybersecurity

    Aqua Expands Container Security Platform With MicroEnforcer

    Written by

    Sean Michael Kerner
    Published March 7, 2018
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Aqua Security launched version 3.0 of its namesake container security platform on March 7, refocusing the product on providing Kubernetes cloud-native enterprise security controls.

      Aqua originally focused on just Docker container deployments, but with the new 3.0 update it is providing a series of capabilities that are aligned with Kubernetes deployments. Kubernetes provides container orchestration capabilities and has also been embraced by Docker Inc., which now also integrates Kubernetes as an option for its users.

      Looking beyond just Kubernetes, Aqua 3.0 also has a new capability called the MicroEnforcer, which is aimed at emerging forms of lightweight container deployments, such as the AWS Fargate service.

      “Over the last few years we had Docker as a focus,” Amir Jerbi, co-founder and CTO of Aqua Security, told eWEEK. “In the last year, we have seen a shift in the market where more and more people are using Kubernetes and there is a great need for tools that will add value on top of what Kubernetes offers.”

      Aqua released its first container security platform in May 2016, providing runtime protection for containers. The Aqua 2.0 release debuted in February 2017, delivering an expanded set of container security capabilities, including application container traffic segmentation and support for secrets management. As a company, Aqua has raised a total of $38.5 million in venture capital funding, including a $25 million Series B round of funding that closed in September 2017.

      The protections available in Aqua 3.0 aren’t just a shift in name to Kubernetes; they also represent a shift in how certain security functions are enabled. For example, Jerbi said that for user access control, which defines which users can perform various actions, things are done differently in Docker than with Kubernetes. Jerbi explained that Docker user access control is done at a low level with a Docker command. In contrast, he said that with Kubernetes, Aqua is providing user access control at the API level.

      “We moved the security layer to a higher level to be more aligned with the way Kubernetes works, which allows us to protect different types of resources,” he said. “We can protect Kubernetes services and daemon sets and not just the containers.”

      Kubernetes has included a role-based access control (RBAC) capability since the 1.8 release, which debuted in September 2017. Jerbi said Aqua plugs into Kubernetes native dynamic admission control capabilities, which allow external security vendors to provide an additional layer of security.

      Networking is also handled a little differently in Kubernetes than it has been typically done in Docker. Kubernetes has an abstraction known as the Container Networking Interface (CNI), into which different container networking technology can integrate.

      “The integration with CNI allows us to create nano-segmentation,” Jerbi said. “Unlike Docker where you don’t have a lot of segmentation option, with Kubernetes there are different services and a lot of ways to group together applications.”

      As such, Jerbi explained that an Aqua 3.0 user can choose to segment an application running in a specific namespace segment to make sure that it will never connect to another application running in a different namespace.

      MicroEnforcer

      Among the many different ways that Kubernetes is being deployed today is the AWS Fargate cloud service that provides a serverless approach to running containers. Fargate enables organizations to run containers without the need to manage servers or clusters.

      To help protect AWS Fargate-based container deployments, Aqua is introducing its new MicroEnforcer model. With the typical Aqua deployment, what is known as a container “side-car” is deployed on every node, according to Jerbi. The side-car is a container that acts to protect other containers that run on the same host node.

      “The problem with Fargate is there is no node, so you have to add the enforcement point together with the application,” he said. “So we allow organizations to package the MicroEnforcer directly into the application container image.”

      Jerbi added that as part of the application container image, the MicroEnforcer protection will travel with the container wherever it is deployed. The MicroEnforcer also provides encryption to the container image, further protecting the data within an image.

      Kube-Bench

      Aside from its commercial platform, Aqua is also the leader of the open-source Kube-bench project, which provides a set of checks to make sure that Kubernetes is deployed in compliance with security best practices. As part of the Aqua 3.0 platform, Jerbi said Kube-Bench is now directly integrated inside of the product.

      “We’ve also put additional capabilities on top of Kube-Bench in Aqua 3.0, including the ability to aggregate results across a cluster as well as the ability to generate reports,” he said.

      In addition, Jerbi noted that Aqua 3.0 provides compliance templates for Payment Card Industry Data Security Standard (PCI-DSS) and Health Insurance Portability and Accountability Act (HIPAA) compliance regimes.

      Container Competition

      The market for container security vendors is a competitive one, with multiple firms all aiming to grow market share. Among the startup vendors in the space are Twistlock, Capsule8, Neuvector, StackRox and LayeredInsight.

      Jerbi said Aqua aims to differentiate itself from the competition by investing in the entire lifecycle of container security, from development to production deployment.

      “From our perspective, we want to make sure we’re providing customers with security consistency regardless of which cloud-native tool they choose,” Jerbi said. 

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and writer for several leading IT business web sites.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.