Aqua Security Reviews

We did very little with Aqua, basically. We only used Aqua for the image scanning and document scanning and that's it. Since I was working on a DevSecOps project, I was asked to find how complicated it was comparatively, for example, which is more complicated, whether the Aqua or Prisma, and how fast these things could be churned out or integrated into an existing pipeline, or when you create a new pipeline, how fast these things work. I had to experiment with these things.

In our scenario, we were creating pipelines for Infrastructure as Code. Our pipeline would be doing the scanning for all infrastructure code. In that code, if any image is mentioned, we would pick them up, we would scan them, and that's where we'll be using Aqua or Prisma. We have created items with both of those. One of the pipelines which had Aqua would be scanning and finding the vulnerabilities inside the image.

The image security and image scanning were quite easy compared to Prisma. The solution was very user-friendly.

It is easy to set up. 

It's stable.

The documentation was robust.

It's easy to set up. 

I don't recall coming across any missing features. 

It's a bit hard to use the user roles. That was a bit confusing. That was from the interface side, the application from which we logged into Aqua. That needs a bit of improving. The admin was a bit confusing. 

I've used the solution for a couple of months, maybe. 

The stability is good. It is reliable. There are no bugs or glitches. 

I did not try to scale the solution. 

We had 20 to 30 people on the solution. 

In my team, we had five members using it - the DevSecOps team. We were on the integration side of it. There might have been two to three project teams, basically, who used to used the pipelines, which we created for them.

We did not use support. We never came across any issues. 

I was working for Computer Software Corporation, CSC corporation, as a contract employee. There, we were asked to do a research on various cloud security applications. That's where we came in contact with Aqua. We were trying to do apple to apple comparison of Prisma and Aqua.

We felt Aqua is good and we even recommended Aqua to be used - rather than Prisma.

The initial setup was pretty straightforward. 

If it is deployed from scratch, the documentation is pretty straightforward. We just followed the steps and we were able to do it. There were no unexpected bugs or any other issues we faced. Everything was quite straightforward.

I'd rate the solution four out of five in terms of the initial setup. 

Maintenance was taken care. Maintenance was good there. It doesn't need any more effort. What we used was the latest one, a stable version, and since we were dealing with a corporate organization, we wanted stable versions to be always tested. 

We did the implementation in-house.

I'm not sure of the exact pricing. I cannot speak of the exact costs. The company already had a licensed version. 

We were working with the latest version of the solution. 

We had a cloud dashboard to see our stuff, basically. We used it on-prem; however, once the scanning is done, the results would be posted on that platform. That's where we used to go and see the information.

It's fast to implement and straightforward. It works for all brackets. I'd recommend it to others. 

I'd rate it eight out of ten. 

The most valuable feature is the on-demand patching. There are times when vulnerabilities don't have available fixes, and Aqua Security allows it to pass the vulnerability in real-time while the fix is being developed.

Their sandboxing service is also really good. When we download an open source tool, we can run it in a sandbox environment and see if there are any back holes or trap doors in the code. However, we don't like that their services are in the US.

Aqua Security lacks a lot in reporting. It provides all the open issues, but no actionable solution is provided. There's no intelligence behind the reporting, so that can be improved. Also, it could be a cheaper solution. However, it is costly because it's a very small market and the first of its kind.

Regarding additional features, we would like to see better log ingestion. For example, if we have an EDR or a SOC, we want the SOC, the cloud and the container security to interact better. That means the cloud should have better ingestion of logs and SOC logs and be able to give more heuristic analysis of security issues rather than just ones and zeros.

The licensing model could be better because it has a scalable container environment. If we're working in a small environment, it is fine, but if we have a large environment, we can't predict the traffic for the day. If the marketing team decides to launch a campaign with high traffic, then we won't have licenses available for all our ports. Therefore, the licensing model needs to be rethought, and we can't have per-port licenses because ports can increase.

We have been using this solution for over a year. It is a managed service and deployed on cloud.

It is a good solution and is stable. Their services are good, and they provide good responses. If there are business-related issues, they will contact you and answer your questions on priority.

Swisslog and Aqua Security work with a very similar pricing model as they have an agent deployed in a cluster that covers all the containers or namespaces in that cluster. Now, if clusters are also scalable, which is the case in containers, the number of licenses consumed increases.

Aqua Security charges per license. So we usually take their licenses in our testing and QA environment. However, we limit it in the production environment because, in QA testing, our environment expands and collapses because developers are testing. So in production, we can forecast how many licenses we may need in the future.

However, if there is no production system, we cannot account for the number of fraud and containers and we will have to pay through the roof for these solutions because they charge for containers per port for every single agent they deploy.

About 20 to 30 people use Aqua Security from the DevOps and security team. They use the solution because they handle the infrastructure and security.

The technical support is good, and they reply on time.

The initial setup was easy.

I rate the price a four out of ten, with one being a high price and ten being a reasonable price. It is a costly solution.

Aqua Security is an on-demand service. Swisslog just launched a product, but it is not as good as Aqua Security in terms of accuracy. Swisslog is integrated with the package and with Aqua Security, you need to pay more for the first scan.

I rate this solution a seven out of ten.

We mainly used Aqua Security for container-related Kubernetes security in the CI/CD pipelines to secure the runtime of the Kubernetes clusters. 

The most valuable feature of Aqua Security is the scanner.

Aqua Security could improve the forwarding of logging into Splunk and into other tools, it should be easier.

In the future, Aqua Security should work on minimizing its footprint because it consumes a lot of resources on the cluster itself. We are receiving a lot of logs out of it, but there was some problem with receiving the events in the right order. It should also concentrate on not only collecting logs but events, traces,  and somehow into the metrics side.

I have been using Aqua Security for approximately two years.

Aqua Security is stable.

Aqua Security has been scalable in our usage.

Our setup was not very big, we had approximately 20 clusters and one central cluster. It scaled enough and we distribute it to the clusters, the enforcers on the nodes, it's a combination of centralized and distributed solution. I didn't use it over more than 20 clusters.

I have used the technical support from Aqua Security. We had some issues we had to solve ourselves.

I rate the support from Aqua Security a three out of five.

We previously used Red Hat and Prisma Cloud. Prisma Cloud was too expensive and Red Hat security is more similar to risk management, not risk posture management, and is not a real security tool. We decided on Aqua Security.

The initial setup of Aqua Security is simple if you know some helm charts work.

Aqua Security is not cheap, and it's not very expensive, such as Splunk, they are in the middle.

I rate Aqua Security an eight out of ten.

Aqua Security allows us to check for vulnerabilities in the CI/CD pipeline, so application teams can remediate issues before going into production.

Aqua Security helps us to check the vulnerability of image assurance and check for malware.

In the next release, Aqua Security should add the ability to automatically send reports to customers.

I've been using Aqua Security for between two to three years.

Aqua Security's stability is very good.

Aqua Security can be scaled up and down depending on your needs.

Aqua Security's technical support is usually quite responsive.

Positive

There were some challenges with the initial setup.

We used an in-house team.

Aqua Security is the most advanced solution in the market for container security. I would rate it as eight out of ten.

We use this product for all of our network security.

The container security element of this product has been very valuable to our organization.

We would like to see an improvement in the overview visibility that this solution offers.

The runtime security element of this solution could also be improved, in order for it to be more universally usable.

We have been using this solution for five or six years.

We have found this solution to be stable.

Scalability isn't an issue with this solution.

Before choosing this solution we also evaluated Snyk.

I would rate this solution a six out of ten.