Aqua Security Inc., a startup helping enterprises protect their cloud workloads from vulnerable and malicious code, today announced that it has raised $60 million in funding.

Evolution Equity Partners led the investment. It was joined by Insight Partners, Lightspeed Venture Partners and StepStone Group. The capital injection, which was provided as an extension to a $135 million Series E round Aqua Security originally closed in 2021, values the company at more than $1 billion.

Boston-based Aqua Security provides a CNAPP, or cloud-native application protection platform, of the same name. The platform allows enterprises to check new code written by their developers for cybersecurity issues before deploying it. Moreover, Aqua Security says that it can also protect that code from hacking attempts after it has been released to a company’s production cloud environment.

“Eight years ago, we envisioned a world where all new applications would be built native to the cloud,” said Aqua Security co-founder and Chief Executive Officer Dror Davidoff. “Today we are here in a market we pioneered with a purpose-built solution to protect customers’ digital transformations.”

Enterprise applications typically incorporate multiple open-source components. According to Aqua Security, its platform can scan each open-source component that a company’s developers install for known vulnerabilities. The software finds other issues as well, such as licensing restrictions and low-quality code that may make application maintenance unnecessarily difficult.

Aqua Security says its platform can find vulnerabilities in not only application teams’ code but also their programming toolkits. It detects insecure configuration settings across GitHub, Jenkins and other popular development tools. It also provides remediation suggestions for each issue that it detects to speed up the troubleshooting process.

The company’s platform logs every change that developers make to a code repository, which helps enterprises ensure internal cybersecurity policies are being met. Before submitting a new code snippet to the repository, a developer can equip it with a cryptographic signature. This is a piece of data that makes it easier to check for tampering attempts.

Aqua Security can also spot cybersecurity issues in applications after they exit the development phase. According to the company, its platform automatically scans customers’ cloud workloads for signs of malicious activity. It looks for breach indicators such as container escapes, or situations where an application bypasses the software container in which it’s running to access the underlying operating system.

Software teams manage the cloud infrastructure on which their applications run using so-called IaC, or infrastructure-as-code, scripts. Those scripts automate routine administrative tasks such as spinning up new virtual machines and installing operating systems. Aqua Security’s platform scans IaC files for configuration issues that may increase the risk of cyberattacks. 

The company’s newly announced funding round follows a period of rapid growth. In September, Aqua Security disclosed that it had experienced a 65% “increase in new business” during the first half of 2023. The company claims that its platform is now used by more than 500 customers including Apple Inc., JPMorgan Chase & Co. and other large enterprises. 

Image: Aqua Security