Cisco is making another acquisition to expand its reach in security solutions, this time specifically targeting DevOps and the world of container management. It is acquiring PortShift, an Israeli startup that has built a Kubernetes-native security platform.
Terms of the deal were not disclosed but Israeli publication Globes reported later on the day of the deal that it was for $100 million (we're trying to confirm if this is accurate). PortShift had raised about $5.3 million from Team8, an incubator and backer of security startups in Israel founded by a group of cybersecurity vets. Cisco, along with Microsoft and Walmart, are among the large corporates that back Team8. (Indeed, their participation is in part a way of getting an early look and inside scoop on some of the more cutting-edge technologies being built, and in part a way to help founders understand what corporates' security needs are these days.)
The deal underscores not just how containerization, and specifically Kubernetes, has taken hold of the enterprise world, but also how those working in this area, and building businesses around containerization and Kubernetes, are paying increasing attention to security around them.
Others are also sharpening their focus on containers and how they are secured, and M&A deals like Cisco's decision to buy PortShift are examples of how larger enterprise tech companies are betting on this area, as well as the wider demands for the products from end users. Earlier this year, Venafi acquired Jetstack, which runs a certificate controller for Kubernetes; and last month StackRox raised funding from investors that included HPE for its own approach to Kubernetes security.
For Cisco, the deal fits strategically in a couple of ways. It has been a longtime partner of Google's around cloud services and related to that has been building services around containerization for years now. It has also made a number of acquisitions in the area of cybersecurity. They have included acquiring Duo for $2.35 billion, OpenDNS for $635 million and, most recently, Babble Labs (which helps reduce background noise in video calls, something that both improves quality but also helps users ensure unwanted or private chatter doesn't inadvertently get heard by unintended listeners).
But as Liz Centoni, the SVP of the Emerging Technologies and Incubation (ET&I) Group, notes in the blog post, with this latest purchase, Cisco is turning its attention also to how it can help customers better secure applications and workloads, alongside the investments that it has made to help secure people on networks (the primary thrust of deals like Duo's and Babble Labs').
In the area of containers, security issues can arise around container architecture in a number of areas: it can be due to misconfiguration; or because of how applications are monitored; or how developers use open-source libraries; and how companies implement regulatory compliance. Other security vulnerabilities include the use of insecure container images; problems with how containers interact with each other; the use of containers that have been infected with rogue processes; and having containers not isolated properly from their hosts.
Centoni notes that PortShift interested Cisco because it provides an all-in-one platform covering these many aspects of Kubernetes security:
"Today, the application security space is highly fragmented with many vendors addressing only part of the problem," she writes. "The Portshift team is building capabilities that span a large portion of the lifecycle of the cloud-native application."
PortShift provides tools for better container configuration visibility, vulnerability management, configuration management, segmentation, encryption, compliance and automation.
The acquisition is expected to close in the first half of Cisco's 2021 fiscal year, when the team will join Cisco's ET&I Group.
Updated with a reported price for the acquisition.