Aqua Security  

Burlington,  MA 
United States
https://www.aquasec.com/solutions/federal/

• Booth: 3204

Aqua Security stops cloud native attacks across the application lifecycle and is the only company with a $1M Cloud Native Protection Warranty to guarantee it. Aqua helps government reduce risk while building the future of their agencies. The Aqua Platform is the industry's most integrated Cloud Native Application Protection Platform (CNAPP), protecting the application lifecycle from dev to cloud & back. Aqua’s CNAPP helps agencies address, comply & execute on EO 14028, OMB M-22-09 & BOD 23-01.

 Press Releases

• Aqua Security Wins U.S. Army Contract for Cloud Native Security (Apr 27, 2023)

  U.S. Army to realize cloud security modernization and innovation with the Aqua Platform

  BOSTON, MA – Aqua Security, the pioneer in cloud native security, today announced it has won a multi-million-dollar contract with the U.S. Army to provide cloud native application protection platform (CNAPP) security. Under this contract, Aqua Security will provide technology and services that will enable the Army to expand their cloud, implement zero trust architecture, and enable secure, rapid software development enhancing cloud operations to achieve mission assurance.

  “Our team looks forward to helping the Army achieve their seven strategic objectives and meet their commitment to centralizing operations to accelerate modernization to the cloud,” said Al Nieves, Vice President Federal Sales, Aqua Security. “Aqua’s CNAPP will help contribute to the Army’s ability to determine and implement changes to existing solutions and meet global cloud zero trust capabilities."

  The U.S. Army is one of many federal agencies turning to Aqua Security to protect their cloud native applications.

  Aqua’s Unified Platform

  The Aqua Cloud Security Platform is a CNAPP solution comprised of a fully integrated set of security and compliance capabilities to discover, prioritize, and eliminate risk in minutes across the full software development life cycle. Automated policies for shift-left prevention and runtime detection and response reduce the attack surface and mitigate active attacks—before damaging losses can occur.

  To learn more about Aqua’s Federal Division, please visit Aquasec.com.

  About Aqua Security

  Aqua Security stops cloud native attacks across the application lifecycle and is the only company with a $1M Cloud Native Protection Warranty to guarantee it. We see what others don’t and we stop what others can’t. Aqua helps the U.S. Federal Government reduce risk while building the future of their agencies. The Aqua Platform is the industry's most integrated Cloud Native Application Protection Platform (CNAPP), protecting the application lifecycle from dev to cloud and back. Aqua’s CNAPP helps agencies address, comply, and execute on Executive Order 14028, OMB M-22-09, and various binding operational directives including BOD 23-01. Founded in 2015, Aqua is headquartered in Boston, MA. For more information, visit https://www.aquasec.com/solutions/federal/

  Contact:

  Look Left Marketing

  aqua@lookleftmarketing.com

• Aqua Nautilus Discovers 250 Million Artifacts Exposed via Misconfigured Registries and Artifact Repositories (Apr 27, 2023)

  Five Fortune 500 companies and thousands of organizations worldwide potentially exposed to software supply chain attacks

  BOSTON—April 24, 2023—Aqua Security, the pioneer in cloud native security, today announced that its security research team, Aqua Nautilus, discovered 250 million artifacts and 65,600 container images that were exposed via thousands of misconfigured container images, Red Hat Quay registries, JFrog Artifactory and Sonatype Nexus artifact registries. Many contained highly confidential and sensitive proprietary code and secrets, leaving five Fortune 500 and thousands of other companies at risk.

  Registries and artifact management systems are crucial elements within the software supply chain, making them a prime target for threat actors. While many organizations open their container and artifact registries to the outside world deliberately and by design, they are sometimes unaware of, or unable to control sensitive information and secrets that leak into these registries. When attackers are able to gain access, they can potentially exploit the entire software development life cycle (SDLC) toolchain and its stored artifacts. Aqua’s research found that in some cases organizations have failed to properly secure these highly critical environments and in other cases sensitive information leaked into open source spaces, leaving these environments exposed to the internet and vulnerable to exploitation, which can lead to serious and damaging attacks.
   

  “We began our research with the goal to better understand misconfigurations in registries, the companies behind these misconfigurations and how a skilled attacker would take advantage of exposed and misconfigured registries,” said Assaf Morag, lead threat researcher for Aqua Nautilus. “The findings were both surprising and highly concerning. Given the magnitude of the risks we uncovered, we set out to find and alert the impacted companies.”

  The findings included:

  • Nautilus found sensitive keys including secrets, credentials, or tokens, on 1,400 distinct hosts, and private sensitive addresses of end points, such as Redis, MongoDB, PostgreSQL, or MySQL, on 156 hosts.
  • Researchers also found 57 registries with critical misconfiguration, and 15 of these allowed admin access with the default password.
  • Nautilus detected more than 2,100 artifact registries with upload permissions, which may allow an attacker to poison the registry with malicious code. In some cases, anonymous user access allowed a potential attacker to gain sensitive information, such as secrets, keys, and passwords, that could be used to launch a severe software supply chain attack or poisoning of the SDLC.
  • Companies impacted ranged from small to large organizations — including two large cyber security vendors —all over the world.

  IBM, one of the affected Fortune 500 companies, had an internal container registry exposed to the internet and was quick to close internet access to these environments and mitigate all the risks after Nautilus disclosed their findings. Other potentially impacted organizations included Alibaba, Siemens, and Cisco.

  Nautilus discovered that many organizations did not have a responsible disclosure program in place. These programs are crucial tools that allow security researchers to report potential vulnerabilities in a structured manner so that the organization can quickly resolve the issue before being compromised by malicious actors. Nautilus found that organizations with existing responsible disclosure programs were able to fix a misconfiguration in less than a week. The process was more difficult and time-consuming for those without such a program in place.

  “These findings by Aqua Nautilus highlight the need for increased awareness regarding software supply chain security best practices among developers and application security teams,” notes Katie Norton, Senior Research Analyst, DevOps & DevSecOps at IDC. “The explosion in code and use of open source, coupled with DevOps practices in rapid application development and delivery has left organizations behind and needing to catch up in terms of governance, security controls, and education.”

  On the back of these findings, Nautilus researchers recommend security teams take the following actions immediately:

  ●      Check if any registries or artifact management systems are exposed to the internet.

  ●      If the registry is connected to the internet by design, check that the version isn’t critically vulnerable and that you are not using the default password. Then verify that the passwords are strong enough and regularly rotate passwords.

  ●      In addition, verify that the anonymous user is disabled. If the anonymous user is purposely enabled, verify minimal privileges, and regularly scan your public artifacts in your repository to verify they do not contain any secrets or sensitive information.

  ●      Rotate any secrets that may have been exposed.

  “Our findings illustrate how easy it is for an attacker to compromise an organization’s SDLC as well as underscore the serious threat of overlooking simple configuration errors,” said Morag. “Moving forward, security teams should ensure they have responsible disclosure programs in place and invest more in detecting and mitigating threats to the software supply chain.”

  For more information, Aqua Nautilus published a blog and a checklist detailing the research findings and offering a list of best practices companies should take to protect against misconfigurations and potential security threats.

  About Aqua Nautilus

  Nautilus focuses on cybersecurity research of the cloud native stack. Its mission is to uncover new vulnerabilities, threats and attacks that target containers, Kubernetes, serverless, and public cloud infrastructure — enabling new methods and tools to address them. With a global network of honeypots, Aqua Nautilus catches more than 80,000 cloud native attacks every month, specifically those unique to containers and microservices that other platforms cannot see.

  About Aqua Security

  Aqua Security stops cloud native attacks across the application lifecycle and is the only company with a $1M Cloud Native Protection Warranty to guarantee it. As the pioneer in cloud native security, Aqua helps customers reduce risk while building the future of their businesses. The Aqua Platform is the industry's most integrated Cloud Native Application Protection Platform (CNAPP), protecting the application lifecycle from dev to cloud and back. Founded in 2015, Aqua is headquartered

  in Boston, MA and Ramat Gan, IL with Fortune 1000 customers in over 40 countries. For more information, visit https://www.aquasec.com/.

  Contact:

  Look Left Marketing

  aqua@lookleftmarketing.com

• Aqua Security Recognized as a Representative Vendor in Gartner Market Guide for Cloud-Native Application Protection Platforms (CNAPP) (Apr 27, 2023)

  BOSTON — March 20, 2023 — Aqua Security, the pioneer in cloud native security, today announced that it has been named as a Representative Vendor in Gartner® Market Guide for Cloud-Native Application Protection Platforms (CNAPP).the Gartner® Market Guide for Cloud-Native Application Protection Platforms (CNAPP). The new Gartner report examines the extensive CNAPP market and its growth potential, and it names representative vendors.

  Gartner describes CNAPPs as “offerings that bring together multiple disparate security and protection capabilities into a single platform, focused on identifying and prioritizing excessive risk of the entire cloud-native application and its associated infrastructure.” According to Gartner: “As organizations shift to a CNAPP-based approach, the synergy of an integrated platform will provide more benefits than a best-of-breed strategy that is difficult to scale.”

  “We believe Gartner analysis of the market is similar to our approach and vision for Aqua,” said Amir Jerbi, CTO and co-founder of Aqua Security. “We feel its emphasis on the benefits of using a vendor that provides an integrated platform further demonstrates that Aqua is on the cutting edge, leading the industry for cloud native security solutions.”

  Best Approaches with Runtime and eBPF

  Gartner emphasizes that security leaders responsible for cloud security strategies should: “Favor CNAPP vendors that provide a variety of runtime visibility techniques, including traditional agents, Extended Berkeley Packet Filter (eBPF) support, snapshotting, privileged containers and Kubernetes (K8s) integration to provide the most flexibility at deployment.”

  In addition, Gartner states “Agentless workload scanning has become a popular approach and an expected core CNAPP capability, although in-workload approaches provide the best protection.”

  Aqua’s runtime security solution was organically developed by Aqua and is integral to the Aqua CNAPP. The Aqua Platform was the first CNAPP to combine active protection with agentless workload visibility. Based on eBPF technology, Aqua’s Lightning agent is faster, lighter, and easier to manage at scale than the agents of yesterday. It complements Aqua’s agentless cloud workload scanning to provide easy, comprehensive visibility while delivering real-time, granular runtime detection and protection.  

  Supply Chain Security

  Regarding software supply chain security, Gartner states that the attack surface of cloud-native applications is increasing, and attackers are targeting the software supply chain itself.  According to Gartner, “Over time, these types of capabilities will be incorporated by larger CNAPP offerings.”

  Aqua is ahead of the curve and has already integrated end-to-end supply chain security into the Aqua Platform.

  One Integrated Platform

  Gartner recommends that Security Leaders should “Reduce complexity and improve the developer experience by choosing integrated CNAPP offerings that provide complete life cycle visibility and protection of cloud-native applications across development and staging and into runtime operation.”

  “From day one, our vision at Aqua has been crystal clear: to deliver a single end-to-end security solution for the entire cloud native application lifecycle in one holistic platform. We’ve always believed that to be a true CNAPP, a solution must include both shift-left scanning, broad visibility, and crucially strong runtime controls that can detect and stop attacks in progress,” adds Jerbi.

  Access a complementary version of the Gartner full Market Guide for CNAPP or learn more about Aqua’s CNAPP.

  GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved.

  Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

  About Aqua Security

  Aqua Security stops cloud native attacks across the application lifecycle and is the only company with a $1M Cloud Native Protection Warranty to guarantee it. As the pioneer in cloud native security, Aqua helps customers reduce risk while building the future of their businesses. The Aqua Platform is the industry's most integrated Cloud Native Application Protection Platform (CNAPP), protecting the application lifecycle from dev to cloud and back. Founded in 2015, Aqua is headquartered

   in Boston, MA and Ramat Gan, IL with Fortune 1000 customers in over 40 countries. For more information, visit https://www.aquasec.com/.

  Media Contact:
  Jennifer Tanner

  Look Left Marketing

  aqua@lookleftmarketing.com

• Aqua Security Named Best Cloud Native Security Solution (Apr 27, 2023)

  Techstrong Recognizes the Aqua Platform for Its CNAPP Innovation and Market Leadership

  
   

  BOSTON— January 18, 2023—Aqua Security, the leading pure-play cloud native security provider, today announced that it has been named the Best Cloud Native Security Solution/Service in Techstrong Group’s DevOps Dozen Awards. Aqua was honored for its innovative Cloud Native Application Protection Platform (CNAPP) and influential commitment to the DevOps and security community. 

  "The term ‘cloud-native security’ was literally coined by AquaSec. They continue to be a market leader, innovating to keep their users safe and secure,” said Alan Shimel, founder and CEO at Techstrong Group. “We are proud to honor them with this year’s cloud-native security provider award.”
   

  As the industry pioneer, Aqua is committed to advancing cloud-native security to help its customers solve security challenges for the new cloud-native application stack. Aqua secures customers’ cloud-native assets from day one and protects them in real time with the industry’s most integrated CNAPP backed by a $1M warranty. After expanding its platform with Software Supply Chain Security, it is the only end-to-end solution that can identify risks in every phase of the application lifecycle.
   

  “Since inception, Aqua’s mission has been to help organizations holistically protect their cloud-native applications and reduce risks to their business,” said Dror Davidoff, CEO at Aqua Security. “We’re delivering on that mission by consolidating tools and providing one platform — from development to cloud and back. This award validates Aqua’s leadership and technology and is a true testament to our commitment to protecting our customers.”
   

  The DevOps Dozen Tools and Services category recognizes the companies who create and deliver outstanding solutions to empower developers, DevOps and IT operations teams. This award comes on the heels of several other innovation accolades. In the second half of 2022, Aqua Security was named the “Top Innovation Leader” in the Frost & Sullivan Global Cloud-Native Application Protection Platform Report, a Leader in the 2022 GigaOm Radar Report for Vulnerability Management, and was named Cybersecurity Company of the year.

  To learn more about the Aqua Platform, visit our website, or download our white paper “A CISO’s Guide to CNAPP” for a detailed look at the key ingredients to stopping a cloud native attack. 

  
   

  About Aqua Security  

  Aqua Security stops cloud native attacks and is the only company with a $1M Cloud Native Protection Warranty to guarantee it. As the pioneer and largest pure-play cloud native security company, Aqua helps customers unlock innovation and build the future of their business. The Aqua Platform is the industry's most integrated Cloud Native Application Protection Platform (CNAPP), prioritizing risk and automating prevention, detection and response across the lifecycle. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL with Fortune 1000 customers in over 40 countries. For more information, visit https://www.aquasec.com/.  

  Contact:

  Jennifer Tanner

  Look Left Marketing

  aqua@lookleftmarketing.com

  
   

• Aqua Security Named the Top Innovation Leader in Frost & Sullivan Global Cloud-Native Application Protection Platform Report (Apr 27, 2023)

  Frost Radar Report highlights Aqua’s strong strategy in cloud security and industry-leading capabilities in Kubernetes and Software Supply Chain Security 

   

  BOSTON—November 29, 2022—Aqua Security, the leading pure-play cloud native security provider, today announced that it was named a top vendor in Frost & Sullivan’s recently published report: Global Cloud-Native Application Protection Platform (CNAPP) Radar. Fifteen top vendors were evaluated based on Frost & Sullivan’s growth and innovation indexes to determine company position within the emerging CNAPP market. Among these 15 top platforms, Aqua outperformed in innovation by demonstrating the highest levels of excellence across all criteria in the category.  

   

  Aqua Security’s CNAPP, The Aqua Platform, was described as “one of few platforms in the market that offers a rich set of security features to help organizations secure their cloud-native applications across the development lifecycle.” The report also highlights Aqua’s comprehensive platform, ease of use, and innovation in container and Kubernetes security and software supply chain security.   

   

  With the adoption of cloud native technologies on the rise, security remains one of the main concerns for companies embarking on their transformative cloud journey. Aqua stops cloud native attacks with the industry’s first unified CNAPP, featuring intelligence-driven cloud native detection and response capabilities. Aqua secures customers’ cloud native assets from day one and protects them in real time. The Aqua Platform offers the most robust scanning capabilities on the market and is the only solution for holistic, multi-layered prevention of supply chain threats.  

   

  “Aqua was the pioneer of cloud security and remains the leader because of our commitment to solving customers’ greatest challenges. Aqua’s continuous investments in innovation enable us to repeatedly be first-to-market with advanced capabilities, such as our software supply chain security and cloud native detection and response solutions,” said Rani Osnat, SVP strategy at Aqua. “Being recognized as a leader across all indexes in the Frost & Sullivan Global CNAPP Radar Report validates our position in the market and the value we are delivering to our customers.”  

   

  Aqua: One of the Fastest Growing CNAPP Vendors Will Remain a Leader   

  According to Frost & Sullivan, “Aqua has a clear roadmap and direction with a strong focus on cloud-native infrastructure and software supply chain security using advanced technologies such as eBPF and container sandboxing for malware analysis.” Anh Tien Vu, industry principal, added, “Aqua is one of the fastest growing CNAPP vendors and will remain as one of the leaders in innovation due to its commitment to cloud-native security.”  

   

  Visit our website to download the report and learn more about Aqua’s CNAPP.  

   

  About Aqua Security     

  Aqua Security stops cloud native attacks and is the only company with a $1M Cloud Native Protection Warranty to guarantee it. As the pioneer and largest pure-play cloud native security company, Aqua helps customers unlock innovation and build the future of their business. The Aqua Platform is the industry’s most integrated Cloud Native Application Protection Platform (CNAPP), prioritizing risk and automating prevention, detection and response across the lifecycle. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL with Fortune 1000 customers in over 40 countries. For more information, visit https://www.aquasec.com/.     

   

   

 Products