Elastic to Join Forces with Build.Security to Enhance Support for Cloud Native Security
23 August 2021 - 1:12PM
Business Wire
Extending Limitless XDR Capabilities to
Shift-Left and Enhance Cloud Security
Elastic (NYSE: ESTC) (“Elastic”), the company behind
Elasticsearch and the Elastic Stack, today announced that it has
entered into a definitive agreement to acquire build.security, a
policy definition and enforcement platform that leverages the open
source standard Open Policy Agent (OPA), to enable organizations to
enforce security actions for cloud native environments.
Elastic delivers the industry’s first and only free and open
Limitless Extended Detection and Response (XDR), modernizing
security operations by unifying the capabilities of security
information and event management (SIEM) for detecting threats and
endpoint security for protecting and remediating issues on all
endpoints, including in the cloud, all in a single platform.
Enriched by Elastic Agent, Limitless XDR extends visibility across
any environment and enables security teams to eliminate blind
spots. Millions of users already trust Elastic with their business
infrastructure, having deployed Elastic Agent across hundreds of
thousands of cloud-native workloads for logging, metrics,
application performance monitoring, and visibility.
The addition of build.security extends Limitless XDR to enable
the enforcement of security actions for cloud-native environments
including hosts, virtual machines, and containers orchestrated by
Kubernetes. By integrating the build.security technology into
Elastic Security, customers will be able to continuously monitor
and ensure that their cloud environments are secure in keeping with
the policies they have in place, as well as continuously validate
their security posture against well established standards such as
the Center for Internet Security (CIS) benchmarks.
Shifting Left — From Runtime Security to Deployment-Time and
Build-Time Security
Elastic defines cloud-native security as being inclusive of
detection of cloud-native threats and enforcement of security
actions on cloud-native infrastructure. Core to cloud-native
security is ensuring all environments are built and maintained to
the policies organizations have defined in their environments.
Configuration and change management is critical, since new
environments are created constantly and by numerous teams within an
organization. Whether it is a bespoke policy the organization has
created, or a set of policies based on a defined standard such as
the CIS benchmark, a capable cloud security offering needs to
provide a simple way to enforce compliance to these policies.
Build.security’s innovative authorization policy management
platform is designed to resolve the complexity associated with
building authorization into applications at deployment time.
Leveraging Open Policy Agent (OPA), an open source,
general-purpose policy engine that enables unified, context-aware
policy enforcement, build.security technology provides developers
with the building blocks they need to quickly generate and manage
best-practice authorization controls across enterprise applications
at scale while reducing security vulnerabilities. As a graduated
project of the Cloud Native Computing Foundation (CNCF), OPA has
shown rapid growth and adoption by the open source community.
By joining forces, Elastic and build.security intend to build
the ability to manage OPA policies directly in Kibana, enforce OPA
policies through the Elastic Agent, and store the results of OPA
policy executions within Elasticsearch using the Elastic Common
Schema (ECS). The initial integration with build.security will
focus on Kubernetes admission controller, enabling security and
compliance at deployment time, and will continue with build-time
policies scanning cloud configuration files. With this, users will
be able to shift-left and enforce security for their cloud-native
applications earlier in the life cycle of their applications.
Build.security is headquartered in Tel Aviv, Israel, an
important location for engineering and security talent. The
build.security team will be the foundation of the growing Elastic
presence in Israel and Amit Kanfer, co-founder and CEO of
build.security, will serve as site lead for the region.
Financial terms of the transaction were not disclosed. For more
information, read the blog.
Supporting Quotes:
- “For years Elastic has provided millions of developers with
powerful, free and open technology,” said Amit Kanfer,
co-founder and CEO, build.security. “We are excited to join
forces with Elastic to deliver on the promise of a free and open
policy management platform for cloud native environments, from code
to cloud to runtime.”
- “Since the inception of Elastic Security we have pioneered a
vision for what Limitless XDR should be - the ability for customers
to prevent, detect and respond to threats in real time, all in a
single platform. We have done this by bringing together SIEM for
detecting threats, and endpoint security for protecting and
remediating issues on all endpoints, including in the cloud,” said
Shay Banon, founder and CEO, Elastic. “We are excited to
join forces with build.security to bring open policy management to
Elastic Security, and invest in Open Policy Agent and its broad and
emerging community.”
Timing and Approvals:
The acquisition is expected to close during Elastic’s fiscal
second quarter, subject to customary closing conditions.
About build.security
Build.security takes the time and complexity out of
authorization. The platform, built by developers for developers,
enables lightning-speed application RBAC and ABAC with fine-grained
access controls and decoupled logic. Leveraging the Open Policy
Agent project and the power of open-sourcing, build.security uses
API-based data sources to inform enterprise-grade access controls
across application portfolios. With build.security, development
teams can ensure that their applications meet critical standards
and compliance requirements in just a matter of minutes. Build
Security was seeded by YL Ventures, a leading cybersecurity-focused
venture capital firm headquartered in Silicon Valley. For more
information, visit build.security.
About Elastic:
Elastic is a search company built on a free and open heritage.
Anyone can use Elastic products and solutions to get started
quickly and frictionlessly. Elastic offers three solutions for
enterprise search, observability, and security, built on one
technology stack that can be deployed anywhere. From finding
documents to monitoring infrastructure to hunting for threats,
Elastic makes data usable in real time and at scale. Thousands of
organizations worldwide, including Cisco, eBay, Goldman Sachs,
Microsoft, The Mayo Clinic, NASA, The New York Times, Wikipedia,
and Verizon, use Elastic to power mission-critical systems. Founded
in 2012, Elastic is a distributed company with Elasticians around
the globe and is publicly traded on the NYSE under the symbol ESTC.
Learn more at elastic.co.
Forward-Looking Statements
This press release contains forward-looking statements which
include but are not limited to statements about future features and
functionality. The release and timing of any features or
functionality described in this document remain at Elastic’s sole
discretion. Any features or functionality not currently available
may not be delivered on time or at all.
Elastic and associated marks are trademarks or registered
trademarks of Elastic N.V. and its subsidiaries. All other company
and product names may be trademarks of their respective owners.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20210823005316/en/
Elastic Public Relations Jennifer Malleo PR-Team@elastic.co
Elastic NV (NYSE:ESTC)
Historical Stock Chart
Von Mär 2024 bis Apr 2024
Elastic NV (NYSE:ESTC)
Historical Stock Chart
Von Apr 2023 bis Apr 2024