The runtime protection has two tiers: standard and advanced protection.
- Scan their applications for vulnerabilities during the Continuous Integration process
- Provision policies to block unauthorised applications during the staging phase
- Scan and monitor application or container artifacts for vulnerabilities, malware, and user activity
- Apply host assurance policies for application or container artifacts
- Detect and block unapproved changes to running application workloads
- Monitor and control application activity based on customised policies
- View application network connections and apply firewall rules that whitelist authorised connections
- Leverage granular audit trails of access activity, scan events and coverage, application activity and system events
Aqua Security for PCF installs natively as a Buildpack (containing the languages, runtimes, libraries, and services used by the app), and the advanced runtime protection component is implemented as a Bosh add-on, protecting all Pivotal Application Service apps without requiring any manual changes or individual re-deployments of Aqua per application.
Pivotal customers can get Aqua Security for PCF directly from the Pivotal services marketplace.