Containers — the software packages of code and dependencies that run consistently across computing environments — are riding a worldwide popularity wave. According to a recent study published by Nemertes, 45% of enterprises used containers by the end of 2018 (compared with 21% in 2017), and Grand View Research reports that by 2025, the industry might reach $8.2 billion.
That’s no doubt music to the ears of Amir Jerbi and CEO David Davidoff, who cofounded containerized app startup Aqua Security in 2015. The Tel Aviv company — whose customers include EllieMae, Microsoft, Telstra, Hewlett Packard Enterprise, Salesforce, Aviva, LifeWay, Healthgrades, HBC, HomeAway, and UNC Lineberger, among others — today announced that it has secured $62 million in funding led by Insight Partners, with participation from Lightspeed Venture Partners, M12 (Microsoft’s venture fund), TLV Partners, and Shlomo Kramer.
The fresh capital puts Aqua Security’s total raised north of $100 million, following a $25 million series B in 2017 and $9 million series A in 2016. And it comes after a year in which Aqua quadrupled its client base, which now includes five of the world’s top 10 banks, six of the world’s 15 largest insurance companies, and more than 100 blue chip corporations across the energy, aerospace, internet, media, travel, retail, pharmaceutical, and hospitality sectors.
“We are thrilled to have Insight Partners as investors to propel Aqua’s next phase of growth,” Davidoff said. “The adoption of cloud native technologies provides an opportunity for security to be redefined, addressing the chronic cybersecurity skills shortage through automation, and creating applications that are secure by design. With this significant investment and our focus on the needs of enterprise customers and product innovation, we can take the next step to realize our vision.”
Aqua Security’s eponymous Aqua container-based app management platform runs on-premises or in the cloud and ensures that containers remain immutable, preventing changes compared with their originating images. It provides a central console from which multi-team and multi-customer environments can be managed together or in isolation and supports Active Directory and LDAP for permissions configuration and single sign-on. Additionally, it offers prebuilt integrations for third-party productivity and analytics tools like Slack, Jira, PagerDuty, Splunk, Loggly, and ArcSight, through which it passes along vulnerability data, alerts, and audit events in real time. And it integrates with secrets vaults like HashiCorp, CyberArk, AWS KMS, or Azure Vault, delivering encrypted tokens and private keys to containers at runtime and loading them in memory so they’re visible only to the containers that require them.
On the security side of things, Aqua’s low-overhead runtime protection service — which secures apps predeployment through a command-line interface that orchestrates automated validation testing within tools such as Jenkins and Bamboo, leveraging a “constantly updated” stream of vendor advisories and other sources — scans up to thousands of images nodes for vulnerabilities, embedded secrets, configuration and permission issues, and malware. It affords admins the freedom to monitor and control container activity based on custom policies and machine-learned behavioral profiles and to block activities and processes or limit container networking based on app contexts auto-detected by Aqua’s firewall configuration utility.
Aqua offers out-of-the-box default compliance policies for PCI-DSS, HIPAA, NIST, and CIS, and its containers work across popular cloud-native platforms like Microsoft’s Azure, Red Hat’s OpenShift, Amazon Web Services, Mesosphere, IBM Cloud, and Google Cloud. But as impressively holistic as the suite seems, it’s far from the only one on the market.
Others come from Sysdig and Tigera, which recently raised $68.5 million and $30 million, respectively, and Twistlock, Capsule8, NeuVector, StackRox, Layered Insight, and Tenable. Meanwhile, Docker, the San Francisco startup behind the ubiquitous container toolkit of the same name, raked in $92 million last year.
Jerbi, for one, isn’t worried and says that Aqua’s customer acquisition momentum sets it apart. “We help our customers create applications that are secure by design,” he said. “[We’re committed to] enabling agile DevOps and hybrid cloud deployment with no compromise on security or compliance.”
“As investors in several leading cloud technology providers, we were impressed by Aqua and its track record as a security leader in this hyper-growth space,” added Insight Partners’ Jeff Horing. “Aqua’s vision, their unrivaled investment in open source technologies, and deep relationships with strategic partners have created a tremendous opportunity as customers accelerate their move to cloud-native platforms. We look forward to Aqua joining the Insight portfolio and seeing their continued growth.”