It’s been less than a year since we announced our Series A round led by Microsoft, and what a year it’s been!
In this short period, Aqua experienced dramatic growth in customer adoption, many of which are Fortune 500 companies including 3 of the top 10 financial institutions and 3 of the top 10 ISVs. We have expanded the breadth and depth of our platform, built strong partnerships in the ecosystem, and tripled our number of employees. All this has sparked tremendous interest, leading to this oversubscribed funding round.
The tremendous interest we got re-confirmed our confidence in our vision of providing the next generation application security platform for the cloud era. We chose to partner with a single top-tier investor — California-based Lightspeed Venture Partners – to lead this round despite many pressures from additional investors. LSVP has an amazing track record in building market leaders, and we’re proud to join their stable. Lightspeed have shown deep understanding of our space, and more importantly they share our vision of revolutionizing the security market through containers. Our existing investors have also joined the round, another great vote of confidence.
While there’s widespread consensus among everyone we met with over the past few months that containers are a hot technology. There’s also a growing understanding that containers are a game-changer for security. How so? Containers are the vehicle that makes it easy to realize three converging trends: agile DevOps processes for application development and deployment; the move towards micro-services architectures; and migration to and between clouds, realizing true hybrid-cloud deployments.
So, it’s not just about this new way of packaging software. There’s a major step change in how rapidly applications are developed and updated. There’s a completely different architecture that changes how applications are run, networked and managed. And there’s a big shift in where you need to apply your security controls.
The New Security Imperative
We cannot continue to apply security in the same way. Many of the existing security solutions are completely helpless in the face of these new stacks, these new accelerated processes, and these new architectures – but it’s wrong to think of it as purely a technological incompatibility. The shift is fundamental. It’s organizational as well as technological, and it’s a shift from focusing on infrastructure to focusing on the application.
This is also really good news, because containers and the entire cloud-native stack are a huge opportunity to make security a lot better:
- The processes that govern container development and delivery break down the barrier between developers and operations. There’s a lot of power placed in the hands of the developer, who can now ship code into production in a more seamless way. This is an opportunity to “shift left” security and make sure that this code is more secure from the start. Security as an embedded step, not as an afterthought.
- The simplicity of containers makes it easier to understand their intended purpose, as well as their actual function. Unlike monolithic applications, containers perform simple, single-purpose functions. If you can understand those functions (which we do), you can define and whitelist normal behavior.
- The immutable nature of containers makes it easy to detect any attempt to interfere with them in runtime environments. Any change that did not come from the original pipeline is not legitimate, so it’s easy to enforce this immutability.
- Container networking is also fundamentally different, and can occur between containers on the same host or bare-metal stack (rather than across traditional IP network nodes). But all this communication between components of the application used to be invisible in monolithic applications, and now with the right tooling it is both visible and controllable.
- Finally, the ability to view very granular components of an applications and understand their behavior makes automated response a gentler and less risky proposition. There’s no need to take an entire application down. There’s no need to even kill a container. With very fine precision that was never available before, you can block specific activities or network connections, so the potential impact on application uptime is minimal. We have the opportunity to stop attacks as they happen, not after the fact, and do so with less downtime than ever before.
To sum up: Our vision is to provide the next generation of application security for the cloud-native era, with less friction, more granularity and more automation.
What’s Next for Aqua?
We will invest heavily in growing our sales and marketing teams, to meet growing demand as container adoption is continuing to grow and becoming more mainstream. Equally important, we’re investing in fulfilling our vision of delivering superior application security, with a major investment in engineering resources, security research, and open source contributions, in a mix that will provide optimal value to our growing customer base.