Security Experts:

Elastic to Acquire for Cloud Security Expansion

Search software giant Elastic NV is continuing its march into the cybersecurity business with Monday’s announcement of plans to acquire, a red-hot Israeli startup that helps businesses enforce cloud security authorization policies.

Financial terms of the acquisition were not disclosed., which maintains offices in Tel Aviv, Israel and Sunnyvale, Calif., raised $6 million in early-stage venture capital funding led by YL Ventures. 

The deal follows Elastic’s $243 million acquisition of Endgame and solidifies the Dutch company’s expansion of its endpoint detection and response (EDR) capabilities.

Previously known as Elasticsearch, the company sells Elastic Stack, a combination of search and logging software that lets businesses search, analyze and visualize data at scale.  

The company’s new Elastic Security arm combines SIEM threat detection features with endpoint prevention and response capabilities to provide what is being described as a “limitless” extended detection and response (XDR) platform.

[ Related: Elastic to Acquire Endpoint Security Firm Endgame for $243 Million ]

“The addition of extends Limitless XDR to enable the enforcement of security actions for cloud-native environments including hosts, virtual machines, and containers orchestrated by Kubernetes,” Elastic NV said in a statement announcing the deal. 

“By integrating the technology into Elastic Security, customers will be able to continuously monitor and ensure that their cloud environments are secure in keeping with the policies they have in place, as well as continuously validate their security posture against well established standards such as the Center for Internet Security (CIS) benchmarks.”

Founded by Amit Kanfer with backing from YL Ventures and several big-name security executives, sells an authorization policy management platform powered by the open source authorization engine Open Policy Agent (OPA).

The platform helps developers address the challenges associated with implementing role-based access controls (RBAC) and attribute-based access controls (ABAC) in enterprise applications.

The company’s tools help to create, distribute, manage and test access policies, including user-to-application, service-to-service, employee-to-internal access, and data access policies.

[ READ: Inside the Battle to Control Enterprise Security Data Lakes ]

Once the deal closes, Elastic and plan to offer the ability to manage OPA policies directly in Kibana, enforce OPA policies through the Elastic Agent, and store the results of OPA policy executions within Elasticsearch using the Elastic Common Schema (ECS). 

“The initial integration with will focus on Kubernetes admission controller, enabling security and compliance at deployment time, and will continue with build-time policies scanning cloud configuration files. With this, users will be able to shift-left and enforce security for their cloud-native applications earlier in the life cycle of their applications,” Elastic said.

Related: Emerges From Stealth With $6M Funding

Related: Elastic to Acquire Endpoint Security Firm Endgame for $243 Million

RelatedInside the Battle to Control Enterprise Security Data Lakes

view counter
Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. Ryan is a veteran cybersecurity strategist who has built security engagement programs at major global brands, including Intel Corp., Bishop Fox and Kaspersky GReAT. He is a co-founder of Threatpost and the global SAS conference series. Ryan's past career as a security journalist included bylines at major technology publications including Ziff Davis eWEEK, CBS Interactive's ZDNet, PCMag and PC World. Ryan is a director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world. Follow Ryan on Twitter @ryanaraine.