Bridging the Cloud Native Security Gap: Why Darkbit Joined Aqua

Bridging the Cloud Native Security Gap: Why Darkbit Joined Aqua

With extensive hands-on experience in cloud native security, we founded Darkbit to help organizations address security risks in their ever-growing and changing cloud environments. As the next chapter in our journey, we’re now joining forces with Aqua to realize this shared vision, helping deliver best in class security products that drive customers’ ongoing cloud transformation. Why do we think it’s a perfect match and what priorities will we have at Aqua?

Who is Darkbit?

We are two information security veterans and serial entrepreneurs with a deep history of building and securing cloud native environments. From working with AWS before there was a management console, to running containers in production during the orchestration wars between Kubernetes, Docker Swarm, and Mesosphere, we’ve seen cloud native rise as the de-facto standard for modern application development.

Through the toil observed in many years ago of securing legacy systems, we recognized a familiar pattern in how we, as an industry, approach risk management and vulnerability remediation.

Truth be told, while the names of the tools have changed, the mindset and approach for vulnerability remediation and risk management remain shockingly similar in today’s cloud native infrastructure. Even when security activities were prioritized, they often ended up taking a back seat because the available tooling just didn’t keep up with the velocity that the development and operations teams were used to. Teams didn’t have the bandwidth to triage thousands of issues and manually filter out the inevitable false positives that tools lacking relevant context would produce.

As a result, once-a-year audits are common and vulnerability assessment reports numbering 1,000+ pages are not unusual. While development teams are leaning heavily into automation, DevOps, CI/CD and everything-as-code, we as security teams are continuously challenged to keep pace with the tools, processes, and approaches needed to manage security and risk posture in environments that are changing daily, if not even more frequently.

We started Darkbit to rethink how we as an industry approach this problem.

Why we’re joining Aqua

Full stack context

For cloud consumers, it’s understandable to reach for security point solutions early in the cloud native journey. The cloud native security industry is evolving rapidly as customers try to keep up. However, point solutions lack the necessary context to surface risks in a way that is relevant to the customer without getting lost in irrelevant noise. As a pure play cloud native security company, Aqua has the most comprehensive coverage available across the stack, with powerful security solutions for the build stage, the cloud native infrastructure, and the workloads themselves.

At Darkbit, we worked tirelessly to meet our customers where they were already deployed. We built custom tools, both internal and open source to help them surface relevant risks – with context – in AWS and Google Cloud. Aqua takes this several steps further by adding coverage for Azure, IBM Cloud, Oracle Cloud, OpenShift, and VMware with even deeper insights and capabilities across the stack.

Industry leading pedigree

At Darkbit, our mantra was “under promise, and over deliver.” We sought out customers that were pushing the envelope of cloud native innovation knowing that their return on security investment would be maximized by our unique approach to helping them manage risk. Aqua is already a widely respected leader in cloud native security with customer successes in some of the largest and most complex global customer environments across demanding verticals like financial services, software, communications, and service providers.

In getting to know the Aqua team, it was overwhelmingly clear that there was incredible alignment of vision between our teams. As a pioneer and leader in the cloud native application protection platform (CNAPP) space, Aqua is already well on the way to realizing the vision that we believe is desperately needed by the market.

Open source commitment

Like many long-time veterans of the infosec industry, we grew up in many ways alongside the industry itself; during a time before robust standards existed around best practices, techniques, tools, and knowledge. We learned through first-hand experience and by generous peers and colleagues sharing their own knowledge and open source tools – an important trend that has continued as a hallmark of the infosec industry.

It’s always been important to us to continue to contribute tools and information back to the community through open source projects wherever possible. Here again, Aqua leads by example, curating and contributing to respected and widely adopted tools like CloudSploit, Trivy, Tracee, kube-bench, kube-hunter, and Starboard.

What will we be doing?

Workflows built for humans 

We will be bringing the research, tools, and customer insights we’ve gained into the Aqua product teams to continue the journey of creating not only the best technology, but the best user experience. By working closely with customers, we’ve been able to see first-hand how they’ve implemented security solutions in their environments; how they are forced to bend and conform to the limitations of their tools instead of the other way around. It’s clear there is more work to be done here.

We need to surface the relevant and actionable data in a way that seamlessly integrates into teams’ existing workflows. We need tools that allow teams to make meaningful progress in reducing risk and then get out of the way so they can get back to running their businesses. In taking stock of the cloud native security landscape, it was clear that Aqua had the strongest foundation for our next step on this journey.

Closing thoughts

In closing, this union reminds us of an old quote that has surged in popularity recently, though its origins are still debated; “If you want to go fast, go alone, if you want to go far, go together.” As serial startup founders, we’re used to moving as fast as possible, and certainly alone in the early stages. When presented with the opportunity to join the Aqua team, it was clear that this was an opportunity to go much, much farther… together.


Brad Geesaman and Josh Larsen

Brad is the Director of Cloud Security at Aqua and the co-founder and Chief Security Architect at Darkbit. Josh is the Director of Cloud Product at Aqua and the founder and CEO of Darkbit.