In this broad-ranging interview we discuss Aqua Security as a company, the threats and possibilities posed by AI, and all things cyber security.
Zhihao Tan is Director, Solution Architects for APJ at Aqua Security
Please start by describing Aqua Security – what makes your organisation different to others, or stand out from the pack?
Aqua was founded in 2015 with the singular mission to protect cloud native assets. We saw the transition to cloud native technologies in its infancy, and we recognised the major security problems it created.
There was a need for an entirely new approach to security – one purpose – built to enable organisations to move to cloud native safely. Aqua developed the first-ever platform to protect cloud native environments. Since then, we’ve become leaders in cloud native security from code to cloud and back, researching and developing new solutions to see and stop attacks.
Tell us about your market strategy in Australia – do you sell direct to customers, or work with MSSPs and resellers?
Aqua targets enterprise customers, and we often work with channel partners, system integrators, VARs or other strategic partners to build the strongest relationships and provide the most value for customers. We have a large partner ecosystem that’s part of our Aqua Advantage partner program and this helps drive the adoption of cloud native technologies.
Looking at the current threats and security market at present, what are you seeing – what is keeping CISOs awake at night?
AI-Powered threats and mitigation are top of mind. Last year, we saw the increasing adoption of AI in both offensive and defensive cybersecurity strategies. This trend will intensify in 2024, with AI-driven threat actors becoming more sophisticated and organisations deploying advanced AI-driven security measures. The industry has and will continue to recognise the importance of staying ahead of these evolving threats through behavioural analytics, anomaly detection, and ethical AI practices.
Also, increasing stringent regulatory requirements means that governments now seek to make examples of security leaders, reinforcing the urgency of fortifying digital defences. CISOs are challenged not only to adapt but also to innovate and proactively secure their organisations against dynamic and persistent threats.
Talk of AI is everywhere, how does Aqua see the ‘arms race’ playing out – will it benefit defenders or attackers more?
In terms of who will benefit, it truly is an arms race. The cybersecurity community will need to prioritise the development of new standards and best practices for AI security, focusing on resilience against AI-powered threats.
We are leveraging AI to protect our customers’ applications. This means using AI inside Aqua, as well as embedding AI in the Aqua Platform in order to be more efficient and effective in detecting and stopping attacks.
AI impacts Aqua in two overarching ways:
AI as an attack vector. The cybersecurity landscape is predicted to encounter a significant shift due to the strategic incorporation of artificial intelligence by cyber attackers. We are already seeing the impact. With the help and intelligence of our Nautilus research team, we can help our partners and customers stay ahead of and defend against AI-based attacks. (Here’s a useful overview of what Nautilus is preparing for in 2024 as it relates to AI threats.)
AI to aid threat hunting. At the same time, we are leveraging and innovating our own AI solutions to make our process of identifying and evaluating attacks more efficient and effective. With the help of AI, we anticipate a more thorough analysis and understanding of the methods threat actors use in the cloud and their developing techniques. AI can also help in other areas such as remediation.
On a broader scale, what is happening inside the cyber security industry at present – any other trends or points of interest on the radar?
In addition to AI, the other key trends in cyber security are centred around data privacy, supply chain security and defending against continuous threat exposure.
Data privacy: As privacy regulations become more stringent, and user data protection gains prominence, organisations are intensifying their efforts to navigate this complex landscape. They are not only focusing on compliance but also enhancing data security through encryption, robust access controls, and data anonymisation.
Supply chain security: Cyber-attacks targeting the supply chain have the potential to disrupt businesses and even national security. As a result, organizations are increasing their efforts to assess and strengthen their supply chain security, recognizing the need for robust vendor risk management practices and continuous monitoring to address these growing risks.
Defending against continuous threat exposure: Cybersecurity professionals are challenged not only to adapt but also to innovate and proactively secure their organisations against these dynamic and persistent threats. As the threat landscape evolves so does the enterprise attack surfaces, and it continues expanding far beyond what most effective patch management programs can cover. The time has come for a forward-looking defence strategy that requires modernisation of the assessment tool portfolio. These tools must not only inventory patchable and un-patchable exposures, but also prioritise findings based on what an attacker could really do. To achieve that, CISOs must validate the reality of the exposure based on the ability to penetrate existing security defences.
Looking at Aqua Security now, what are you and your development teams working on – anything exciting in the works (you don’t have to give too much detail here).
Virtually every organisation around the world is moving to the cloud to gain speed and agility. They are doing this by building a new class of cloud-first applications called cloud native applications. This shift to the cloud introduces new DevSecOps processes and tools, and also introduces new security concerns.
We will be investing in our bread and butter: end-to-end, integrated cloud native application security – which includes expanded opportunities to integrate code, build and runtime security across the entire lifecycle of an application, from beginning to end.
As part of this, we have two key areas where we’re focused on this year:
Enhancing our container security capabilities and ensuring that we stay on the cutting edge of attacks. This includes continued investment in our Aqua Nautilus research team. Nautilus works to identify and understand cloud native attacks, and then helps us deploy those insights into our products so that we protect our customers from the next and future generations of attacks.
Leveraging AI to protect our customers’ applications. This means using AI inside Aqua, as well as embedding AI in the Aqua Platform in order to be more efficient and effective in detecting and stopping attacks.
