Aqua Security Puts Its Money Where Its Claims Are

Recently Aqua Security, a cloud native security provider, announced its open source security scanner Aqua Trivy could scan just about any cloud native resources for security problems. Sounds good, but can Aqua really protect you from all possible attacks? Well, they’re willing to bet a million bucks they can protect your systems from attackers.
Dror Davidoff, Aqua Security CEO and co-founder, said, “Aqua is the only vendor that can thwart attacks across the entire development lifecycle and stop attacks when they matter most: in production. The best way to demonstrate confidence in our platform is to put our reputation on the line with a warranty. No one else in our space can make this claim.”
$1 Million in Protection
The company is doing it with the first, and so far, only, $1 Million Cloud Native Protection Warranty. The warranty claims its Cloud Native Application Protection Platform (CNAPP), can stop any and all cloud native attacks. You get the warranty at no cost to all customers when you fully deploy the Aqua Platform. If an attacker gets through, Aqua will pay up to a cool million in the event of a proven successful attack.
Of course, the devil’s in the details. Simply claiming that you’ve been hacked won’t cut the mustard.
Instead, the “Cloud Native Attack” must include — deep breath — “unauthorized access by a third party to the operating system of a host protected by the Aqua Platform that results in the malicious exfiltration, destruction, and/or irreversible encryption of the company’s data, which the company believes is substantial (has to value over $5,000). This will be evaluated and determined by Aqua’s cloud native research team, Aqua Nautilus.”
Aqua Nautilus will also require a full export of the customer configuration and access to your deployment’s Aqua’s audit page. In other words, if something goes wrong, Aqua wants to know what it was.
Minimum Requirements
You must be a customer with a minimum of a 1-year Aqua Software-as-a-Service (SaaS) subscription of at least $200,000. Your Aqua Platform subscription must also include the container and K8s Security and Advanced Malware Protection components. These must be running in all production workloads, and you must adhere to best practices.
Oh, and sign the Warranty Agreement! Doh!
If with all that you’re hacked, the warranty pays out in the amount of $1,000 prorated on an annual basis, per affected host, up to 1,000,000 annually.
If you are hacked, you notify Aqua within 24 hours of becoming aware of the attack. Aqua will tell you what to do from there — and help you fend off the attacker.
There are exclusions, of course. They boil down to “Don’t be an idiot.” I’m sure a lawyer could put it better, but you get the idea.