This company is working to keep DevOps running securely
Tel Aviv-based cyber security startup Aqua announced on Tuesday the close of their Series A funding round, bringing in $9 million in new capital.
The round was led by global powerhouse Microsoft Ventures, with previous seed investors TLV Partners and the renowned cyber celeb Shlomo Kramer — who will join the company’s board — also participating to bring the company to a total of $13.5 million raised overall.
Co-founded by CEO Dror Davidoff and CTO Amir Jerbi in late 2015, Aqua Security works to protect containers that are used as the building blocks of the new coding environment. They came to market soon after with their product only a few months ago in May.
Programmers rely on containers for moving code and other essential elements like system libraries and tools out quickly for deployment. Being able to update programs constantly like apps through DevOps infrastructures such as JFrog and Docker has allowed the software industry to launch into hyperdrive, setting the new standard for speed that the security field is still working to catch up with.
Developers, especially those in the DevOps ecosystem, and security professionals are often on two sides of the line when it comes to their approach to getting new software out into the world. On the one side are the developers who want to sprint towards the finish line, while the security people are more inclined to throw in breaks to make sure that the code is clean of vulnerabilities before being released.
While looking to capitalize on the benefits of using DevOps platforms, companies face challenges in keeping them protected.
“Containers create a new layer of abstraction that brings new risks in two main areas,” Davidoff tells Geektime. “There is the development cycle of containers, where vulnerabilities and malicious code might be introduced; and the runtime environment, where existing security tools can’t provide visibility into container activity, and can’t detect and respond to suspicious or malicious behavior.”
As has been discussed before in Geektime on this topic, there are additional concerns that introducing security with solutions like Aqua at an earlier stage can help resolve. One of the key challenges in working with containers is the reliance on pre-existing third party code that programmers use to build their new products out of. This is a common problem but it’s more prevalent in containers because they always have some kind of base image inside. A high percentage of these will have vulnerabilities. So even if a security product looks to block the introduction of new malicious code into their current project, they have a responsibility to seek out and address bad code that may be hiding under the surface from the past.
Aqua’s Container Security Platform which works on Windows and Linux environments as either an on prem or cloud (AWS, Azure, and Google), looks to tackle these threats through a series of automated granular policies, auditing and compliance of user and container activity, and by providing protection during runtime.
Davidoff tells Geektime that it is in this last aspect where he hopes to stand out against their competition. “Aqua has identified container runtime environments as the key security challenge in this space, and one that is harder to solve in a way that is simple and scalable.”
Looking out at the competition, Geektime covered another Israeli-San Francisco company Twistlock back in July when they raised a $10 million Series A of their own.
Their automated security suite of products, Twistlock Trust and Twistlock Runtime, address the stages of development and production.
As soon as a container image is composed in the development stage, they scan the image and look for vulnerabilities and malware, making sure that the hardening practices and all of the configurations are there.
Twistlock uses an analysis to detect different behavior that they claim can help turn up even zero day vulnerabilities. “Part of what we do is analyze the image and understand how it should look in run time,” explains Twistlock’s Chief Strategy Officer Chenxi Wang. “If it doesn’t do what it’s supposed to in run time, then we know that we have caught something.”
Aqua was founded roughly six months after Twistlock, but they appear to be catching up in this newish field that is seeing plenty of demand to meet the security needs.
“Since the adoption of containers is rapidly expanding in the large enterprise segment,” says Davidoff to Geektime, discussing their reception from the market. “Since many of these enterprises – especially those in the financial, government, e-commerce, healthcare sectors – have strict security and regulatory compliance requirements, these customers are very receptive to our solution which is already deployed in production with several Fortune 500 companies.“
Moving post funding, the company has stated that they intend to double their staff by the middle of next year. Along with increased work on their product that growth in their RD department is likely to be focused on, they currently have sales offices on the East and West coasts that can be expected to expand as well.