.svg)
Review
“Aikido supports a crucial aspect of our FDA compliance. Its combined code scanning and cloud security features help ensure our medical devices meet necessary software security”
Jonathan V, Security Engineer at Xeos Medical
Aikido Security for
HealthTech
All-in-one vulnerability detection platform, with tailor-made compliancy features for the HealthTech industry.
Rating
4.7
These cloud-native companies sleep better at night
Why HealthTech needs vulnerability management?
HealthTech and MedTech companies frequently handle sensitive & personal information. A security breach can lead to compromised data, resulting in severe reputational damage, and often, legal consequences. Companies involved in your supply chain will require proof that you are protected against such threats.
Compliance
Get Your Technical Vulnerability Management In Check
Aikido performs checks and generates evidence for technical controls for ISO 27001:2022 & SOC 2 Type 2. Automating technical controls is a big step-up towards achieving ISO & SOC 2 compliance.
ISO 27001:2022
This globally recognized standard ensures that you systematically identify, assess, and mitigate risks to your information assets while complying with legal requirements. Aikido automates a variety of technical controls.
SOC 2 Type 2
SOC 2 is a procedure that ensures your service providers securely manage your data to protect the interests of your organization and the privacy of its clients. Aikido automates all technical controls, making the compliancy process much easier.
HITRUST & HIPAA
Organizations in HealthTech that create, access, store or exchange sensitive information should use the HITRUST & HIPAA frameworks to ensure that data is safely & securely kept. Aikido will help you with many of these security checks. (SAST & DAST, among other things).
Aikido covers all technical code and cloud security requirements for SOC2 Type 2 and ISO 27001:2022
SOC 2 Controls
Risk assement
CC3.3: Consider the potential for fraud
CC3.2: Estimate Significance of Risks Identified
Control activities
CC5.2: The entity selects and develops general control activities over technology to support the achievement of objectives
Logical and physical access controls
CC6.1 • CC6.6 • CC6.7 • CC6.8
System operations
CC7.1: Monitor infrastructure and software
CC7.1: Implement change detection mechanism
CC7.1: Detect unknown or unauthorized components
CC7.1: Conduct vulnerability scans
CC7.1: Implement filters to analyze anomalies
CC7.1: Restores the affected environments
Additional criteria for availability
CC10.3: Tests integrity and completeness of backup data
Change management
CC8.1: Protect confidential information
CC8.1: Track system changes
ISO 27001 Controls
Technological controls
A.8.2 Privileged access rights • A.8.3 Information access restriction • A.8.5 Secure authentication • A.8.6 Capacity management • A.8.7 Protection against malware • A.8.8 Management of technical vulnerabilities • A.8.9 Configuration management • A.8.12 Data leakage prevention • A.8.13 Backups • A.8.15 Logging • A.8.16 Monitoring activities • A.8.18 Use of privileged utility programs • A.8.20 Network security • A.8.24 Use of cryptography • A.8.25 Secure development lifecycle • A.8.28 Secure coding • A.8.31 Separation of development, test and production environments • A.8.32 Change management
Organizational controls
A.5.15: Access control
A.5.16: Identity management
A.5.28: Collection of evidence
A.5.33: Protection of records
Integrations
Integrate with your compliance suite
Are you using a compliance suite? Aikido integrates with the suite of your choice.
See our integrations
Vanta
The fastest path to compliance. It collects 90% of the evidence needed for your certification.
Drata
Automates your compliance journey from start to audit-ready and beyond.
Sprinto
Sprinto is a one-stop platform for all security compliances and certification audits.
Thoropass
Thoropass is an end-to-end compliance solution offering a seamless security audit experience.
Secureframe
Leading security compliance automation platform that makes getting any compliance fast & easy.
Upcoming
How it works
How Aikido works
Connect your code, cloud & containers
It does't matter on which tool stack you are. Aikido connects with most popular stacks and scans continuously for issues.
Get relevant security alerts
No need to sift through hundreds of security alerts. Only few of them really matter. Aikido auto-triages notifications.
Features
Vulnerability Scanning Features
1
All-in-one security
Aikido combines SCA, SAST, IaC, surface monitoring (DAST), container scanning and more - all in one platform. You'll never need another vulnerability scanner.
2
Instant Deduplication
When Aikido finds vulnerabilities, it will report duplicate issues as one issue. Unlike other scanners that will overload you with hundreds of security alerts, when the affected function is found multiple times. You'll only get alerted if there exists a known fix for any given vulnerability.
3
Actionable advice
No need to do your own CVE research. Aikido gives you the TL;DR, tells you how you're affected & how you can most easily fix it. The fastest way to remediate your security issues.
Learn more
4
Create SBOMs
Security audits typically require providing an SBOM. Aikido makes it easy to analyze this list in advance & generate it whenever required. You're also able to create an SBOM of containers.
Aikido's scanners
Built on reliable open source security scanners, all combined in one platform. Enhanced with our own code to cover any scanning gaps.
Cloud
Cloud posture management (CSPM)
Detects cloud infrastructure risks across major cloud providers.
Leverages
CloudSploit
Custom Rules Engine
Code & Containers
Open source dependency scanning (SCA)
Continuously monitors your code for known vulnerabilities, CVEs and other risks.
Leverages
Trivy
Syft
Grype
Custom Rules Engine
Code
Secret Detection
Checks your code for leaked and exposed API keys, passwords, certificates, encryption keys, etc...
Leverages
Gitleaks
Code
Static code analysis (SAST)
Scans your source code for security risks before an issue can be merged.
Leverages
Bandit
Semgrep
Gosec
Brakeman
Custom Rules
Code
Infrastructure as code
Scans Terraform, CloudFormation & Kubernetes infrastructure-as-code for misconfigurations.
Leverages
Checkov
Containers
Container image scanning
Scans your container OS for packages with security issues.
Leverages
Syft
Grype
AWS Inspector
Custom Scanner
Domain
Surface monitoring (DAST)
Dynamically tests your web app’s front-end to find vulnerabilities through simulated attacks. Built on ZAP & Nuclei.
Leverages
ZAP
Nuclei
Custom Rules
Code & Containers
Open source license scanning
Monitors your licenses for risks such as dual licensing, restrictive terms, bad reputation, etc..
Leverages
Syft
Grype
Custom Rules
Code
Malware detection in dependencies
Prevents malicious packages from infiltrating your software supply chain. Powered by Phylum.
Leverages
Phylum
Code & Containers
Outdated Software
Checks if any frameworks & runtimes you are using are no longer maintained.
Leverages
endoflife.date
Custom
Connect your own scanner
Imports and auto-triages findings from your current scanner stack.
Import from
GitHub Advanced Security
SonarQube
why aikido?
A non-corporate approach towards HealthTech Application Security
With Aikido, you’ll fast track your code & cloud security compliance while saving time and money.
60%
Cheaper
Open source tools don't always support all languages. Aikido combines multiple scanners to fix all gaps. (For example, Aikido supports .csproj files out of the box)
3x
Faster remediation
Compared to enterprise tools, that don't auto-triage duplicates or false positives. Focus on relevant and critical risks only.
All-in-one
Solutions
Compared to enterprise tools, which usually focus on one scanning technique.
FAQ
More to explore
Is Aikido's software pentested?
Yes. We run a yearly pentest on our platform and also have an ongoing bug bounty program to ensure the security of Zen is continuously tested by a wide range of security experts.
Does Aikido require agents?
No! Unlike others, we're fully API based, no agents are needed to deploy Aikido! This way you're up & running in mere minutes & we're way less intrusive!
I don’t want to connect my repository. Can I try it with a test account?
Of course! When you sign up with your git, don’t give access to any repo & select the demo repo instead!
What happens to my data?
We clone the repositories inside of temporary environments (such as docker containers unique to you). Those containers are disposed of, after analysis. The duration of the test and scans themselves take about 1-5 mins. All the clones and containers are then auto-removed after that, always, every time, for every customer.
More to explore
Get started for free
No credit card required.
