DevSecOps

For enterprises to achieve fast, safe deployments, they need early, automated, and continuous remediation of security events. This need stretches across both application and infrastructure code provided by AppSec and DevOps processes.

Scroll down or use the drop-down menu to learn more about each solution.

Choose a DevSecOps solution
  • Choose a DevSecOps solution
  • Alcide
  • Aqua Security Software, Inc.
  • Lacework
Scroll

Alcide

Alcide Kubernetes Security is a Kubernetes-native, AI-driven security platform covering configuration risks, visibility across clusters, and runtime security events. On AWS, Alcide helps DevSecOps teams leveraging Amazon Elastic Kubernetes Services (EKS) to increase security for Kubernetes deployments at scale. Alcide aids in identifying security issues and alerts on non-compliant, abnormal behavior, and presents them on a centralized dashboard and graphical network map.

Alcide Kubernetes Security features include:

  • Automatic and continuous security and configuration posture scanning
  • Audits of cluster, node, and pod configurations
  • Consolidation of all AWS security groups, policies, and corresponding inbound and outbound rules across the network into one dashboard
  • Threat detection, including abnormal behaviors and events

How it works

Additional resources provided by Alcide

Reltio

Reltio was looking for a security solution that understood cloud-native application infrastructure and Kubernetes environments. Alcide Kubernetes Security enabled Reltio to bridge Ops and Security teams in one security platform. Using Alcide's automated and nearly continuous control testing saved the company time and resources while meeting tighter deadlines.

quotes icon

Adopting Alcide saved us from doing manual review of our Dev environment, allowing us to go live on the original set date.

            Terence Runge, Chief Information Security Officer, Reltio

Aqua Security Software, Inc.

The Aqua Cloud Native Security Platform enables organizations to automate secure development and deployment of applications in their DevOps pipelines. It embeds comprehensive security testing and policy-driven controls from the start. The platform also automates container image scanning in continuous integration/continuous delivery (CI/CD) pipelines. This empowers DevOps teams to fix security issues early and expedite application deployment.

Aqua Cloud Native Security Platform for Elastic Container Service (ECS) pay-as-you-go (PAYG) features include:

  • Container image, serverless function, and virtual machine (VM) scanning and assurance
  • Microservices firewalling
  • Role-based user access controls
  • Center for Internet Security (CIS) benchmarking for Linux, Kubernetes, and Docker
  • Granular controls and reporting to enforce regulatory compliance

How it works

Additional resources provided by Aqua Security Software

Theta Lake

Theta Lake wanted to guarantee its software supply chain has no known vulnerabilities and ensure that its CI/CD pipeline and registries are secure. By using the Aqua platform, Theta Lake quickly integrated security into its container-based development pipeline. This included scanning CI/CD builds for known vulnerabilities and scanning image registries for newly discovered vulnerabilities.

quotes icon

Aqua provided us with a zero-friction security and compliance solution for our entire container pipeline. With Aqua, we can prove compliance of our cloud native environment while staying agile and innovative.

            Rich Sutton, CTO, and Cofounder, Theta Lake

Lacework

Lacework is a threat detection, compliance, and automated cloud security monitoring platform. Lacework automatically identifies and resolves anomalous changes and discovers cloud compliance issues. Its embedded security enables continuous security, automation, and faster builds. Using Lacework, DevSecOps teams gain deep visibility into security issues and increase development speed.

Lacework features include:

  • Complete security and configuration support for workloads and accounts running in Amazon Web Services (AWS)
  • Deep visibility and alerts across cloud accounts, workloads, containers, and Kubernetes
  • One-click investigation of events
  • Polygraph-created visual and searchable temporal baseline monitoring entire infrastructure

How it works

Additional resources provided by Lacework

Guidebook

Guidebook wanted a security platform that would help protect sensitive information. Using Lacework, Guidebook gained a clear and comprehensive picture of security operations across all its AWS implementations and was able to identify potential risks previously undiscovered by their security teams. Guidebook's DevOps and engineering teams now use Lacework to troubleshoot issues and gain operational insights.

quotes icon
I'm extremely happy with Lacework. I sleep better at night, knowing we have full visibility into our cloud operations. It was the tool that checked all my security boxes.

Devin Ertel, Director of Security and Information Technology, Guidebook

AWS Marketplace

AWS Marketplace is a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on AWS.

Have questions? Have tips?

We're here to help you get started with AWS Marketplace. Ask for or give advice on the AWS Marketplace discussion forum.