Search software giant Elastic NV is continuing its march into the cybersecurity business with Monday’s announcement of plans to acquire build.security, a red-hot Israeli startup that helps businesses enforce cloud security authorization policies.
Financial terms of the acquisition were not disclosed.
Build.security, which maintains offices in Tel Aviv, Israel and Sunnyvale, Calif., raised $6 million in early-stage venture capital funding led by YL Ventures.
The build.security deal follows Elastic’s $243 million acquisition of Endgame and solidifies the Dutch company’s expansion of its endpoint detection and response (EDR) capabilities.
Previously known as Elasticsearch, the company sells Elastic Stack, a combination of search and logging software that lets businesses search, analyze and visualize data at scale.
The company’s new Elastic Security arm combines SIEM threat detection features with endpoint prevention and response capabilities to provide what is being described as a “limitless” extended detection and response (XDR) platform.
[ Related: Elastic to Acquire Endpoint Security Firm Endgame for $243 Million ]
“The addition of build.security extends Limitless XDR to enable the enforcement of security actions for cloud-native environments including hosts, virtual machines, and containers orchestrated by Kubernetes,” Elastic NV said in a statement announcing the deal.
“By integrating the build.security technology into Elastic Security, customers will be able to continuously monitor and ensure that their cloud environments are secure in keeping with the policies they have in place, as well as continuously validate their security posture against well established standards such as the Center for Internet Security (CIS) benchmarks.”
Founded by Amit Kanfer with backing from YL Ventures and several big-name security executives, build.security sells an authorization policy management platform powered by the open source authorization engine Open Policy Agent (OPA).
The build.security platform helps developers address the challenges associated with implementing role-based access controls (RBAC) and attribute-based access controls (ABAC) in enterprise applications.
The company’s tools help to create, distribute, manage and test access policies, including user-to-application, service-to-service, employee-to-internal access, and data access policies.
[ READ: Inside the Battle to Control Enterprise Security Data Lakes ]
Once the deal closes, Elastic and build.security plan to offer the ability to manage OPA policies directly in Kibana, enforce OPA policies through the Elastic Agent, and store the results of OPA policy executions within Elasticsearch using the Elastic Common Schema (ECS).
“The initial integration with build.security will focus on Kubernetes admission controller, enabling security and compliance at deployment time, and will continue with build-time policies scanning cloud configuration files. With this, users will be able to shift-left and enforce security for their cloud-native applications earlier in the life cycle of their applications,” Elastic said.
Related: build.security Emerges From Stealth With $6M Funding
Related: Elastic to Acquire Endpoint Security Firm Endgame for $243 Million
Related: Inside the Battle to Control Enterprise Security Data Lakes

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.
More from Ryan Naraine
- VMware Plugs Critical Flaws in Network Monitoring Product
- Keep Aware Raises $2.4M to Eliminate Browser Blind Spots
- OpenAI Unveils Million-Dollar Cybersecurity Grant Program
- Galvanick Banks $10 Million for Industrial XDR Technology
- Microsoft Catches Chinese .Gov Hackers Targeting US Critical Infrastructure
- Researchers Spot APTs Targeting Small Business MSPs
- Mikrotik Belatedly Patches RouterOS Flaw Exploited at Pwn2Own
- Red Hat Pushes New Tools to Secure Software Supply Chain
Latest News
- In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- Google Introduces SAIF, a Framework for Secure AI Development and Use
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Finds
