Aqua Security

Aqua Security
Company typePrivate
IndustryCybersecurity
Founded2015
FoundersDror Davidoff, Amir Jerbi
HeadquartersRamat Gan, Israel
Area served
Worldwide
Key people
Dror Davidoff (CEO), Amir Jerbi (CTO)
Websiteaquasec.com

Aqua Security is an Israeli cloud-native application protection company, founded in 2015.[1][2] In 2021 Aqua Security reached a $1B valuation.[3][4][5] It is home to the research team, AquaNautilus, focused on cybersecurity research of the cloud native ecosystem. In 2023, the U.S. Army signed with Aqua Security a multimillion-dollar contract for cyber protection services to enhance cloud expansion, zero-trust implementation, and secure software development.[6]

History

[edit]

Aqua Security was founded in Ramat Gan, Israel in 2015 by Dror Davidoff, who serves as the CEO and Amir Jerbi, CTO.[7][8][9] The company initially focused on container workload protection and added serverless and VMs in 2017 to achieve comprehensive Cloud Workload Protection Platform (CWPP) capabilities.[10]

In September 2016, the company raised $9 million in Series A funding led by Microsoft Ventures. Previous investors TLV Partners and Shlomo Kramer also participated in the round, bringing Aqua's total investment to date to $13.5 million.[11] It was followed by a $25 million series B funding in 2017.[12][13] In the spring of 2017 the company opened its Boston office.[14]

Aqua Security raised $62 million in 2019 in funding led by Insight Partners, with participation from Lightspeed Venture Partners, M12 (Microsoft's venture fund), TLV Partners, and Shlomo Kramer.[12][15]

Aqua raised $30 million in a series D round closed in May 2020.[1] In March 2021 Aqua raised $135 million in series E funding, led by ION Crossover Partners at a $1 billion valuation.[3][16] In 2021, Aqua was a finalist in Application Security for the 2021 CISO Choice Awards[17] and received the Duns 100 List Award among the Top 6 Best Startups to Work for in 2021.[18] The company was featured in the 2021 CRN Emerging Vendors as a Security Vendor[19] and was named 'Best in Show' in Software Development in The 2021 SD Times 100.[20]

In June 2022 Aqua Security and the Center for Internet Security (CIS) released the first formal guidelines for software supply chain security. CIS Software Supply Chain Security Guide provides enterprises with foundational recommendations for securing the software supply chain against threat actors.[21] In 2023, Aqua received Frost & Sullivan Best Practices, Intellyx Digital Innovator Award,[22] and the 2023 CISO Choice Awards for Cloud Workload Protection Platform.[23]

In 2023, the U.S. Army signed with Aqua Security a multimillion-dollar contract for cyber protection services to enhance cloud expansion, zero-trust implementation, and secure software development.[6]

In January 2024, the company raised $60 million, extending its Series E round of funding to $195 million.[24] In May of the same year, the company introduced new capabilities designed to secure the development and operation of generative AI applications utilizing Large Language Models (LLMs). In 2024, the company was listed in the Fortune Cyber 60[25] CRN Cloud 100[26] and named among Built In's Best Workplaces.[27]

The company's global headquarters is located in Ramat Gan, Israel, with US headquarters in Boston, Massachusetts, and R&D Center in Hyderabad, India.[28][29] Dror Davidoff is the CEO of the company, and Amir Jerbi is CTO.[7][30][31]

Acquisitions

[edit]

In 2019 Aqua Security acquired CloudSploit, a cloud security posture management company, which tracks and enforces practices on the security of user and service accounts on public cloud platforms such as GitHub, AWS and Microsoft Azure.[32][33] It acquired Darkbit in 2021. Darkbit founders, Brad Geesaman and Josh Larsen joined Aqua Security team.[34] The company acquired Argon, a startup with capabilities for securing the software supply chain in December 2021.[35] The same year, Aqua acquired tfsec, an open-source security scanner for Infrastructure as Code (IaC). The acquisition brought integration of tfsec into Aqua Trivy, adding IaC security scanning capabilities. Tfsec's co-founders also joined Aqua following the acquisition.[36][37]

Threat research

[edit]

Aqua Security's research team Aqua Nautilus focuses on cybersecurity research of the cloud native ecosystem. It specializes in discovery of new vulnerabilities, threats, and attacks targeting containers, Kubernetes, serverless computing, and public cloud infrastructure to develop methods and tools to address them.[38][39] The team publishes security researches, surveys and threat alerts,[40][41][42] including “Phantom Secrets: Undetected Secrets Expose Major Corporations” a 2024 research that showed underlying processes within Git-based Source Code Management systems (SCMs) cause code to remain accessible even after being deleted or overwritten, continuing to expose previously leaked secrets.[43] Another 2024 research “Kinsing Exposed: From Myth to Architecture – A Complete Cybersecurity Chronicle,” provided research into the ongoing threat from Kinsing malware.[44][45] “Snap Trap: The Hidden Dangers Within Ubuntu’s Package Suggestion System” research discover that a logic flaw between Ubuntu's 'command-not-found' package suggestion system and the snap package repository could enable attackers to promote malicious Linux packages to users.[46] Aqua Nautilus analyzed a sample of 1% of GitHub repositories and found that about 37,000 of them are vulnerable to RepoJacking, including the repositories of companies such as Google and Lyft.[47] The 2023 research from Aqua Nautilus collected honeypot data over a six-month period and showed that more than 50 percent of the attacks focused on defense evasion.[48]

Platform

[edit]

Aqua's Cloud Native Application Protection Platform (CNAPP) provides unified security for cloud native applications throughout their lifecycle. It combines shift-left security with runtime protection and posture management to defend against known and unknown threats. Aqua's threat research team, Nautilus, enhances the platform with insights to guard against zero-day threats using advanced behavioral detection. Aqua's platform is scalable in large deployments, securing environments across on-premises, multi-cloud, and hybrid configurations.[49][50]

Open source products

[edit]

Aqua Security has an open-source development team responsible for several open-source tools, the most popular of which are security scanner Trivy[51] and Tracee.[52] Trivy Vulnerability Scanner was acquired by Aqua open source team in 2019. Teppei Fukuda, the developer behind Trivy, joined the Aqua Security team after the acquisition. Other tools include Kube-bench, Kube-hunter, and chain-bench.[53][54]

References

[edit]
  1. ^ a b Elder, Jeff; Vedantam, Keerthi. "Developer security is booming as hack-prevention starts earlier than ever: Here are the 25 startups you need to know in this red-hot space". Business Insider. Retrieved 2024-07-18.
  2. ^ "Aqua Security raises $60m at over $1b valuation". Globes. 2024-03-01. Retrieved 2024-07-18.
  3. ^ a b Lardinois, Frederic (2021-03-10). "Aqua Security raises $135M at a $1B valuation for its cloud native security platform". TechCrunch. Retrieved 2024-07-18.
  4. ^ Alspach, Kyle (2022-03-17). "Cybersecurity has 53 unicorns. Here are 10 to watch". VentureBeat. Retrieved 2024-07-18.
  5. ^ Joyner, April; Bort, Julie. "Over 340 US startups became unicorns in a record-breaking 2021. Here's the full list and their investors". Business Insider. Retrieved 2024-07-18.
  6. ^ a b "US Army Tasks Aqua Security With Protecting Cloud-Native Applications - Potomac Officers Club". potomacofficersclub.com. 2023-06-14. Retrieved 2024-07-18.
  7. ^ a b Alspach, Kyle (2022-01-21). "'Mass demand' is building for cloud-native security, Aqua CEO says". VentureBeat. Retrieved 2024-07-18.
  8. ^ Wiggers, Kyle (2021-03-10). "Aqua Security protects containerized apps and infrastructure, raises $135M". VentureBeat. Retrieved 2024-07-18.
  9. ^ Janofsky, Adam (May 6, 2019). "Container Technology Brings Security Surprises". WSJ. Retrieved July 17, 2024.
  10. ^ Alspach, Kyle (2021-11-23). "Why an emerging cloud security trend offers 'good news' to businesses". VentureBeat. Retrieved 2024-07-18.
  11. ^ Zakrzewski, Cat (September 27, 2016). "Aqua Security Raises $9 Million". WSJ. Retrieved July 17, 2024.
  12. ^ a b Wiggers, Kyle (2019-04-03). "Aqua Security raises $62 million for containerized computing tools". VentureBeat. Retrieved 2024-07-18.
  13. ^ "The Latest App Coding Trend Is a Hacker's Dream". Bloomberg.com. 2017-07-18. Retrieved 2024-07-18.
  14. ^ "Israeli tech unicorn Aqua Security raises $60M for its cloud-based cybersecurity approach — TFN". Tech Funding News. 2024-01-04. Retrieved 2024-07-18.
  15. ^ Miller, Ron (2019-04-03). "Container security startup Aqua lands $62M Series C". TechCrunch. Retrieved 2024-07-18.
  16. ^ Holmes, Aaron. "Investors sunk billions into these 14 cybersecurity startups as the pandemic and massive hacks like SolarWinds made the industry more vital than ever". Business Insider. Retrieved 2024-07-18.
  17. ^ "Aqua Security secures $60M additional funding at a valuation above $1B". www.sourcesecurity.com. Retrieved 2024-07-18.
  18. ^ "הסטארטאפים שהכי טוב לעבוד בהם מעל 100 עובדים". duns100.co.il. Retrieved July 17, 2024.
  19. ^ "Emerging IT Vendors You Need To Know In 2021". www.crn.com. Retrieved 2024-07-18.
  20. ^ "Security 2021". SD Times. 2024-07-16. Retrieved 2024-07-18.
  21. ^ Keary, Tim (2022-06-22). "Aqua Security and CIS release first formal guidelines for software supply chain security". VentureBeat. Retrieved 2024-07-18.
  22. ^ English, Jason (November 29, 2023). "Winter 2023 Intellyx Digital Innovator Award Winners Announced". intellyx.com. Retrieved 2024-07-18.
  23. ^ Current, Security (2023-11-09). "CISO Choice Awards 2023 Winners". Security Current. Retrieved 2024-07-18.
  24. ^ Sawers, Paul (2024-01-03). "Cloud-native cybersecurity startup Aqua Security raises $60M and remains a unicorn". TechCrunch. Retrieved 2024-07-18.
  25. ^ "Aqua Security Software". Fortune. Retrieved 2024-07-18.
  26. ^ Alspach, Kyle. "The 20 Coolest Cloud Security Companies Of The 2024 Cloud 100". www.crn.com. Retrieved 2024-07-18.
  27. ^ "100 Best Places to Work in Boston 2023 | Built In". builtin.com. 2006-01-01. Retrieved 2024-07-18.
  28. ^ "Aqua Security Software Ltd - Company Profile and News". Bloomberg.com. Retrieved 2024-07-18.
  29. ^ "Aqua Security announces $135 million series E funding, to double Hyderabad R&D centre headcount". The Times of India. 2021-03-11. ISSN 0971-8257. Retrieved 2024-07-18.
  30. ^ "Amir Jerbi, Aqua Security Software Ltd: Profile and Biography". Bloomberg.com. Retrieved 2024-07-18.
  31. ^ "Dror Davidoff, Aqua Security Software Ltd: Profile and Biography". Bloomberg.com. Retrieved 2024-07-18.
  32. ^ Alspach, Kyle (2021-11-23). "Why an emerging cloud security trend offers 'good news' to businesses". VentureBeat. Retrieved 2024-07-18.
  33. ^ "Aqua Security buys CloudSploit, expands into cloud security | TechTarget". IT Operations. Retrieved 2024-07-18.
  34. ^ "Darkbit Founders, Brad Geesaman and Josh Larsen join Aqua Security to strengthen the company's cloud native security expertise". www.sourcesecurity.com. 9 June 2021. Retrieved 2024-07-18.
  35. ^ Alspach, Kyle (2021-12-01). "Aqua Security acquires Argon to protect the software supply chain". VentureBeat. Retrieved 2024-07-18.
  36. ^ Vizard, Mike (2021-07-12). "Aqua Security Acquires tfsec to Advance DevSecOps". DevOps.com. Retrieved 2024-07-18.
  37. ^ "Aqua Security buys open-source 'infrastructure as code' scanning tool tfsec". SiliconANGLE. 2021-07-12. Retrieved 2024-07-18.
  38. ^ Lyons, Jessica (16 August 2023). "PowerShell? More like PowerHell: Microsoft won't fix flaws in package gallery ripe for supply chain attacks". The Register. Retrieved 2024-07-18.
  39. ^ Lyons, Jessica (4 February 2023). "HeadCrab bots pinch 1,000+ Redis servers to mine coins". The Register. Retrieved 2024-07-18.
  40. ^ "Aqua Security: 97% unaware of crucial cloud native security principles". VentureBeat. 2021-07-31. Retrieved 2024-07-18.
  41. ^ Spadafora, Anthony (2020-09-14). "Most cloud cyberattacks just want to mine cryptocurrency". TechRadar. Retrieved 2024-07-18.
  42. ^ Vaughan-Nichols, Steven J. (2023-08-09). "Aqua Security Uncovers Major Kubernetes Attacks". The New Stack. Retrieved 2024-07-18.
  43. ^ Arghire, Ionut (June 27, 2024). "'Phantom' Source Code Secrets Haunt Major Organizations". SecurityWeek. Retrieved 2024-07-18.
  44. ^ Bradley, Tony. "Aqua Security Reveals Crucial Insights On Kinsing Malware". Forbes. Retrieved 2024-07-18.
  45. ^ "Kinsing malware still on the rise". 2024-06-06. Retrieved 2024-07-18.
  46. ^ "Ubuntu 'command-not-found' tool can be abused to spread malware". BleepingComputer. Retrieved 2024-07-18.
  47. ^ "Millions of GitHub repositories vulnerable to RepoJacking: Report". CSO Online. Retrieved 2024-07-18.
  48. ^ "Memory-based attacks increase as attackers dodge cloud defenses". BetaNews. 2023-07-03. Retrieved 2024-07-18.
  49. ^ "Funding round pulls in $60M for Aqua Security". SC Media. 2024-01-04. Retrieved 2024-07-18.
  50. ^ "Aqua Security nabs $60M at $1B valuation to secure enterprise cloud applications". SiliconANGLE. 2024-01-03. Retrieved 2024-07-18.
  51. ^ Aqua Security Trivy, GitHub, 2024-07-18, retrieved 2024-07-18
  52. ^ Aqua Security Tracee, GitHub, 2024-07-18, retrieved 2024-07-18
  53. ^ Zorz, Mirko (2023-11-08). "Aqua Trivy open-source security scanner now finds Kubernetes security risks". Help Net Security. Retrieved 2024-07-18.
  54. ^ "8 vulnerability management tools to consider in 2023 | TechTarget". Security. Retrieved 2024-07-18.
[edit]
Retrieved from "https://en.wikipedia.org/w/index.php?title=Aqua_Security&oldid=1236020805"