Elastic Acquires Build.Security - Enhanced Security Policy Management

Elastic Acquires build.security for Undisclosed Sum

Just under a year following its $6 million seed funding round, build.security, a startup with locations in Tel Aviv and Sunnyvale, has been acquired by Elastic.

The financial details of this transaction are currently not being made public. Completion of the acquisition is anticipated during Elastic’s second fiscal quarter of 2022, which concludes on October 31, 2021.

Integration and Expansion Plans

According to Ash Kulkarni, Elastic’s chief product officer, the build.security engineering team will continue operating as a cohesive unit within the Elastic Security division post-acquisition.

Furthermore, this acquisition will serve as a catalyst for expanding Elastic’s footprint in Israel. Amit Kanfer, co-founder and CEO of build.security, is slated to assume the role of site lead for the region.

Focus on Security Policy Management

build.security specializes in the management of security policies for applications. A central component of their technological approach is the Open Policy Agent (OPA) project, an open-source initiative under the Cloud Native Computing Foundation (CNCF).

The CNCF also governs Kubernetes. OPA was initially developed by Styra, a company that has secured $40 million in funding to advance policy management and authorization technologies.

Integral to OPA is the Rego query language, utilized for defining and structuring security and authorization configuration policies.

The Importance of Policy in Security

“Policy is a foundational element of a robust security posture,” Kulkarni stated. “OPA and Rego offer a standardized, open method for defining, managing, and enforcing policies across all environments.”

Complementary Technologies and Future Applications

Kulkarni emphasized that security policy technology complements Elastic’s existing security and observability initiatives.

Elastic envisions leveraging OPA and build.security’s related technologies to enhance security during deployment and, eventually, build-time security for cloud-native applications.

Industry Validation and Developer-Focused Solutions

John Brennan, a YL Venture partner involved in build.security’s seed funding round, believes the acquisition represents a strong strategic fit for both organizations, given their shared commitment to developer-centric solutions built on open-source technologies.

“Elastic’s move as a market leader confirms the necessity for change within the authorization landscape,” Brennan commented. “This collaboration will expedite build.security’s ‘shift-left’ strategy, embedding access protection early in the development lifecycle, rather than attempting to add it later or neglecting it altogether.”

Elastic’s Security Portfolio

Elastic is well-known for its Elastic Stack, encompassing Elasticsearch for search, Logstash for log monitoring, and Kibana for data visualization.

The company has broadened its scope into security through acquisitions, notably Endgame Security in 2019 for $234 million.

On August 3, Elastic unveiled its Limitless XDR capabilities, integrating endpoint security with security information and event management (SIEM).

Future Goals: Cloud Security Enforcement

Kulkarni articulated that the acquisition’s objective is to deepen Elastic’s security capabilities, specifically moving towards cloud security enforcement.

Once the integration is complete, users will be able to utilize the Elastic Stack to visualize and manage compliance policies and policy decisions at scale.

A primary initial application of build.security’s technology will be the development of a Kubernetes security and compliance product powered by OPA.