VMware Acquires Intrinsic For Application Security Expertise: Report
Intrinsic applies the principle of least-privilege to applications to help protect sensitive resources against worst-case scenarios like code injection attacks and malicious third-party modules.
VMware has purchased application security startup Intrinsic in what is the virtualization giant's seventh acquisition of the year, according to CNBC.
The deal is expected to fuel Palo Alto, Calif.-based VMware's evolution from helping companies deploy software in their own data center to supporting cloud technologies, CNBC said. San Francisco-based Intrinsic said it reduces the attack surface of an application to the bare minimum needed, protecting organizations from malicious code and zero-day attacks.
Terms of the transition weren't disclosed. VMware didn't immediately respond to a CRN request for comment, but confirmed the acquisition to CNBC.
[Related: Pat Gelsinger On VMware’s ‘Radical’ Security Plan And Andy Jassy ‘Bro Hugs’]
"This acquisition brings us unique expertise and technology as we look to expand our VMware AppDefense platform into the public cloud," a VMware spokesperson told CNBC.
Intrinsic was founded in 2015 and currently employs 10 people, according to LinkedIn. The company raised seed funding in August 2016 from Andreessen Horowitz, First Round Capital, NEA and the Stanford Start-X Fund.
The company's technology applies the principle of least-privilege to applications to help protect sensitive resources against worst-case scenarios like code injection attacks and malicious third-party modules. Intrinsic said it is fully compatible with legacy code, meaning that companies don't have to modify how they currently deploy and write their code.
The vast majority of an average modern Node.js application is made up of untrusted open-source code that unsafely interacts with a company's sensitive resources, Intrinsic said. Unlike other security tools that try to defend against application-level attacks by analyzing or monitoring behavior, Intrinsic protects against attacks by ensuring that Node.js code only executes as expected.
Intrinsic blocks all privileged operations that are not whitelisted by an organization’s security policies. It can protect against bugs, exploits and malicious code in the AWS Lambda serverless computing platform, the company said, enabling organizations to define fine-grained policies that their AWS Lambda function must abide by at runtime.
The company said it also supports other serverless platforms such as Microsoft Azure Functions and Google Cloud Functions.
VMware's acquisition of Intrinsic comes 17 months after it purchased E8 Security, a provider of cybersecurity intelligence and analytics. Just last week, the company bought Veriflow, which applies continuous verification to networks, preventing outages and vulnerabilities that could lead to severe losses.
All told, VMware has made six acquisitions in 2019 prior to the reported Intrinsic deal: AetherPal, Bitnami, Avi Networks, Bitfusion.io, Uhana and Veriflow.
Intrinsic is the second serverless security company to be snatched up this year, coming three months after Palo Alto Networks bought early stage Israeli serverless security startup PureSec for $47 million, according to a filing with the U.S. Securities and Exchange Commission.