Orca Security to add API protection with 1st acquisition

Orca Security announced today it has acquired RapidSec, a web security startup that will bring new capabilities to its cloud protection platform—including in the red-hot area of securing APIs.

It’s the first acquisition for the fast-growing company since its launch in 2019, and will help to widen the visibility provided by Orca’s agentless cloud security platform even further, CEO and cofounder Avi Shua told VentureBeat.

The terms of the acquisition weren’t disclosed. Founded in 2020, RapidSec employs eight and had raised about $500,000 in funding. Along with its technology, the Tel Aviv, Israel-based startup also brings 50 customers, including Konica Minolta and Dun & Bradstreet.

Cloud security platform

Orca’s “SideScanning” technology collects data from cloud environments without the need for an agent, simplifying and expediting the deployment of the platform.

The platform also stands out by providing full visibility of cloud environments, and then by connecting the dots in security alert data in order to prioritize the most critical risks, Shua said. The platform covers public cloud environments—Amazon Web Services, Microsoft Azure, and Google Cloud—as well as Kubernetes container orchestration.

Orca’s platform unites a number of cloud security tools including solutions for managing cloud vulnerabilities; spotting misconfigurations in cloud accounts and workloads; and detecting malware and lateral movement in cloud environments.

Securing APIs

RapidSec’s technology brings capabilities to secure web applications against client-side attacks, and the startup’s API security capabilities will be an initial focus for integration into the Orca platform.

“A problem that we don’t solve today, and that we are going to solve [with RapidSec], is understanding the exposed APIs of an organization and the level of exposure they create,” Shua said.

For instance, the technology will detect when someone has created an insecure API that would be able to access the organization’s most valuable data, thus directing the organization to lock down the API, he said.

While Orca isn’t aiming to displace standalone providers of API security any time soon, “I’m sure there’ll be many customers where our API security capabilities will suffice,” Shua said.

Beyond protecting APIs, RapidSec’s technology can also help with other web security issues, such as spotting when a web server has been configured with a weak level of security, he said.

The technology ultimately will enable customers to “tighten the configuration of their web services to reduce the attack surface,” Shua said.

RapidSec’s technology is expected to be integrated into the Orca cloud security platform by the second or third quarter of the year. The startup’s founders are CEO Shai Alon, formerly of Chat Leap; vice president of R&D Ori Koral, formerly of Yahoo; and chairman Ido Yablonka, formerly the general manager of Yahoo in Israel.

Integration is crucial

Orca, which was founded by a team of former Check Point Software Technologies executives, will continue to look for additional acquisition opportunities—but always with the focus on ensuring their technology can be integrated well, he said.

In the security space, a common mistake by other vendors has been to “buy technology that might be great at what it does, but cannot be integrated into the platform,” Shua said. “Then you end up selling a suite of products that might have one dashboard, but they don’t speak the same language and don’t share data together.”

Looking ahead, along with integrating the RapidSec technology into its platform, Orca is also continuing to develop new capabilities for its cloud security platform.

A module for attack chain detection, which is now in beta, will help to reduce “alert fatigue” by providing a visual representation of key data for security professionals using the platform, Shua said. The attack chain detection module is planned to be generally available in the second quarter.

Headquartered in Portland, Oregon, and Tel Aviv, Orca Security now employs 270—up from 60 at the start of 2021.

Along with its strong growth—revenue grew in the “hundreds of percent” in 2021, Shua said—Orca’s hiring has been fueled by two major funding rounds last year. The company raised $210 million in March 2021, followed by a $550 million round in October 2021 at a $1.8 billion post-money valuation.

Orca is also looking to grow its business by expanding its base of channel partners, according to Shua. The company currently has “a few dozen” partners that are helping to drive sales of the company’s platform, and “we’re trying to add more,” he said.