Endpoint Security , Governance & Risk Management , Healthcare
Cisco Buys Startup Lightspin to Address Cloud Security RisksLightspin Deal Will Help Prioritize and Remediate Issues for Cloud-Native Resources
Cisco plans to purchase its second cloud security startup in two months to deliver context, prioritization and remediation recommendations for cloud-native resources.
See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources
The San Jose, California-based networking giant said its proposed buy of Lightspin will allow clients to identify and address key cloud security risks without the hassle of extensive configuration requirements. Adding Tel Aviv, Israel-based Lightspin to Cisco's security stack will give clients a better understanding of evolving critical attack paths, attack surfaces and vulnerabilities that could affect their business (see: Jeetu Patel on Having a Consistent Design at Cisco Security).
"The Lightspin team has extensive technical expertise in cloud security, product development and SaaS security products," wrote Cisco Senior Vice President of Engineering Vijoy Pandey. "The team's experience supporting DevOps and DevSecOps with context and tooling will accelerate our ability to deliver the solutions and support needed to prioritize and remediate vulnerabilities across cloud applications and environments."
Establishing the Cloud Security Market Leader
Calcalist reported Wednesday that Cisco is set to pay between $200 million and $250 million to acquire Lightspin. Cisco said the deal is expected to close by late July and declined to comment on the Calcalist report. Cisco's stock is up $0.51 - or 1.02% - to $50.90 per share in trading early Wednesday afternoon. The deal comes a month after Cisco bought Valtix to enforce policies across public cloud environments (see: Cisco to Buy Startup Valtix to Guard Workloads Across Clouds).
Lightspin was founded in February 2020, employs 67 people and has raised $20 million in two rounds of outside funding. The firm in June 2021 closed a $16 million Series A funding round led by Dell's venture capital arm. Lightspin was co-founded by former GE Digital and EY security researcher Vladi Sandler and Or Azarzar, an ex-Israeli Navy submariner who spent seven years working in the prime minister's office.
"We kept crafting our vision of being the most widely adopted cloud security solution for engineers at any stage of their cloud security journey," Sandler, who has served as Lightspin's CEO since inception, wrote on LinkedIn. "Cisco acquired us to keep building this vision together and establish the cloud security market leader."
Once the acquisition closes, Lightspin will join Cisco's Emerging Technologies and Incubation business, which the company said focuses on cloud-native and cloud security technologies. In contrast, Valtix joined Cisco's security business unit. The combination of Cisco and Lightspin will help customers secure their critical data, applications and infrastructure across all environments, according to Pandey.
Getting the Attacker's Perspective
Lightspin said its agentless cloud security platform provides the tools and insights needed to secure any cloud environment. The company said its graph-based tool views cloud environments and Kubernetes infrastructure from an attacker's perspective to help organizations instantly identify, prioritize and remediate any open attack paths in code, build time or operations.
The company in April 2022 launched a free reconnaissance tool that scans AWS environments from an attacker's perspective and relays the information back to defenders. Lightspin said at the time that Recon.Cloud is specifically designed to focus on only the pertinent publicly exposed cloud assets in a domain.
"Cisco acquired us to keep building this vision together and establish the cloud security market leader."
– Vladi Sandler, co-founder and CEO, Lightspin
Cisco's cloud workload security market share tumbled from 4.4% - or seventh place - in 2020 to 3.9% - or ninth place - in 2021. CrowdStrike and Lacework leapfrogged Cisco, market intelligence firm IDC found. That put the company behind network security rivals Palo Alto Networks and Check Point - which notched 5.8% and 5.2% market share in 2021, respectively - but ahead of Fortinet, which didn't crack the top nine.
Valtix and Lightspin are the first significant acquisitions for Cisco's $3.7 billion security business since the company bought vulnerability management vendor Kenna Security in June 2021 to help customers more effectively prioritize vulnerabilities based on threat intelligence and business impact. Prior to that, Cisco purchased multifactor authentication vendor Duo Security for $2.35 billion in October 2018.