Managed Container & Serverless Security


Container and serverless environments are highly dynamic. Compute entities are volatile or even cannot be consumed in a traditional client/server way. Especially Kubernetes is extremely powerful, but also the source of innumerable security breaches. Container security expert know-how is very hard to find and even harder to scale.

Enhance the security of your container and serverless environments, while leveraging all benefits of these technologies.


Alice&Bob.Company provides a managed security solution, based upon Aqua CSP.

As a certified Aqua Sec partner and reseller, Alice&Bob.Company sets up the environment on behalf of the clients and takes over the operational responsibility.

This, on the one hand, gives our clients free resources to improve their digital product, on the other hand generates continuous insights into their cloud deployment, also across multiple public cloud vendors.

Alice&Bob.Company provides managed full lifecycle security for images, containers and serverless environments.


Alice&Bob.Company will setup a new instance of the Aqua Wave Enterprise for the customers. This service is provided as a managed installation by Alice&Bob.Company.


The platform is installed in a dedicated AWS account in the Region eu-central-1 (Frankfurt).

Alice&Bob.Company applies Aqua licenses, according to the distinct and contractual agreed client requirements.

The platform comes with the following features enabled:

Options are

The platform scans CI builds and images and can make use of Dynamic Threat Analysis (DTA) to dynamically analyze images – before they are deployed. The analysis is executed in a secure isolated sandboxed environment, examining, and tracing behavioral anomalies to uncover advanced malware that cannot be detected by static scanners.

A&B mitigates the risk of so called “unfixable vulnerabilities” with Aqua Vulnerability Shield.

Additionally, A&B can extend security on serverless functions (FaaS), i.e. AWS Lambda or Google Functions. This includes:

We will perform all the initial configuration necessary. We attach the platform to your multiple cloud accounts your container platform.  For serverless, an Aqua Layer has to be embedded into the code. We will arrange this with your teams. Afterwards we integrate into automation, set thresholds and configure required alerting.

When the platform starts working, Alice&Bob.Company constantly maintains the cloud native security platform for you. Configuration is tweaked and optimized to make you get the most out of the platform.

A&B takes over the operational responsibility. Therefore, Alice&Bob.Company will be added to the alert and notification chain. This also includes real-time alerting. After analysis of an alert-only phase, A&B recommends creating policies, that will preventively mitigate risks. In collaboration with the client – and taking into account the concrete scope of the contract – Alice&Bob.Company can fix simple security issues themselves.

More complex security incidents are tracked and handled by Alice&Bob.Company’s Security Incident Management process. They are resolved tandem working with the client.

The customer will get direct access to the CSPM tool, can take advantage of the detailed reporting without the hassle and burden to get the platform managed.


Main advantages of using Managed Container & Serverless Security with A&B:

Continuous Penetration Testing

Minimize the risk of application vulnerabilities by combining manual and continuously automated penetration testing for your web applications and API’s.

Cloud Security Posture Management

Keeping visibility and enforced security across public cloud accounts – probably across multiple public cloud vendors with the right tools: facilitate a managed Cloud Security Posture Management (CSPM) service by Alice&Bob.Company.

Managed Perimeter Protection

Protect your publicly accessible websites, e-commerce platforms, IoT-, IIoTT-applications and other dynamic web application against abuse of bugs, vulnerabilities and Distributed Denial of Service (DDoS) attacks. The team of A&B and AWS give you a peaceful sleep. 

Security Chaos Engineering Program

Transfer the disruptive operational method of chaos engineering, developed initially by Netflix, to cloud security. We accompany your team(s) over the course of 12 month to establish the concepts and culture of Security Chaos Engineering (SCE).

CI/CD Pipeline improvement

Pimp your existing CI/CD pipeline to the next level! Alice&Bob.Company continuously monitors and improves your current CI/CD pipelines.
We continuously integrate automated and scalable Cloud Security into your software development lifecycle.

Security Champions Program
Accelerate your product development while staying secure by integrating security-as-code in your software development lifecycle. A&B provides a unique “integrate&enable” approach to set up and maintain a companies Security Champions Program.
Cloud Security Trainings

Never stop learning! The cloud never stops teaching! In Jan 2021 AWS consists of more than 199 ready to use service. 45+ of those are security related. Let us help to enable and educate you team(s) with an individual training plan over a timeframe of 6 to 24  months.

Custom Tailored Managed Service

Is there anything you need, but we haven’t covered. We are always curious and eager to learn about your requirements. And maybe, we develop a new Cloud Security Managed Service together