Demisto is a leading Security Orchestration, Automation, and Response (SOAR) platform that helps security teams accelerate incident response, standardize and scale processes, and learn from each incident while working together. It combines security orchestration and automation, incident management, and interactive investigation to help security teams meet these challenges and best leverage existing and new security investments.
As a security software vendor serving security professionals, Demisto must adhere to the strictest security best practices when it comes to how its own software is developed and deployed. Demisto’s engineering chose to use Docker containers as a key component of its agile development process. It was important for the engineering team to vet the container images it uses, ensure that they don’t contain vulnerabilities, embedded secrets or malware, and that they are configured to run according to best practices. The team also had to be able to be sure that only approved images can be used in production, and get alerted on any new vulnerabilities that may have gone undiscovered previously, but are in use within packages used in its application.
In late 2017, after vetting several solutions, Demisto chose the Aqua Container Security Platform to secure its container image development pipeline and runtime environments. Aqua was easy to integrate into Demisto’s CI pipeline and image registries, where images are automatically scanned using the latest vulnerability data. Demisto was then able to create image assurance policies that control the flow of images from development into production based on various factors that constitute acceptable risk – for example, no images with high severity vulnerabilities can be deployed.
Aqua was also chosen for its compatibility and tight integration with key AWS services that are in constant used by Demisto.
Aqua provides us with the automated visibility and control that we need to protect our applications, tightly integrated into our development pipeline and runtime environment. Aqua’s highly targeted prevention capabilities mean we don’t have to trade off business continuity for security. Dan Sarel, VP Product and Co-Founder
Demisto uses multiple AWS services across two main areas. The bulk of its engineering infrastructure is done on AWS, using Amazon EC2, Amazon ECS and ECR, and auxiliary services such as AWS S3 and CloudWatch. Additionally, Demisto runs a hosted service for its customers, that runs on AWS and leverages AWS ALB.
Aqua’s platform integrates with Amazon ECR (Elastic Container Registry) to facilitate image vulnerability scanning and is deployed using Amazon ECS to protect container workloads.
By using the Aqua platform, Demisto is able to secure its container-based development pipeline, leveraging automation to reap the benefits of agile development without introducing unnecessary risk.
Additionally, Demisto has gained visibility into its container stack from development to runtime, keeping tabs on security issues as they emerge:
Docker CE • AWS Amazon • EC2 Amazon ECS and ECR • AWS S3 • CloudWatch