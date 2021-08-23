Elastic (NYSE: ESTC) (“Elastic”), the company behind Elasticsearch and the Elastic Stack, today announced that it has entered into a definitive agreement to acquire build.security, a policy definition and enforcement platform that leverages the open source standard Open Policy Agent (OPA), to enable organizations to enforce security actions for cloud native environments.

Elastic delivers the industry’s first and only free and open Limitless Extended Detection and Response (XDR), modernizing security operations by unifying the capabilities of security information and event management (SIEM) for detecting threats and endpoint security for protecting and remediating issues on all endpoints, including in the cloud, all in a single platform. Enriched by Elastic Agent, Limitless XDR extends visibility across any environment and enables security teams to eliminate blind spots. Millions of users already trust Elastic with their business infrastructure, having deployed Elastic Agent across hundreds of thousands of cloud-native workloads for logging, metrics, application performance monitoring, and visibility.

The addition of build.security extends Limitless XDR to enable the enforcement of security actions for cloud-native environments including hosts, virtual machines, and containers orchestrated by Kubernetes. By integrating the build.security technology into Elastic Security, customers will be able to continuously monitor and ensure that their cloud environments are secure in keeping with the policies they have in place, as well as continuously validate their security posture against well established standards such as the Center for Internet Security (CIS) benchmarks.

Shifting Left — From Runtime Security to Deployment-Time and Build-Time Security

Elastic defines cloud-native security as being inclusive of detection of cloud-native threats and enforcement of security actions on cloud-native infrastructure. Core to cloud-native security is ensuring all environments are built and maintained to the policies organizations have defined in their environments.

Configuration and change management is critical, since new environments are created constantly and by numerous teams within an organization. Whether it is a bespoke policy the organization has created, or a set of policies based on a defined standard such as the CIS benchmark, a capable cloud security offering needs to provide a simple way to enforce compliance to these policies.