We have enhanced our Cloud Native Security Platform (CSP) by adding Cloud VM protection capabilities for VMs that are not running container workloads. Aqua now provides a full-stack security solution across all workload types: VMs, containers, and serverless functions, for both Linux and Windows VMs.
Cloud VMs are standardized, immutable infrastructures that often use a minimal OS and conform to strict, automated configurations. Much Like containers, cloud VMs are managed using automated templates and processes for provisioning, configuration management, and application deployment. From a vulnerability perspective, VMs are not usually patched in runtime, but rather fresh VMs are spun up from an updated machine image.
Conventional host-based security solutions for physical servers and VMs use complicated agents that perform many functions that are no longer relevant to the cloud era. Aqua has replaced such elements with a lightweight solution suited for cloud workloads, which is easier to manage and less taxing on cloud resources. With the new Cloud VM protection, Aqua has introduced a series of security and compliance controls intended to protect VMs in cloud environments, along with the containerized applications running on them. These new capabilities are now a part of the Aqua platform which can be leveraged to manage full-stack security and compliance.
See how securing cloud VMs integrates into the aqua Cloud Native Security Platform
File Integrity Monitoring (FIM) is a process that validates the integrity of the operating system and application files using a verification method between the current file state and a known, good baseline. This is a basic requirement that ensures that applications comply with the PCI-DSS standards. Aqua’s FIM capabilities include:
When working in a hybrid-cloud or with legacy applications (applications that were not yet migrated to micro-services), managing network traffic can be a challenge. It may require more than one solution to provide the required security posture of applications. Aqua networking capabilities already provide full visibility for cloud-native applications that run on a single/hybrid cloud. With our new coverage for Cloud VMs, we now provide a unified solution for securing network activity for all types of applications, containerized or not. Our Cloud VM’s Firewall capability includes:
These vulnerabilities are introduced by new and existing software and many of them impact packages that are used by VMs. In addition, companies that are PCI compliant must adhere to requirement 11: “regularly test security systems and processes” and keep out vulnerabilities with CVSS from 4.0 or higher. The Aqua Vulnerability Scanner provides:
Scanning cloud VMs for vulnerabilities and malware is the first step towards getting the security posture for VMs. It is also critical to evaluate VMs with respect to industry security standards, such as Linux CIS and PCI-DSS, as well as internal organizational guidelines. Aqua VM Assurance Policies allow you to enforce these standards in development and in production. Aqua VM Assurance Policies can be used for:
As security requirements for public and private clouds continue to evolve, Aqua stands up to those critical requirements in order to protect cloud-native workloads. With the introduction of VM security, Aqua provides its customers with a complete workload protection platform for where they are today and where they are heading in the future.
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and accelerate their digital transformations. The Aqua Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads, wherever they are deployed.
Aqua customers are among the world’s largest enterprises in financial services, software, media, manufacturing and retail, with implementations across a broad range of cloud providers and modern technology stacks spanning containers, serverless functions and cloud VMs.