Aqua Security on Wednesday introduced a novel new warranty concept: the company will pay up to $1 million in the event of a proven successful attack.
Company officials said they will make the warranty available at no cost to customers that have deployed Aqua’s Cloud Native Application Protection Platform (CNAPP).
“Production workloads are the crown jewels in cloud native environments, and that’s what the attackers are after,” said Dror Davidoff, co-founder and CEO of Aqua Security. “Aqua is the only vendor that can thwart attacks across the entire development lifecycle and stop attacks when they mater most: in production. The best way to demonstrate confidence in our platform is to put our repuation on the line with a warranty. No one else in our space can make this claim.”
Similarly, cloud data management and enterprise backup software provider Rubrik began offering a warranty agreement last year for post-ransomware attack data recovery and restoration services of up to $5 million if it couldn't recover protected data after a ransomware attack.
Aqua's warranty is a bold move that’s exciting to see in this market, offering differentiation that nobody can dispute, said Melinda Marks, a senior analyst at the Enterprise Strategy Group. Marks said Aqua Security believes their platform can prevent security vulnerabilities and coding mistakes from being deployed to production, and in the case of a cloud-native attack on applications connected to the platform, the platform can identify and stop the attack.
“If a customer is unsure about the effectiveness of their solution, this makes a good case to not worry about the risk of an attack,” Marks said. “It will be interesting to see how well this campaign performs and whether customers will collect the money. It would also be interesting to know whether collection of the money involves signing an NDA or other agreement to not complain about the Aqua platform.”
Frank Dickson, who covers security and trust at IDC, said he absolutely loves that a security vendor has changed the conversation from the typical saber rattling of “my machine learning is better than your machine learning” to a discussion of outcomes. Dickson said Aqua Security has forcefully said that “we stop breaches.”
“Many have discussed the transition of the cloud shared-responsibility model to the shared-fate model,” Dickson said. “Aqua Security is the first that I know of to guarantee the shared fate with a $1 million guarantee.”
Corey O’Connor, director of products at DoControl, said more technology providers are standing behind their solutions and introducing a financial incentive in the form of a warranty. O’Connor said it’s a great move as there are so many parameters involved in a standard cyberattack.
“Traditional security tools do not hold weight in all forms of 'as-a-service' offerings,” O’Connor said. “To have the confidence in the tools that your company is providing to close the gap in their respective area of security shows credibility as a technology provider. More importantly, it builds confidence and trust in the consumer of your service.”
Davis McCarthy, principal security researcher at Valtix, added that Aqua Security’s warranty defines a cloud-native cyberattack as unauthorized access to the OS of a host protected by their platform. McCarthy pointed out that Aqua’s definition of a cloud-native cyberattack is limited to their products' capabilities, and threats to the cloud go beyond the host.
“Also note that their warranty excludes breaches related to a misconfigured S3 bucket or the abuse of an API,” McCarthy said. “Aqua believes that their product can prevent cloud-native cyberattacks, which is a positive endorsement of confidence.”
