Elastic, the company behind Elasticsearch and the Elastic Stack, announced it has entered into a definitive agreement to acquire Cmd, a leader in infrastructure detection and response (IDR) to give customers deep visibility into cloud workloads and perform expert detection and prevention on cloud-native data. Together with Elastic’s recent announcement to acquire build.security, Cmd will add runtime security capabilities to Elastic Limitless XDR, unifying security information and event management (SIEM), endpoint, and cloud security – from build-time, to deployment-time, to runtime, all in a single search platform.
Elastic Security provides kernel-level visibility into Linux systems, as well as powerful Linux protection capabilities such as malware prevention and advanced MITRE ATT&CK-mapped Linux rules. With Cmd, Elastic will expand its security capabilities for cloud-native runtime application workloads using extended Berkeley Packet Filter (eBPF) technology. As a leader in eBPF, Cmd provides deep and performant visibility into cloud workloads, enabling developers to rapidly innovate and deliver entirely new observability and security outcomes for users. eBPF has revolutionised how organisations observe and protect cloud workloads and is a cornerstone of efficient, safe, and all-encompassing observability for Linux.
Elastic will integrate Cmd’s cloud-native data collection and protection using eBPF directly into the Elastic Agent, and integrate Cmd’s innovative and practitioner-oriented user experience and workflows directly into Kibana. Elastic customers will benefit from the cloud-native security capabilities of Cmd, while Cmd customers will be able to take advantage of Elastic Limitless XDR, including hundreds of stateful detections and machine learning models mapped to MITRE ATT&CK, built-in case workflows, client security on Windows and macOS, and anti-malware prevention on Linux. Financial terms of the transaction were not disclosed.
Elastic earlier announced that it has entered into a definitive agreement to acquire build.security, a policy definition and enforcement platform that leverages the open source standard Open Policy Agent (OPA), to enable organisations to enforce security actions for cloud native environments. Elastic delivers the industry’s first and only free and open Limitless Extended Detection and Response (XDR), modernising security operations by unifying the capabilities of security information and event management (SIEM) for detecting threats and endpoint security for protecting and remediating issues on all endpoints, including in the cloud, all in a single platform. Enriched by Elastic Agent, Limitless XDR extends visibility across any environment and enables security teams to eliminate blind spots. Millions of users already trust Elastic with their business infrastructure, having deployed Elastic Agent across hundreds of thousands of cloud-native workloads for logging, metrics, application performance monitoring, and visibility.
The addition of build.security extends Limitless XDR to enable the enforcement of security actions for cloud-native environments including hosts, virtual machines, and containers orchestrated by Kubernetes. By integrating the build.security technology into Elastic Security, customers will be able to continuously monitor and ensure that their cloud environments are secure in keeping with the policies they have in place, as well as continuously validate their security posture against well established standards such as the Center for Internet Security (CIS) benchmarks.
Elastic defines cloud-native security as being inclusive of detection of cloud-native threats and enforcement of security actions on cloud-native infrastructure. Core to cloud-native security is ensuring all environments are built and maintained to the policies organisations have defined in their environments.
Configuration and change management is critical, since new environments are created constantly and by numerous teams within an organisation. Whether it is a bespoke policy the organisation has created, or a set of policies based on a defined standard such as the CIS benchmark, a capable cloud security offering needs to provide a simple way to enforce compliance to these policies. Build.security’s innovative authorisation policy management platform is designed to resolve the complexity associated with building authorisation into applications at deployment time.
Leveraging Open Policy Agent (OPA), an open source, general-purpose policy engine that enables unified, context-aware policy enforcement, build.security technology provides developers with the building blocks they need to quickly generate and manage best-practice authorisation controls across enterprise applications at scale while reducing security vulnerabilities. As a graduated project of the Cloud Native Computing Foundation (CNCF), OPA has shown rapid growth and adoption by the open source community.
By joining forces, Elastic and build.security intend to build the ability to manage OPA policies directly in Kibana, enforce OPA policies through the Elastic Agent, and store the results of OPA policy executions within Elasticsearch using the Elastic Common Schema (ECS). The initial integration with build.security will focus on Kubernetes admission controller, enabling security and compliance at deployment time, and will continue with build-time policies scanning cloud configuration files. With this, users will be able to shift-left and enforce security for their cloud-native applications earlier in the life cycle of their applications. Build.security is headquartered in Tel Aviv, Israel, an important location for engineering and security talent. The build.security team will be the foundation of the growing Elastic presence in Israel and Amit Kanfer, co-founder and CEO of build.security, will serve as site lead for the region. Financial terms of the transaction were not disclosed.