Aqua News

Container registries and vulnerability scanners are often bundled together, but they are not the same thing. Code scanning may occur at multiple points in a container deployment workflow. Some scanners will be bundled with existing solutions, while others are point solutions. There differences can be measured by the data sources they use, what is being checked, and the actions are automatically taken as the result of a scan.

When it comes to enterprise application development, security is still an afterthought, coming in right before a release is deployed. The rapid adoption of software containers presents a rare opportunity for security to move upstream (or in devops-speak, to facilitate its “shift left”) and become integrated early on and throughout the software delivery pipeline. However, most security teams don’t know what containers are, let alone what their unique security challenges might be.

Aqua, formerly known as Scalock, is a container security startup founded in early 2015 by IT security veterans Dror Davidoff and Amir Jerbi. The company quickly realized that containers present the next major development in data center technology and that containerized environments created new challenges in security, which the company says it will try to reinvent.

Containers are more secure than apps running on a bare OS and organisations that like not being hacked therefore need to seriously consider a move, according to analyst firm Gartner… As the paper’s name implies, Docker needs to be done right in order to deliver its security benefits. Doing it right means hardening the host on which Docker runs in accordance with Docker’s own guidance, then considering third-party Docker security products from the likes of Aqua Security, CloudPassage, Twistlock and Weave.

Approximately one month after the global launch of its Container Security Platform, Aqua today announced its first set of enhancements and is launching version 1.1 of its platform at DockerCon 2016.

New Functionality and Integrations Underscore Aqua’s Ability to Deliver Practical, Comprehensive Security Throughout the Entire Container Lifecycle DockerCon 16: Seattle Washington, June 20 2016 – One month after the global launch of its Container Security Platform, Aqua today announced its first set of enhancements, and is launching version 1.1 of its platform at DockerCon 2016. …

As security-conscious as Docker and other container platform vendors are, they can’t control or foresee how their customers will utilize containers. In a few blinks of an eye, companies will be following Goldman Sachs and BNY Mellon’s lead. Any organization evaluating a container-based strategy needs to make sure security is brought in early.

Rani Osnat, VP Marketing at Aqua, highlighted the impact of this last point in particular (and the often unexpected speed with which processes can change) saying that, “Containerized environments often work at DevOps speeds. Make sure that policy creation, policy updates, and security enforcement are all automated and integrated with CI/CD and orchestration tools.”