Rapid7 is the latest vendor to jump on the orchestration and automation bandwagon, announcing it's buying upstart outfit Komand to plump out its range.
Privately-held Komand came to life in was founded in 2015, pitching what it describes as “an orchestration layer for security tools and processes”. It received a round of funding worth US$1.25 million in January this year.
Its offering include plugins (it claims more than 150 so far) to security tools and standard enterprise tools like IMAP and ticketing systems, and an SDK that let customers write their own plugins. Sysadmins got an automation layer that let them create triggers and define actions without having to write code; and analytics to help with incident response.
Announcing the deal, Rapid7 explained the acquisition should help its customers simplify their environments and cut time-to-resolution of security incidents.
The Komand technology will be integrated with Rapid7's Insight security analytics platform, which includes vulnerability management (InsightVM), incident detection and response (InsightIDR), application security (InsightAppSec), and devops optimisation (InsightOps).
Rapid7's announcement says use cases for Komand will include automatic risk remediation and patching; malware containment and investigation; and chat operations to help respond to routine inquiries.
The price of the acquisition wasn't announced, but Rapid7 has set aside 270,000 shares (worth roughly US$4,590,000 at the time of writing) to golden-handcuff a dozen key Komand staff, presumably including founder Jen Andre, who previously was co-founder and chief scientist of Threat Stack.
M&A activity around security orchestration is warming up a little. Last year, FireEye bought Invotas, and last week, Cisco ingested Observable Networks into its security biz. ®