JFrog Acquires Vdoo: Expanding DevOps Security with AI-Powered IoT Protection

JFrog Expands into Cybersecurity with Vdoo Acquisition

JFrog, a leading provider of software delivery and update management solutions, is strategically expanding its capabilities into the critical area of cybersecurity. The company is set to acquire Vdoo, a firm specializing in an AI-powered platform designed to identify and remediate vulnerabilities within software systems operating on IoT and connected devices.

Deal Details and Company Backgrounds

The acquisition, a combination of cash and stock, is estimated to be worth around $300 million, as confirmed by JFrog. JFrog, headquartered in Sunnyvale, California, with origins in Israel, is a publicly traded company on the Nasdaq exchange, boasting a current market capitalization of $4.65 billion.

Vdoo had previously secured approximately $70 million in funding from investors including NTT, Dell, GGV, and Verizon. Estimates following its latest funding round placed the company’s valuation between $100 million and $200 million, indicating a substantial return on investment.

Strategic Rationale for the Acquisition

Shlomi Ben Haim, JFrog’s co-founder and CEO, explained that the move towards enhanced security and the Vdoo acquisition specifically, represent a logical evolution in the company’s mission to deliver a comprehensive, end-to-end platform for DevOps teams.

Initially, JFrog focused on educating the market regarding key priorities in software building, testing, and deployment. However, around 2015-2016, a critical gap emerged – security. The increasing speed of development inadvertently introduced numerous security vulnerabilities, often creating friction between developers and InfoSec professionals.

JFrog has proactively developed tools, such as its X-ray product, to address these challenges and align priorities. The Vdoo acquisition signifies a considerable advancement into the security of hardware and the systems running on software, described by Ben Haim as “a very important leap forward.”

The Growing Importance of IoT Security

Vdoo was founded on the understanding that the proliferation of IoT and connected devices – estimated at 50 billion units last year – presents a significant security challenge. This challenge stems not only from the sheer volume of devices but also from their inherent vulnerabilities, including zero-day exploits, CVEs, configuration errors, and non-compliance with security standards.

Traditional connected-device security often concentrates on monitoring data flow. Vdoo differentiates itself by monitoring the behavior of the devices themselves, utilizing AI to detect anomalies and identify potential issues. This approach complements JFrog’s existing binary analysis capabilities within its DevOps platform.

Expanding JFrog’s Reach to the Edge

The acquisition will extend JFrog’s presence to the “edge” of the network, as Vdoo’s platform includes “micro agents” that operate directly on devices to detect and resolve vulnerabilities at the endpoint.

While JFrog has organically grown its business, it has also strategically acquired companies to integrate new technologies, such as Shippable for continuous integration and delivery. Netanel Davidi, co-founder and CEO of Vdoo, emphasized the strong synergy between the two companies, highlighting their shared approach to binary analysis as a key factor in the deal.

“Our approach to binaries is fundamental to covering the entire pipeline, from development to the device, server, application, or mobile phone,” Davidi stated. “This is the only way to truly understand contextual risk.”

Talent Acquisition and Integration Plans

The acquisition will bring 100 new employees to JFrog, increasing its total workforce to 900. Davidi noted that building a comparable security team internally would have been possible, but Vdoo’s existing expertise in security research, vulnerability analysis, and reverse engineering – particularly in the challenging areas of embedded systems and IoT – provides a unique advantage.

“We have built the best security team, the best security researchers, the best vulnerability researchers, the best reverse engineers…focusing not only on embedded systems, and IoT, which is considered to be the hardest thing to learn and to analyze, but also in software artifacts. We are bringing this knowledge along with us.”

Future Outlook and Financial Guidance

Vdoo will initially continue to operate as a standalone SaaS product, with updates focused on supporting the broader JFrog platform. The companies aim to deliver a fully integrated, “holistic” product by 2022.

JFrog reaffirmed its financial guidance for the quarter ending June 30, 2021, projecting revenues between $47.6 million and $48.6 million, with non-GAAP operating income of $0.5 million to $1.5 million and non-GAAP EPS of $0.00 to $0.01. For Full Year 2021, revenues are anticipated to range from $198 million to $204 million, with non-GAAP operating income between $5 million and $7 million. Operating expenses are expected to increase by $9-10 million in the latter half of 2021, factoring in the acquisition.