Elastic acquires build.security for security policy definition and enforcement

Less than a year after raising its $6 million seed funding round, Tel Aviv and Sunnyvale-based startup Build.security is being acquired by Elastic. Financial terms of the deal are not being publicly disclosed at this time. The deal is expected to close in Elastic’s Q2 FY22, ending Oct. 31, 2021.

In an email to TechCrunch, Ash Kulkarni, chief product officer at Elastic, said that once the acquisition closes, the build.security technical team will continue as a unit in the Elastic Security organization. Kulkarni added that the acquisition will also become the foundation for a growing Elastic presence in Israel, with Amit Kanfer, co-founder and CEO of build.security set to become the site lead for the region.

Build.security is focused on security policy management for applications. A core element of the company’s technology approach is the Open Policy Agent (OPA) open source project, which is part of the Cloud Native Computing Foundation (CNCF), which is also home to Kubernetes. OPA was originally started by startup Styra, which itself has raised $40 million in funding to help build out policy management and authorization technology. Part of OPA is the Rego query language which is used to structure security and authorization configuration policies.

“We see policy as a fundamental cornerstone of security,” Kulkarni said. “OPA and Rego provide an open, standards-based way to define, manage, and enforce policies everywhere.”

Kulkarni noted that security policy technology is complementary to Elastic’s efforts in security and observability. He added that Elastic sees potential for using OPA and the technology that build.security has built on top of OPA to power deployment time, and in the future, build-time security for cloud-native environments. 

YL Venture partner John Brennan who helped to lead the seed round of build.security sees the acquisition as being a good fit for both companies, as they are both creating solutions for developers that are based on open source technologies.

“This move by a market leader like Elastic validates the need for transformation in the authorization space,” Brennan said. “This partnership will accelerate build.security’s shift left vision of efficiently embedding access protection from the start, rather than trying to bolt it on after the fact or, worse, ignoring it completely.”

Elastic is known for its Elastic Stack, which provides Elasticsearch search capability, Logstash log monitoring and Kibana data visualization. In recent years the company has expanded into the security space, acquiring Endgame Security in 2019 for $234 million. On Aug. 3, Elastic announced its Limitless XDR capabilities which brings together endpoint security with security information and event management (SIEM).

With its new acquisition, Kulkarni said the goal is to go even deeper into security moving toward cloud security enforcement. He explained that after the acquisition closes and as the technology is integrated, users will be able to leverage the Elastic Stack to visualize and manage compliance policies and policy decisions at scale. An initial use-case for the build.security technology will be developing a Kubernetes security and compliance product based on OPA.