Aqua Security News

Aqua Security, the pioneer in cloud-native security announced VEX Hub, a vendor-neutral repository for VEX (Vulnerability Exploitability eXchange). VEX is a new industry standard for communicating and sharing information on security vulnerabilities for software artifacts, and VEX Hub provides users and software maintainers with a single library of vulnerability information and fewer false positives.  VEX Hub VEX Hub aggregates VEX documents from software maintainers and organis...

Aqua Security, the pioneer in cloud-native security revealed new research that shows how credentials, API tokens, and passkeys – collectively referred to as secrets – from organisations around the globe were exposed for years. By scanning the most popular 100 organisations on Github, which collectively includes more than 50,000 publicly accessible repositories, Aqua researchers found active secrets from open-source organisations and enterprises such as Cisco and Mozilla providing...

Aqua Security, the pioneer in cloud-native security, and Orca Security, the pioneer in agentless cloud security, announced a new partnership to deliver best-in-class cloud-native security through a deep integration between their platforms. Joint customers will benefit from the powerful combination of multi-cloud visibility and security provided by the Orca platform combined with multi-and hybrid cloud runtime protection for cloud-native workloads offered by the Aqua platform. Right cloud-...

Aqua Security, the pioneer in cloud-native security announced another consecutive year of exceptional channel growth. The company continues to build on its momentum and solidify its position as the go-to pioneer for service providers and partners in cloud-native security. The services-led approach of the Aqua Advantage programme, led by Jeannette Lee Heung, Senior Director, of Global Channel & Alliances, and a distinguished 2024 CRN Channel Chief, has been instrumental in driving this upw...

Aqua Security, the pioneer in cloud-native security announced it has secured $60M in funding, led by new investor Evolution Equity Partners, with participation from existing investors Insight Partners, Lightspeed Venture Partners, and StepStone Group. The funding, an extension of the company’s Series E round, places Aqua’s valuation above $1B.   Cloud-native security provider Aqua has raised $325 million since its founding in 2015. During that time, more than 5...

Aqua Security, the pioneer in cloud-native security, announced its open-source solution - Trivy now supports vulnerability scanning for Kubernetes components in addition to Kubernetes Bill of Materials (KBOM) generation. Companies can better understand the components within their Kubernetes environment and how secure they are to substantially reduce risk.  Kubernetes Kubernetes has been widely adopted across enterprises worldwide, but according to Red Hat, more than half of companies are...

Aqua Security, the pioneer in cloud-native security announced it closed the first half of 2023 with a 65% increase in new business. Aqua attributes this growth to increasing demand for its unified cloud-native application protection platform (CNAPP) and its proven ability to see and stop cloud-native attacks in progress anywhere in the software development lifecycle. One holistic platform “From day one, our vision has been to deliver a complete, full lifecycle security solution in...

Aqua Security, the pioneer in cloud native security, announced the enhancement of the Aqua Cloud Security Platform with the availability of AI-guided remediation capabilities. Now, overburdened security teams can better operationalise risk findings to rapidly reduce risk and help developers quickly fix issues. According to the Cybersecurity and Infrastructure Security Agency, adversaries exploit a vulnerability within 15 days (on average) of discovery, putting an organisation at risk for nefari...

Aqua Security, the pioneer in cloud-native security announced the launch of Real-Time CSPM, a next-gen cloud security posture management (CSPM) solution, offering the best visibility and context in the industry. Real-Time CSPM provides a complete view of multi-cloud security risks, pinpoints threats that evade agentless detection, and dramatically reduces noise so security practitioners can rapidly identify, prioritise, and remediate the most important cloud security risks, saving time and mone...

Aqua Security, the pioneer in cloud native security, announced it added pipeline integrity scanning to prevent software supply chain attacks and assure CI/CD pipeline integrity. Powered by eBPF technology, Aqua’s pipeline integrity scanner detects and blocks suspicious behaviour and malware in real time, preventing code tampering and countering threats in the software build process. This industry-first solution equips organisations to feel confident in their ability to strategically stop...

Aqua Security, the pioneer in cloud-native security, announced that Aqua Trivy, the world’s most popular unified security scanner, now provides full compliance scanning for CIS Kubernetes Benchmarks. With one comprehensive tool for security and compliance scanning, companies can eliminate friction and more confidently build and maintain secure cloud-native applications.  Established by the Centre for Internet Security (CIS), these benchmarks are widely adopted as the standard fo...

Aqua Security, the pioneering pure-play cloud-native security provider, has appointed Marcus Mueller as VP of EMEA Sales. Mueller will work alongside Aqua’s Chief Revenue Officer, Christopher Smith, to drive strategic growth in the EMEA region. He will be based in Germany.  Mueller has 25 years plus of experience in international sales teams. Prior to joining Aqua, Mueller served as Senior Vice President of International Sales at Onapsis and has previously worked for cloud and securi...

Aqua Security, the pure-play cloud-native security provider announced its new Lightning Enforcer to stop zero-day attacks and shield critical vulnerabilities in production until a patch can be applied. With its new eBPF technology, Aqua’s Lightning Enforcer provides total visibility into running workloads and allows security professionals to quickly and easily identify and stop the most advanced attacks in real time.   Zero-day vulnerabilities While “shift left” se...

Aqua Security, the pure-play cloud-native security provider unveiled Aqua Stars, a new initiative to celebrate its top open-source software (OSS) contributors. With monthly awards, the recognition programme spotlights contributors who have made significant impacts on Aqua’s open-source projects and the cloud-native security community. These awards recognise the efforts of the largest open-source cloud-native security community in the world and those who help make cloud-native security acc...

Aqua Security, the pure-play cloud native security provider, announces it has more than doubled revenue in the last 18 months. Aqua attributes its recent growth to rapidly increasing demand for an integrated solution that secures cloud native applications from code through runtime. The company also reports its $1 Million Cloud Native Protection Warranty is driving customer acquisition. Software supply chain The skyrocketing demand for the company’s security solution is driven by a globa...

Aqua Nautilus has discovered that npm’s API allows threat actors to execute a timing attack that can detect whether private packages exist on the package manager. By creating a list of possible package names, threat actors can detect organisations’ scoped private packages and then masquerade public packages, tricking employees and users into downloading them. This kind of attack is linked to a broader category of supply chain attacks. Over the past few years, Aqua Nautilus has seen...

Aqua Security, a pure-play cloud-native security provider, announced the addition of Cloud Security Posture Management (CPSM) capabilities to the open source tool Aqua Trivy. Trivy, the world’s most used developer tool for scanning cloud-native Aqua Security’s Trivy Adds CSPM Capabilities assets, now provides one easy-to-use tool for scanning all cloud-native applications to detect and prioritise risks. Initially available for AWS cloud users with other cloud provider support comin...

Aqua Security, the pure-play cloud-native security provider announced the launch of out-of-the-box runtime protection with minimal configuration to stop attacks in real-time on running workloads. Protection Protection is composed of new curated and optimised default security controls, as well as advanced threat intel from observations of real attacks on cloud-native environments. Both the controls and threat intel are the result of knowledge gained through years of securing customers’ l...

Aqua Security, the pure-play cloud native security provider, introduces the industry’s only $1 Million cloud native protection warranty. The warranty reflects Aqua’s ability to stop cloud native attacks through its Cloud Native Application Protection Platform (CNAPP), the Aqua Platform. The warranty, which is available at no cost to all customers who have fully deployed the Aqua Platform, will pay up to $1 million in the event of a proven successful attack. Making real difference...

Aqua Security, the pure-play cloud-native security provider announced the European launch of its platform as a SaaS solution, a unique and comprehensive security tool designed to protect cloud-native applications and stop cloud-native attacks. Customers located in the EU who are subject to the EU General Data Protection Regulation (GDPR) can take advantage of the flexibility and ease of adoption of a SaaS service based in the Frankfurt region, while still conforming to data privacy and residenc...

Aqua Security, the pure-play cloud-native security provider, and the Center for Internet Security (CIS), an independent, nonprofit organisation with a mission to create confidence in the connected world, releases the industry’s first formal guidelines for software supply chain security. Developed through a collaboration between the two organisations, the CIS Software Supply Chain Security Guide provides more than 100 foundational recommendations that can be applied across a variety of com...

Aqua Security, the pure-play cloud-native security provider announced multiple updates to Aqua Trivy, making it the world’s first unified scanner for cloud-native security. Comprehensive misconfigurations scanner Consolidating multiple scanning tools into a single tool, it is now the most comprehensive vulnerability and misconfigurations scanner for cloud-native applications and infrastructure. Trivy is also being integrated into the Aqua Platform as Trivy Premium, through which custome...

Aqua Security, the globally renowned pure-play cloud native security provider, has announced that it has joined the Docker Extensions programme, to allow developers to easily check their resources and dependencies for vulnerabilities. Docker Extensions demonstrates Docker Inc.’s commitment to improving the developer experience, by bringing the tools that developers use the most, to an environment where they can more easily focus on innovation, and less time on everything else. Aqua &ndas...

Aqua Security, the pure-play cloud-native security provider issued new research that shows that nearly 70% of chief information security officers (CISOs) believe open source security solutions provide a faster way to secure their environments. Likewise, 78% of CISOs believe open source solutions provide them with access to the best and most current innovations in cloud security, and more than 60% actively prefer to work with vendors who build open-source projects. Cloud security and OSS The r...

Aqua Security, the globally renowned pure-play cloud native security provider, has published new research from Aqua’s threat research team, Nautilus, which demonstrates attackers are finding new ways to target cloud native environments. The research shows that adversaries are adopting more sophisticated techniques, leveraging multiple attack components and shifting attention to Kubernetes and the software supply chain. Aqua’s new research report The ‘2022 Cloud Native Threat...

Aqua Security, a globally renowned pure-play cloud native security solutions provider, has announced a strategic investment from Capital One Ventures, together with the appointment of Capital One’s Chief Information Security Officer, Chris Betz to Aqua’s Executive Advisory Board. Cloud native security solutions The announcement further validates Aqua Security’s leadership as a cloud native security solution provider for financial services providers. Aqua Security has more tha...

Aqua Security, the pure-play cloud-native security solutions company, has announced the availability of its new Aqua Platform, with a unified console to ease the journey from scanning and visibility to workload protection in cloud-native environments. Aqua Platform The new Aqua platform reduces administrative burden and allows security teams to start with scanning and cloud security posture management (CSPM) capabilities, then add in sandboxing capabilities and workload protection as needed. T...

Aqua Security, the pure-play cloud native security provider, announces the acquisition of tfsec, an open source security scanner for Infrastructure as Code (IaC). The acquisition brings an immediate integration of tfsec into Aqua Trivy, adding IaC security scanning capabilities, with additional Aqua platform integrations planned later this year. Tfsec’s co-founders will join Aqua following the acquisition. Essential security capabilities “Tfsec is the known leader in Terraform cod...

Aqua Security, the pure-play cloud native security solutions provider, has announced that Aqua Trivy is now the default scanner for GitLab Auto DevOps. Customers can now automatically scan the GitLab CI pipeline for OS package vulnerabilities. This change will take place as part of GitLab’s 14.0 release and is based on the results of a publicly available solution comparison and research process. Aqua Trivy open source scanner “One of the primary reasons behind the default scanner...

Aqua Security, the pure-play cloud-native security pioneer, publishes new research from Team Nautilus revealing a continued rise in cyberattacks targeting container infrastructure and supply chains, and showing that it can now take less than one hour to exploit vulnerable container infrastructure. The ‘Cloud Native Threat Report: Attacks in the Wild on Container Infrastructure’ provides a detailed analysis of how bad actors are getting better at hiding their increasingly sophisticat...