Elastic Security has its eye on cloud-native security enforcement, with the acquisition of Isreali startup build.security. Once integrated, the offering will all the ability to enforce security actions on hosts, virtual machines, and containers orchestrated by Kubernetes.
Elastic Security is taking steps to improve cloud-native security by acquiring build.security, a policy definition and enforcement platform.
Technologically, adding build.security extends Elastic’s Limitless XDR (Extended Detection and Response) to enforce security actions for cloud-native environments. These include hosts, virtual machines, and containers orchestrated by Kubernetes.
“We are excited to join forces with build.security to bring open policy management to Elastic Security and invest in Open Policy Agent and its broad and emerging community,” said Elastic CEO and founder Shay Banon.
Elastic also released a statement about the acquisition in the company blog, which said in part: “We are excited to join forces with build.security, based out of Tel Aviv, Israel, to move toward cloud security enforcement — the ability to enforce security actions for cloud native environments — on hosts, virtual machines, and containers orchestrated by Kubernetes,”
Integrating build.security technologies with Elastic Security will enable customers to continuously monitor and ensure their cloud environments are secure in keeping with the policies they have in place, Banon said. He added that admins can also continuously validate their security posture against established standards, including Center for Internet Security (CIS) benchmarks.
For his part, build.security co-founder and CEO said Amit Kanfer added, “For years Elastic has provided millions of developers with powerful, free and open technology. We are excited to join forces with Elastic to deliver on the promise of a free and open policy management platform for cloud native environments, from code to cloud to runtime.”
Initially, Elastic’s integration with build.security will focus on the Kubernetes admission controller, enabling security and compliance at deployment time, according to company execs. This will be followed by build-time policies scanning cloud configuration files. As a result, users “will be able to shift-left and enforce security for cloud-native applications earlier” in their app life cycle.
“Since the inception of Elastic Security, we have pioneered a vision for what Limitless XDR should be – the ability for customers to prevent, detect and respond to threats in real time, all in a single platform,” Banon said. “We have done this by bringing together SIEM for detecting threats and endpoint security for protecting and remediating issues on all endpoints, including in the cloud.”
Elastic’s ‘Limitless XDR’ defines a methodology and set of technologies to modernize security operations with analytics and automation.
Elastic XDR is comprised of three synchronized components.
X is for eXtended – These ‘extended’ capabilities come from Elastic’s steps to map the data of hundreds of prebuilt integrations to the Elastic Common Schema (ECS) [These are enhanced with user-delivered submissions as well.]
D is for Detection – Because threats constantly evolve, detecting and stopping them require defense in depth. Elastic brings together numerous detection layers, with capabilities to correlate, add intelligence and machine learning, analysis, elastic search and more.
R is for Response – Response requires not only identifying threats – but resolving or remediating them. Modern remediation can require myriad responses, including killing a process, disabling a user, removing an email, diffusing ransomware, automating quarantines, blocking a bad domain and more. To coordinate these features, Elastic provides open case management, multi-user collaboration and seamless integration with key remediation vendors, including ServiceNow IBM JIRA, Swimlane and others,
The addition of build.security extends Limitless XDR to enable the enforcement of security actions for cloud-native environments, including hosts, virtual machines, and containers orchestrated by Kubernetes.
Further, build. security’s authorization policy management platform can resolve the complexity of building authorization into applications at deployment time.
Technology from build.security also leverages Open Policy Agent (OPA), an open source, general-purpose policy engine that enables unified, context-aware policy enforcement. With OPA, build.security can provide developers with the building blocks they need to quickly generate and manage best-practice authorization controls across enterprise applications at scale while reducing security vulnerabilities, according to build. security’s Kanfer.
[As a graduated project of the Cloud Native Computing Foundation (CNCF), OPA has shown rapid growth and adoption by the open source community, both companies noted.]
In a blog post, Elastic’s chief product officer Ashutosh Kulkarni explained how OPA delivers security advantages to the Elastic platform.
The small but mighty team at build.security has created a policy definition and enforcement platform leveraging the open source standard Open Policy Agent (OPA) to allow organizations to hook into cloud-native infrastructure components like Kubernetes and enforce policies in real time.
Leveraging simple user experience on top of OPA, build.security delivers policy management and enforcement across cloud-native environments and platforms like Kubernetes and Istio.
By integrating build.security’s technology into Elastic Security over the coming months, our customers will be able to continuously monitor and ensure that their cloud environment is secure to the policies they have put in place, as well as validate their security posture against established standards like CIS benchmarks. They will be able to ensure that their Kubernetes configurations are secure, that they are using approved container images, and much more.
Elastic and build.security intend to enhance these OPA advantages by:
- building the ability to manage OPA policies directly in Kibana,
- enabling users to enforce OPA policies through the Elastic Agent, and
- letting users store the results of OPA policy executions within Elasticsearch
Parent company Elastic is also the company behind ElasticSearch and Elastic Stack.