Last month we attended Microsoft Ignite, the biggest event for Microsoft professionals that covers everything in Microsoft’s vast enterprise infrastructure, applications and cloud services portfolio. During that same week we announced our Series A funding by Microsoft Ventures.
Well before engaging with the Microsoft Ventures team, we were hard at work making our Container Security Platform support Windows Containers, which we knew were going to be announced officially at Ignite. At the present, the container space is dominated by Linux users and applications, but there are many organizations that rely heavily on Microsoft Windows, or at the very least have a mix of both.
We know that some organizations are waiting for containers to be natively supported in Windows before jumping head first into container technology. I fully expect this to be a multi-platform market in the not-so-distant future, and Aqua is ready for it.
I was therefore excited to be invited to demo a preview of our security platform supporting Windows Containers, which is now available to Aqua’s customers. I was embedded into a Windows Server 2016 session, run by two of Microsoft’s foremost technology evangelists, who have been behind some of the core technology in Windows server for many years now. It was a great opportunity to evangelize containers and container security.
You can watch the full presentation below (queued to start with my intro, but you can rewind to the beginning if you like):
The importance of Windows Containers cannot be exaggerated. Not only is this a big move by Microsoft into the container space, but since many on-prem applications today run on Windows, having containers that can seamlessly run on Windows and in Azure is a tremendously attractive path to cloud migration or hybrid cloud.
So what does Aqua do for Windows Containers users? Basically everything we do for Docker on Linux users. Of course much of the underlying stack is not the same, but we took care to mask the complexities and provide a uniform experience across platforms, so our customers can run containers on Linux or Windows, on-prem or in the cloud - the protection they get from Aqua will be the same:
- Image assurance that prevents running vulnerable images and tracks image use throughout the lifecycle.
- Runtime security that utilizes multiple layers of defense, starting with least-privilege defaults that are then enhanced using behavioral analytics to whitelist good behavior and detect and prevent anomalous behavior.
- Network nano-segmentation for containers, preventing unauthorized network access..
- Cyber intelligence that provides protection against various attack vectors
- Granular access control that prevents unauthorized access by users
Aqua Integration into Visual Studio Team Services (VSTS)
More good news for Microsoft shops, we now integrate with VSTS which is Microsoft’s CI tool for DevOps teams. Aqua is available from the Visual Studio Marketplace, and can be embedded as a step in the CI process to provide vulnerability scanning for image.
The user can set a policy that determines success/fail criteria for the scan, so that a build where a scan detected vulnerabilities that contravene the policy, the build will fail.
We created a 1-minute video that demonstrates and explains this process:
Aqua for VSTS is available for installation here.
