Rapid7 bolsters open source security with Velociraptor acquisition

Cybersecurity company Rapid7 yesterday announced it has acquired Velociraptor, an open source platform focused on endpoint monitoring, digital forensics, and incident response. Terms of the deal were not disclosed.

Founded in 2000, Rapid7 provides a range of security-focused tools spanning applications and the cloud, including vulnerability management, orchestration and automation, and detection and response. With clients such as Autodesk, First Republic Bank, Kimberly-Clark, Hilton, and Univision and the pandemic driving digital transformation across industries, Rapid7 has been on a tear over the past 12 months. In fact, its share value has nearly doubled.

Australian company Velocidex developed Velociraptor as an open source endpoint visibility tool in 2018. It’s designed to help digital forensics and incident response (DFIR) security teams proactively search for malicious activities across all devices and entry points to a network.

With this deal, Velociraptor will be better positioned to receive direct and continued investment from a billion-dollar cybersecurity giant. Velocidex founder Mike Cohen added that Velociraptor will also receive greater exposure through conference and community events, which should increase participation in the project globally.

“Rapid7 will enable Velociraptor to graduate to the ‘next level’ in terms of scale, development velocity, stability, and capability by drawing on a wide range of capable and experienced people to support the project,” Cohen wrote in a blog post.

Open-sourced

Boston-based Rapid7 has something of a track record in the open source security sphere, having acquired Metasploit back in 2009. There are benefits to pursuing a community-driven ethos in cybersecurity — essentially, the more eyeballs tethered to a piece of software, the more chances flaws or vulnerabilities will be found promptly. And the threat is urgent. In the past few months alone, at least two prominent security software providers have fallen victim to exploits. Fireye was reportedly hacked in a state-sponsored attack, and just this week cybersecurity company Sonicwall confirmed that some of its customers were targeted using a previously undisclosed vulnerability in its email security product.

In truth, all software — open source or otherwise — can become vulnerable if it’s neglected. But open source holds greater potential for robust security, given that it draws on the collective wisdom of a community. This is why companies invest significant resources in supporting and maintaining mission-critical open source software. The Linux Foundation, for example, has set up the The Core Infrastructure Initiative (CII) with support from Amazon, Google, Microsoft, Intel, and others to ensure open source projects are sufficiently supported. And earlier this year, Google announced it would be funding the salaries for two developers to improve Linux’s security.

In cybersecurity, specifically, attackers only need to get lucky once when searching for a weakness to exploit, whereas defenders have to cover all entry points to a network at all times. The fact that new vulnerabilities come to light on a daily basis highlights why a community-led (i.e. open source) approach to cybersecurity makes sense.

With Velociraptor on board, Rapid7 said it will continue to build and work with the community around it, and — as you might expect — “leverage its technology and insights” to improve Rapid7’s own incident response abilities. According to Cohen, who now joins Rapid7 to continue leading the Velociraptor project, there are no immediate plans to commercialize Velociraptor directly.

Source Link