Elastic has acquired Tel Aviv-based startup Build.security less than a year ago, after it raised $6 million in seed funding. The financial terms of the deal have not been disclosed. The deal is expected close in Elastics Q2 FY22 (ending Oct. 31, 2021).
Ash Kulkarni (chief product officer at Elastic), stated in an email to TechCrunch that the Elastic Security organization will retain the build.security technical unit once the acquisition is complete. Kulkarni said that the acquisition would also serve as the foundation for an Elastic presence in Israel. Amit Kanfer (co-founder and CEO build.security) will be the site leader for the region.
Build.security focuses on application security policy management. Open Policy Agent (OPA), an open-source project that is part of Cloud Native Computing Foundation (CNCF), is a core component of the company's technology approach. Kubernetes is also a part of CNCF. OPA was initially started by Styra, a startup that has raised $40 million to expand its policy management and authorization technology. Rego query language is a part of OPA and is used to create authorization configuration policies and security policies.
Kulkarni stated that policy is a key element of security. Rego and OPA provide a standard-based, open way to manage and enforce policies all over the world.
Kulkarni pointed out that security policy technology complements Elastics efforts to improve security and observability. Elastic believes there is potential to use OPA and the technology build.security built on top of OPA for deployment time and, in the future, build security for cloud-native environments.
John Brennan, YL Venture partner and who led the seed round build.security, sees the acquisition to be a good fit since both companies are creating open-source solutions for developers.
Brennan stated that this move by Elastic, a market leader in authorizations, validates the need to transform the space. This partnership will accelerate build.securitys' left vision of embedding access protection efficiently from the beginning, rather than bolting it on after it has happened or worse, completely ignoring it.
Elastic is well-known for its Elastic Stack. This provides Elasticsearch search capability and Logstash log monitoring. It also allows Kibana data visualization. The company has been expanding into security in recent years, with Endgame Security being acquired by Elastic for $234 million in 2019. Elastic's Limitless XDR capability, which combines endpoint security and security information management (SIEM), was announced by Elastic on Aug. 3.
Kulkarni stated that the acquisition will allow them to expand their security efforts and move towards cloud security enforcement. Kulkarni explained that once the acquisition is complete, and the technology has been integrated, users will have the ability to use the Elastic Stack for visualization and management of compliance policies and policy decision at scale. The build.security technology's first use case will be the development of a Kubernetes security product and compliance product that is based on OPA.