Aqua Security

Cloud-native security platform protecting containers, serverless, and Kubernetes environments with automated threat detection and response.

Product categories

Cloud-native application protection platform (CNAPP)
Provides integrated security and compliance tools to protect cloud-native applications across development and runtime environments.
Cloud workload protection platform (CWPP)
Protects cloud workloads in multi-cloud and hybrid environments, offering tailored security for various cloud deployment models.
Cloud security posture management (CSPM)
Continuously monitors cloud infrastructures for risks and misconfigurations, ensuring adherence to security best practices and compliance requirements.
Container security
Protects containerized applications and infrastructure by securing the entire container lifecycle, from build to runtime, in cloud environments.
Kubernetes security posture management (KSPM)
Secures Kubernetes environments by identifying misconfigurations and vulnerabilities, ensuring compliance with container orchestration security best practices.
Software bill-of-materials (SBOM)
Provides a detailed inventory of all software components and dependencies, improving transparency and managing software security risks in cloud environments.
Software composition analysis (SCA)
Scans third-party libraries and open-source components for vulnerabilities, ensuring compliance with security standards in cloud-based software dependencies.
Data security posture management (DSPM)
Identifies, monitors, and secures sensitive data in cloud environments, preventing unauthorized access and ensuring compliance with data regulations.
Vulnerability management, detection, and response (VMDR)
Identifies, prioritizes, and mitigates vulnerabilities across networks, systems, and applications to strengthen security posture in cloud environments.

Supported cloud providers

Alibaba Cloud
Amazon Web Services
Google Cloud
IBM Cloud
Microsoft Azure
Oracle Cloud

Open-source projects

CloudSploit
Cloud security scanner identifying misconfigurations and permission risks across multiple cloud services.
Trivy
Multi-platform security scanner for container images, file systems, and Git repositories, detecting vulnerabilities.

Research

Team Nautilus
Studies security in cloud-native environments, focusing on containers and serverless architectures.

Acquisitions

CloudSploit acquired on November 12, 2019
Open-source cloud security scanner detecting vulnerabilities and misconfigurations in AWS, Azure, and GCP environments.