Unlike many of the built-in AWS cloud provider tools, such as AWS Security Hub, Config Service, and Trusted Advisor, Aqua Wave is a complete end-to-end cloud security platform. The following are some of the top advantages to using a hosted CSPM product like Aqua Wave:


  • Single Pane of Glass
    Aqua Wave provides complete visibility into all of your cloud accounts in a single, unified interface with very little configuration. Unlike Security Hub and Config Service, which require a complicated Organization-level account setup to work (and are not fully enabled for cross-account sharing), Aqua Wave allows you to connect all of your infrastructure accounts using a simple CloudFormation template.

  • Fully Managed
    With Aqua Wave CSPM, the cloud security experts at Aqua are continually writing new security control plugins and platform updates that are automatically deployed to your environment with no configuration required. When AWS adds new services, controls, and features, CSPM is updated automatically, behind-the-scenes, to begin checking for new security risks. Unlike Security Hub, you do not need to manually enable new conformance packs or configure additional checks across your fleet of infrastructure accounts.

  • Multi-Cloud
    If you operate any infrastructure outside of AWS in Azure, GCP, or Oracle Cloud, Aqua Wave CSPM can integrate with those accounts, allowing you to monitor for the same security controls without being limited to a single cloud provider's dashboard.

  • Infrastructure as Code Scanning
    Aqua Wave ships with powerful tools that are not included in AWS's default security toolset. These include infrastructure as code scanning services that enable you to audit CloudFormation and Terraform templates for security risks. These scanning services are also available via API for easy integration with CI/CD systems.

  • Third-Party Integrations
    Aqua Wave understands that you may want to monitor your cloud security posture or respond to potential incidents using tools that you are already familiar with, such as Slack, Microsoft Teams, PagerDuty, OpsGenie, and Splunk. Aqua Wave CSPM supports these integrations out-of-the-box, with no custom tooling required.

  • Powerful REST API
    For integrations without native support, or for custom use cases, all Aqua Wave functionality is available via REST API. Aqua Wave users have integrated our APIs into CI/CD systems, automated testing frameworks, deployment tools, custom dashboards, and many other locations.

  • Reporting
    Aqua Wave scan reports contain a wealth of information that can help you investigate and remediate discovered vulnerabilities. These reports can easily be exported to PDF or CSV format, and include high-level executive summaries as well as detailed information on each detected risk.

  • Built-In Compliance Auditing
    With zero additional configuration, all Aqua Wave CSPM scan reports include detailed tracking with popular compliance frameworks such as: PCI, HIPAA, GDPR, SOC 2 Type II, CIS Benchmarks, AWS Well-Architected Framework, and others. These do not require any opt-in or additional setup.

  • Automated Remediations
    Aqua Wave CSPM has additional remediation capabilities that, after opting in, allow you to configure issues in your AWS accounts to be automatically remediated. For example, if an S3 bucket is found to be unencrypted, Aqua Wave can automate the addition of encryption to the bucket. This tool is highly customizable, but, unlike AWS Config Service, does not require the deployment of additional resources for each control beyond the initial Remediator setup.