Cloud Native / Containers / Security

Aqua Security Automates Configuration Vulnerability Remediation

30 Jul 2020 8:04am, by

Cloud native security company Aqua Security has launched two new offerings, with a handful of new features alongside them, both for the cloud native newcomer as well as the enterprise already well on its cloud native journey. First, Aqua Wave is a SaaS-only offering that works to secure both applications as they are built as well as the infrastructure they are deployed on. Second, Aqua Enterprise introduces a SaaS version of Aqua Security’s enterprise offering, on top of its existing self-hosted version, and adds some capabilities for securing workloads at runtime.

“They’re really intended to serve what we see as a variety of maturity levels within the market. Even larger enterprises will run on Aqua Wave of securing hundreds of cloud accounts, but they just don’t go as deep as the Aqua Enterprise capabilities. So, it’s the breadth versus depth as opposed to just breadth,” said Rani Osnat, vice president of strategy at Aqua Security. “Aqua Wave is intended for people who are either in an earlier stage of their cloud native journey or are more interested in the infrastructure aspects of securing their public cloud. It includes our cloud security posture management (CSPM) products, which allow you to audit as well as remediate various settings in your cloud account settings and services across AWS, Azure GCP and Oracle Cloud but also adds scanning capabilities for container images, as well as dynamic threat analysis.”

Osnat said that the company previously had a platform called Aqua CSP and that they “added some capabilities to it and repackaged it” as Aqua Enterprise, also adding on this SaaS capability. In addition to the launch of these two new offerings, Osnat pointed to a few standout features that were launched with this release.

Included in the release of Aqua Wave is an updated version of Aqua Cloud Security Posture Management (CSPM), which now takes support for Google Cloud Platform (GCP) and Oracle Cloud out of beta, offers scanning of Terraform and AWS CloudFormation, as well as Vulnerability Scanning and Dynamic Threat Analysis product, both integrated as options.

Beyond simply scanning, however, CSPM now provides auto-remediation features.

“It’s this notion where we don’t just review your settings and say ‘this needs to be fixed,’ we also tell you how to fix it and give you the option of letting us fix it for you,” said Osnat. “And we do this in a very granular fashion, because if you think about it from a security standpoint, we’re a third party vendor. You don’t want to give us the keys to your kingdom to go fixing your cloud configuration automatically. You want it to be very selective.”

Instead of granting blanket access, Osnat explained, they use tokens that can provide Aqua with granular access to individual services or even just one setting within a service.

On the Aqua Enterprise side of things, the company introduced a risk-based insight feature, which prioritizes vulnerabilities according to specific, contextual customer environment risks — for example, whether or not the vulnerabilities are present in non-running legacy code that is kept around for compliance purposes or, more urgently, is present in code running in production. Aqua also introduced multi-application role-based access control (RBAC), which makes it easier to determine who has access to what in the more distributed development environments more common in enterprises.

Aqua Wave and Aqua Enterprise, as well as the previously introduced Aqua Dynamic Threat Analysis, are all now generally available.

Feature image by Theme Photos on Unsplash.

At this time, The New Stack does not allow comments directly on this website. We invite all readers who wish to discuss a story to visit us on Twitter or Facebook. We also welcome your news tips and feedback via email:

A newsletter digest of the week’s most important stories & analyses.