Aqua Security announces industry’s first container runtime security solution for CRI-O

Supports Red Hat OpenShift workloads that use CRI-O as the runtime engine

Red Hat Summit, San Francisco, and Boston, MA – May 7, 2018 – Aqua Security, the market-leading platform provider for securing container-based and cloud-native applications, today announced early availability of its runtime security controls for workloads using the CRI-O runtime engine, including those managed using Red Hat OpenShift Container Platform.

CRI-O is an implementation of the Kubernetes CRI (Container Runtime Interface) that enables using OCI (Open Container Initiative) compatible runtimes. It is a lightweight alternative to using Docker as the runtime for Kubernetes. It allows Kubernetes to use any OCI-compliant runtime as the container runtime for running pods. Red Hat OpenShift Container Platform 3.9 introduced GA support for CRI-O as a runtime engine on its platform in April 2018.

“As standards in the cloud-native ecosystem continue to evolve towards simpler common frameworks, organizations must continue to maintain visibility and control over their workloads,” said Amir Jerbi, CTO and co-founder of Aqua Security. “We are committed to helping customers secure their applications no matter where and how they are deployed. By extending our support to CRI-O and other emerging standards we are realizing our vision of ‘secure once, run anywhere’.”

“We are delighted to have Aqua Security enabling runtime security for CRI-O workloads on Red Hat OpenShift Container Platform,” said Chris Morgan, Global Technical director, OpenShift Ecosystem at Red Hat. “Security and compliance are top of mind for our enterprise customers, and the runtime protection capabilities delivered by certified OpenShift partners such as Aqua can help deliver this.”

Aqua’s container security platform increases the security of cloud-native applications by applying security controls across their entire lifecycle, from development to production. Runtime controls, which now support CRI-O, include:

  • Preventing unauthorized images from instantiating
  • Zero-configuration protection using machine-learning to understand a container’s behavior and applying least-privilege policies that permit the container to perform only legitimate application activities.
  • Auditing of container activities such as user access, file access, executables used, network access, and more.
  • Firewalling of container level network connections.

Aqua’s platform is currently in use by dozens of Global 1000 customers, providing the most comprehensive full-lifecycle solution for securing container-based and cloud-native applications, running on-prem or in the cloud, supporting both Linux and Windows runtime environments. The Aqua platform drives DevSecOps automation and provides visibility and runtime protection for cloud-native workloads, including container-level, host-level, and network-level controls.

Aqua’s runtime support for CRI-O will be generally available in July 2018.

About Aqua Security

Aqua Security enables enterprises to secure their container and cloud-native applications from development to production, accelerating application deployment and bridging the gap between DevOps and IT security. Aqua’s Container Security Platform provides full visibility into container activity, allowing organizations to detect and prevent suspicious activity and attacks in real time. Integrated with container lifecycle and orchestration tools, the Aqua platform provides transparent, automated security while helping to enforce policy and simplify regulatory compliance. Aqua was founded in 2015 and is backed by Lightspeed Venture Partners, Microsoft Ventures, TLV Partners, and IT security leaders, and is based in Israel and Boston, MA.  For more information, visit or follow us on

Red Hat and OpenShift are trademarks or registered trademarks of Red Hat, Inc. or its subsidiaries in the U.S. and other countries.



Media inquiries:

Rachel Kaseroff

RJK Communications

[email protected]

+1 (415) 341-5625