New release of Aqua security platform includes secrets management

Aqua Security, a platform provider for securing containerized applications, has announced the release of version 2.0 of its Container Security Platform (CSP). A major requirement for securing containerized applications is ensuring that containers can only communicate within their permitted network segment, limiting the “blast radius” in case of an attack. The challenge is to do so without hindering the container’s ability to perform legitimate application functions that require communication within the host or across hosts, on-premises or in the cloud. 

“Traditional host-based security agents don't understand containers and lack the context to enforce different policies on different containers in the same host.” notes Neil MacDonald, VP Distinguished Analyst at Gartner Research, “Depending on the network architecture used, container-to-container traffic within a physical host may not be visible to external network firewalls and intrusion detection and prevention systems.”

Version 2.0 of the Aqua CSP automates the creation of network nano-segments that limit container network connectivity based on the application context and needs, regardless of physical location, IP address or other network properties.

Key features include:

- Automatic discovery of containerized application network topology

- Automated creation of network nano-segments based on the container’s activity

- Context based container firewall that allows service-oriented rules

- Detection or prevention mode, allowing to either alert on or prevent unauthorized network connections.

- Central visibility and control over container secrets from the Aqua Management Console.

- HashiCorp Vault and Atlassian Jira integration

- Vulnerability scanning on a large scale