Elastic Acquires CMD: Expanding Security Capabilities

Elastic Expands Security Portfolio with CMD Acquisition

Following the recent acquisition of build.security, Elastic has announced another strategic move in the security sector. The company revealed its acquisition of CMD, a Vancouver, Canada-based security vendor, during its second-quarter earnings announcement.

CMD's Core Technology

CMD specializes in providing runtime security for cloud infrastructure. Their technology enhances organizational visibility into running processes. Founded in 2016, the startup secured $21.6 million in funding, with a $15 million Series B round led by GV in 2019.

Leadership Integration

Elastic’s CEO and co-founder, Shay Banon, stated that CMD employees will be joining the Elastic team. The exact number of incoming personnel wasn't disclosed. Both CMD CEO and co-founder Santosh Krishan, alongside co-founder Jake King, will assume executive positions within Elastic.

Synergy with Build.Security and the Elastic Stack

Both build.security and CMD will be integrated into Elastic’s security division. These technologies will be incorporated into the Elastic Stack, providing comprehensive visibility into an organization’s operational environment and bolstering security insights to mitigate potential risks.

Elastic has been consistently strengthening its security offerings, notably with the 2019 acquisition of Endgame Security for $234 million.

The Rise of eBPF and Cloud Security

Banon highlighted the increasing demand for enhanced introspection and protection for Linux environments as organizations migrate to the cloud and adopt Kubernetes. CMD’s technology directly addresses this need.

CMD’s security service leverages the open-source technology eBPF. This allows for deep integration with the Linux operating system, providing both visibility and security control. Development efforts are underway to extend eBPF support to Windows workloads.

Competition in the eBPF Space

CMD is not alone in utilizing eBPF. Isovalent, which raised $29 million in a Series A round in November 2020, is also a key player in this area. The Linux Foundation recently established an eBPF Foundation, with participation from major tech companies like Facebook, Google, Microsoft, Netflix, and Isovalent.

Alignment of Vision

Banon emphasized the strong alignment between CMD’s development and Elastic’s core objectives.

“At Elastic, we believe in the principle of ‘observe, then protect’,” Banon explained. “CMD shares this same passion, recognizing that observability is the foundation of effective security.”

Integration Timeline and Strategy

Integrating CMD’s technology into the Elastic Stack will require time, but is expected to proceed relatively smoothly. Banon noted that acquiring startups often simplifies integration compared to larger vendors.

“We dedicate time to integrating acquisitions into a unified product line,” Banon stated.

The process involves incorporating external technologies into the Elastic Stack, which can be time-consuming. The integration of Endgame’s technology, for example, took two years.

“We generally find it easier to collaborate with smaller companies possessing innovative technology that can be readily integrated into our stack,” Banon concluded.