Enhancing Security for Azure Container Apps with Aqua Security

Azure Container Apps (ACA) is a developer-first serverless platform that allows you to run scalable containerized workloads at any scale. Being serverless provides inherent security benefits by reducing the attack surface, but it also presents some unique challenges for any security solution. Hence, we’re happy to announce that our partner, Aqua has just certified Azure Container Apps for their suite of security solutions.

Azure Container Apps: Built-In Security Features

Due to its purpose-built nature ACA offers several built-in security features that help protect your containerized applications:

• Isolation: ACA runs your workload without the need for root access to the underlying host. Additionally, it’s trivial and requires minimal overhead to isolate different teams in their own environments without the need to painfully cordon off each team via Kubernetes namespaces.
• Network Security: ACA supports virtual network integration, allowing you to control inbound and outbound traffic to your applications on a both a per app basis as well as for an entire environment all at once. Additionally, we provide protection against common layer-7 vulnerabilities such as redirection attacks.
• Managed Identity: ACA integrates with Azure Active Directory, enabling secure access to other Azure services without managing credentials.

While these features provide a solid foundation, securing containerized workloads requires a comprehensive approach that addresses the entire lifecycle of your applications. This is where Aqua’s suite of tools excels.

Elevating ACA's Security Posture using Aqua

Aqua Security is a certified security solution for ACA, offering a full-lifecycle approach to securing your containerized applications. Here’s how Aqua enhances ACA's security capabilities:

• Supply Chain Security: Aqua scans container images for tampering and potential supply chain attacks, ensuring that only verified and secure images are deployed.
• Comprehensive Image Scanning: Aqua scans container images in Azure Container Registry (ACR) and CI/CD pipelines for vulnerabilities, misconfigurations, malware, and embedded secrets, enabling developers to address issues early.
• Image Assurance Policies: Aqua enforces policies to ensure that only compliant images are deployed, minimizing risks and ensuring adherence to security and compliance standards.
• Agentless Discovery and Scanning: Aqua automatically discovers and scans all running services and assets, providing broad visibility into your ACA workloads.
• Runtime Protection with MicroEnforcer: Aqua's MicroEnforcer provides non-invasive runtime security, detecting and preventing threats such as cryptocurrency mining, reverse shell execution, and unauthorized access.

By leveraging Aqua's security solutions, organizations can confidently meet the most stringent security requirements for their ACA workloads.

For more information on how to use Aqua's tooling with ACA, visit the Aqua blog: Securing Azure Container Apps