Security for Serverless Functions (FaaS)

Ensure that serverless functions are secured and in compliance. Reduce the attack surface, control deployment, and protect functions in runtime using performance-optimized controls.

Risk-free Serverless

Secure AWS Lambda

Centralize Security

Reduce the risk from serverless functions

Gain visibility into running functions, assess and control risk in the pipeline, preventing OWASP top 10 serverless threat.

Protect AWS Lambda applications

Ensure least-privilege permissions, automatically deploy runtime protection, and detect behavioral anomalies

Centralize security and compliance

Combine serverless security with all cloud native application and infrastructure, using unified policy management and control.

Scan for vulnerabilities
Integrate CI/CD pipelines
Ensure least-privilege
Control deployment
Protect AWS Lambda

Scan functions for vulnerabilities, malware, and secrets

Aqua scans functions based on our constantly updated stream of aggregate sources of vulnerability and malware data (CVEs, vendor advisories, and proprietary research), which ensures up-to-date, broad coverage while minimizing false positives. Scan for cloud provider-specific keys and secrets and prevent their accidental exposure.

Integrate in your CI/CD pipelines

Aqua enables you to “shift left” security into early stages of development by scanning functions as they are built, shortening the fix cycle for security issues. We provide native plug-ins as well as a CLI tool that automate scanning within CI tools such as Jenkins, Bamboo, and Azure DevOps. As a step in the build, developers can view scanning results and suggested mitigation from within a familiar environment.

Ensure least-privilege permissions

A key risk in serverless functions is over-provisioned permissions, that allow a potential attacker to gain access to additional resources. Aqua prevents this by flagging over-provisioned permissions, as well as monitoring for unused permissions and roles over time, allowing you to reduce them to what’s needed.

Control deployment of authorized functions

With Aqua’s flexible assurance policies, you can set policies that determine which functions are compliant and authorized for deployment based on their security posture, and conformance to our acceptable risk level. This includes any combination of vulnerability scores, permissions, malware, secrets, and other security-related configuration issues.

Protect AWS Lambda functions in runtime

Use Aqua’s small-footprint, highly performance-optimized and automatically deployed NanoEnforcers to protect functions in runtime. Aqua can block code injection attempts and unauthorized executables, as well as detect indications of compromise (IoCs) using function-embedded honeypots.

Webinar

Aqua Serverless Security for AWS Lambda

Watch Now

Gartner's 2021 Market Guide for Cloud Workload Protection Platforms

In this report, Gartner advises its clients to favor CWPP vendors specializing in container orchestration monitoring and serverless functionality, and proactively extend workload testing into the CI/CD pipeline.

Download Report

Need to secure enterprise workloads?

Aqua Cloud Native Application Protection Platform (CNAPP)

Go cloud native with the experts!

Get Demo

Aqua Security

Aqua Security is the pioneer in securing containerized cloud native applications from development to production. Aqua's full lifecycle solution prevents attacks by enforcing pre-deployment hygiene and mitigates attacks in real time in production, reducing mean time to repair and overall business risk. The Aqua Platform, a Cloud Native Application Protection Platform (CNAPP), integrates security from Code to Cloud, combining the power of agent and agentless technology into a single solution. With enterprise scale that doesn’t slow development pipelines, Aqua secures your future in the cloud. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL protecting over 500 of the world’s largest enterprises.

Use Cases

Environments

Partners

Products

Get Started