Rapid7 strategic move: Acquires Minerva Labs to extend ransomware detection and response services. Boston-based Rapid7 supplies cybersecurity tools that allow enterprises to identify malware and infrastructure weaknesses. It also offers a managed detection and response service that allows businesses to have the company’s cybersecurity experts monitor their networks for threats and take corrective action.
Minerva Labs, which is based in Petah Tikva, Israel, focuses on ransomware detection. Its technology enables customers to orchestrate advanced ransomware prevention.
Multi-Layer Prevention
Keeping a team of cybersecurity experts fully staffed is nearly impossible, and even large organizations can’t afford the millions of dollars in infrastructure and staff costs required to run a Security Operations Center (SOC). That’s why managed detection and response (MDR) services are on the rise. These services combine technology solutions and human expertise to perform threat monitoring, incident management, threat hunting and more for businesses of all sizes.
The MDR market is growing at a faster rate than traditional cybersecurity software. It’s estimated to reach $188 billion by 2022, according to Gartner. MDR is particularly popular among midmarket and large enterprises, which can’t justify the expense of a full in-house security team or can’t afford to maintain a full suite of tools needed to keep up with the latest threats.
Boston-based Rapid7 supplies security tools that allow enterprises to identify malware and infrastructure weaknesses. It also offers a managed detection and response service that lets companies pay to have the company’s cybersecurity experts monitor their networks for signs of attack. The company says its platform is used by more than 10,000 organizations, including Bloomberg LP, Qlik Technologies Inc. and others.
Its acquisition of Minerva Labs brings new capabilities around ransomware prevention to its MDR service. The Israeli cybersecurity company was founded in 2014 by former Israel Defense Forces captain Eddy Bobritsky and CyberArk software architect Erez Breiman, and it currently employs 30 people listed on LinkedIn. The company has raised a total of $7.5 million in funding to date.
Rapid7’s purchase of the ransomware detection vendor is its second acquisition in Israel in two years, following the purchase of IntSights for close to $400 million in mid-2021. The acquisition isn’t expected to have a material impact on the company’s annualized recurring revenue growth, revenue or non-GAAP operating income and net income per share for the year ending in February 2023.
The acquisition will allow Rapid7 to offer advanced ransomware prevention by integrating its MDR solution with Minerva’s technologies, which include multi-layer prevention that neutralizes malicious activity and enables more agility in integrating with third-party endpoint protection offerings. It’s also designed to eliminate false positives and speed up remediation by automatically preventing the deployment of malicious code.
Consolidation
Security threats are increasing in number and complexity at an unprecedented rate. It is becoming almost impossible for businesses to keep up with the pace of cyber attacks on their own. That is why managed detection and response (MDR) services are growing at such a fast rate.
An MDR service provides a team of expert cybersecurity professionals to monitor, detect and respond to endpoint and network threats. It combines technology and expertise to allow teams to work more efficiently, focus on the most critical security issues and improve their overall security posture.
MDR solutions use software agents or sensors to collect data from an organization’s endpoints and send it to a central repository for analysis. Often, the system also includes threat intelligence to help identify and stop new malware and other types of threats.
The acquisition of Israeli-based Minerva Labs will extend Rapid7’s MDR platform by enabling it to deliver advanced ransomware prevention capabilities. The company says it will help its customers prevent and contain ransomware, regardless of the size of their organizations or the level of professional skills in their information security departments.
Minerva Labs has 14 employees, all of whom will join Rapid7 as part of the deal. The transaction is expected to close in early 2024. It is the first acquisition by Rapid7 since acquiring IntSights in mid-2021.
MDR is a form of Managed Security Service (MSS), which offers monitoring and incident response for an organization’s computers and networks. It enables companies to take a proactive approach to security and stop attackers before they have a chance to do any damage.
The MDR market is expanding at a fast pace, according to Gartner research. The global market is set to grow by 39% from $1.8 billion in 2022 to $2.84 billion by 2023.
Seamless Access to Telemetry
The acquisition of Minerva Labs, founded by a former Israel Defense Forces captain and a former CyberArk software architect, helps the Boston-based cloud risk and threat detection vendor extend its managed detection and response (MDR) service with capabilities for orchestrating advanced ransomware prevention. It also lets customers consolidate their security infrastructure, Rapid7 said in a news release announcing the deal.
The companies expect the acquisition to have “no material impact on annualized recurring revenue growth, revenue, non-GAAP operating income and non-GAAP net income per share” for 2023. The company expects to close the acquisition in late March or early April.
A key component of any cybersecurity program is the ability to monitor network activity in real time, to detect a cyberattack, respond quickly and take action, Rapid7 said. That requires access to real-time telemetry data.
Telemetry data provides insight into network operations by streaming observables and performance metrics at a configurable cadence. It helps engineers identify patterns that indicate possible threats and anomalies, allowing them to take proactive steps to protect systems.
One example is using a telemetry pipeline to help networks improve traffic optimization by observing link utilization and packet drops more frequently. The pipeline lets engineers adjust traffic policies or re-route traffic to new paths faster than the SNMP poll interval mechanism, improving data throughput. It also enables preventive troubleshooting to avert potential problems that could lead to a failure situation.
A telemetry pipeline lets security teams collect, process and deliver data from any source and into downstream analytics and SIEM platforms. It can support a variety of data formats and protocols, including syslog, SNMP, JSON, CSV and XML. It also supports grok, regular expressions and JavaScript snippets to help users extract and transform data.
Managed XDR services like Rapid7’s are growing in popularity as organizations struggle to deploy and maintain an MDR solution on their own. IDC’s most recent MDR MarketScape report found that CrowdStrike Falcon Complete XDR was the top-ranked solution in that category, followed by Rapid7’s own eXtended detection and response offering. XDR providers offer follow-the-sun coverage, remote hands-on triage, investigations and end-to-end remediation actions.
Advanced Ransomware Prevention
As the ransomware threat continues to grow, organizations must implement preventative security measures and develop disaster recovery plans. This includes data governance and backups, cybersecurity awareness training programs and strict policies about opening links or downloading attachments. The goal is to keep threats from entering the organization, and then block them and stop attacks from achieving their end objectives.
Cyber attackers use many different methods to evade detection and avoid being caught by a security team. For example, advanced malware may hide itself in memory or deactivate upon antivirus software detection. Other times, malicious code may simply remain dormant until an opportunity to encrypt files appears.
Minerva Labs’ technology addresses these issues and others by hiding sensitive information from applications that are not authorized to access it. This makes it difficult for ransomware to find any files that can be encrypted and halts the attack before it can cause data loss.
The acquisition will boost Rapid7’s managed detection and response (MDR) platform with capabilities for thwarting attacker evasion tactics, preventing malware deployment and blocking ransomware. The company will pay around $38 million for the Petah Tikva, Israel-based startup in a cash and stock deal. The acquisition is expected to close in the second quarter of 2022.
A primary reason that companies fall victim to ransomware is that they fail to follow basic preventative security practices. These include requiring multifactor authentication; implementing VPNs or other perimeter security technologies for remote employees; disabling or limiting Remote Desktop Protocol (RDP) usage — a common entry point for ransomware attacks; and using antimalware and antivirus software.
Ransomware incidents can significantly impact business processes and leave organizations without the information they need to deliver services. Malicious actors have also changed their strategies over time to pressure victims into paying ransom by threatening to release stolen data or by publicly naming and shaming those who refuse.
In addition to boosting its MDR capabilities, the Rapid7 purchase will help it strengthen its offerings for thwarting ransomware attacks and enhancing its cloud risk management and threat detection solutions. It will also enable it to provide customers with an integrated set of detection and response tools that will work together across endpoints, networks and clouds.
