Aqua News

Funding to Accelerate Aqua’s Rapid Expansion in Burgeoning Virtual Container Market Tel Aviv, Israel – 27 Sept. 2016 – Aqua Security, the platform provider for securing virtual container applications, today announced it has secured US$9 million in Series A funding, led by Microsoft Ventures. Cybersecurity luminary and investor Shlomo Kramer will be joining Aqua’s Board …

Aqua’s Amir Jerbi writes: “Google “SecDevOps” and the results show that security teams are ready and willing to jump on the DevOps bandwagon. DevOps folks talk a lot about “shifting left,” i.e., addressing issues earlier in the development process. The phrase may be new to security folks, but the concept isn’t: Security professionals have advocated to “bake security in” to development processes independent of DevOps, and long before mega breaches became a headline staple.”

Are containers secure?
Probably not. But knowing each approach’s strengths and risks—and available options—could help ease adoption.

You’ve probably never heard of Aqua, but if you’re interested in container security then you’ll probably soon be hearing a lot more about this Israeli security startup.
The people behind Aqua believe not only that they can bring the security that’s needed and currently lacking in Docker, but also that there’s an opportunity for containers to be made more secure than monolithic apps can ever be.

Container registries and vulnerability scanners are often bundled together, but they are not the same thing. Code scanning may occur at multiple points in a container deployment workflow. Some scanners will be bundled with existing solutions, while others are point solutions. There differences can be measured by the data sources they use, what is being checked, and the actions are automatically taken as the result of a scan.

When it comes to enterprise application development, security is still an afterthought, coming in right before a release is deployed. The rapid adoption of software containers presents a rare opportunity for security to move upstream (or in devops-speak, to facilitate its “shift left”) and become integrated early on and throughout the software delivery pipeline. However, most security teams don’t know what containers are, let alone what their unique security challenges might be.

Aqua, formerly known as Scalock, is a container security startup founded in early 2015 by IT security veterans Dror Davidoff and Amir Jerbi. The company quickly realized that containers present the next major development in data center technology and that containerized environments created new challenges in security, which the company says it will try to reinvent.

Containers are more secure than apps running on a bare OS and organisations that like not being hacked therefore need to seriously consider a move, according to analyst firm Gartner… As the paper’s name implies, Docker needs to be done right in order to deliver its security benefits. Doing it right means hardening the host on which Docker runs in accordance with Docker’s own guidance, then considering third-party Docker security products from the likes of Aqua Security, CloudPassage, Twistlock and Weave.