Rapid7 bolsters open source security with Velociraptor acquisition

Cybersecurity company Rapid7 announced yesterday that it acquired Velociraptor, an open source platform focused on endpoint monitoring, digital forensics, and incident response. Terms of the deal were not disclosed.

Founded in 2000, Rapid7 provides a range of security-focused tools spanning applications and the cloud, including vulnerability management; orchestration and automation; and detection and response. With clients such as Autodesk, First Republic Bank, Kimberly-Clark, Hilton, and Univision, and global pandemic driving digital transformation across industries, Rapid7 has been on a tear over the past 12 months with its share value nearly doubling.

Velociraptor, for the uninitiated, is an open source endpoint visibility tool developed by Australian company Velocidex in 2018. It’s designed to help digital forensics and incident response (DFIR) security teams proactively search for malicious activities across all devices and entry points to a network.

Under Rapid7’s auspices, Velociraptor will be better positioned to receive direct and continued investment from a billion-dollar cybersecurity giant. Velocidex founder Mike Cohen added that Velociraptor will also receive greater exposure through conference and community events, which should increase participation in the project globally.

“Rapid7 will enable Velociraptor to graduate to the ‘next level’ in terms of scale, development velocity, stability and capability by drawing on a wide-range of capable and experienced people to support the project,” Cohen wrote in a blog post.

Open sourced

Boston-based Rapid7 has something of a track-record in the open source security sphere, having acquired Metasploit back in 2009. There are inherent benefits to pursuing a community-driven ethos in cybersecurity — essentially, the more eyeballs that are tethered to a piece of software, the more chances that flaws or vulnerabilities can be promptly found. In the past few months alone, at least two prominent security software providers have fallen victim to exploits, with Fireye reportedly hacked in a state-sponsored attack, while just this week cybersecurity company Sonicwall confirmed that some if its customers were targeted using a previously undisclosed vulnerability in its email security product.

In truth, all software — open source or otherwise — can become vulnerable if it’s neglected. Open source by its nature, though, holds greater potential in terms of robust security, given that it draws on the collective wisdom of a community. And this is why companies invest significant resources in supporting and maintaining mission-critical open source software. The Linux Foundation, for example, has set up the The Core Infrastructure Initiative (CII) with support from Amazon, Google, Microsoft, Intel, and others to ensure that open source projects are sufficiently supported. And earlier this year, Google announced that it would be funding the salaries for two developers to improve Linux’s security.

In cybersecurity specifically, attackers only need to get lucky once when searching for a weakness to exploit, whereas the defenders have to cover all entry points to a network at all times. And given that new vulnerabilities come to light on a daily basis, this highlights why a community-led (i.e. open source) approach to cybersecurity makes sense.

With Velociraptor on board, Rapid7 said that it will continue to build and work with the community around it, and — as you might expect — “leverage its technology and insights” to improve Rapid7’s own incident response abilities. According to Cohen, who now joins Rapid7 to continue leading the Velociraptor project, there are no immediate plans to commercialize Velociraptor directly.

Source