Rapid7 Buys Velociraptor To Attack Incident Response Market

Rapid7 says its acquisition of Velociraptor will give digital forensics and incident response professionals a powerful and efficient way to hunt for and monitor malicious activities across endpoints.

Rapid7 has purchased open-source technology Velociraptor to gain more expertise around endpoint monitoring, digital forensics, and incident response.

The Boston-based cybersecurity company said its acquisition of Velociraptor will give digital forensics and incident response professionals a powerful and efficient way to hunt for and monitor malicious activities across endpoints. The company’s community-driven approach will make it possible for collective wisdom to be gathered in one place and made accessible to others, according to Rapid7.

“We strongly believe that partnership with the open source community is one of the most important ways to move the security industry forward and make the digital world a safer place for everyone,” Richard Perkett, Rapid7’s senior vice president of detection and response, said in a statement.

[Related: Rapid7 Buys Kubernetes Security Startup Alcide For $50M]

Rapid7’s stock is up $0.58 (0.70 percent) to $83.32 per share in trading Wednesday morning. The Velociraptor deal isn’t expected to be material to Rapid7’s 2021 financial results, and Rapid7 didn’t immediately respond to a request for additional comment.

Velociraptor is unique in that it allows custom detections, collections, and analyses capabilities to be written in queries rather than code, according to Rapid7. Those queries can be easily shared, Rapid7 said, strengthening the knowledge of the community and allowing teams to hunt for new threats quicker. Velociraptor founder Mike Cohen will join Rapid7 as part of the acquisition.

“Velociraptor will greatly benefit from the investment, experience, and resources Rapid7 can bring to this community, and I look forward to leading Velociraptor through this next phase of its evolution,” Cohen said in a statement.

Velociraptor’s standalone offering allows incident response teams to collect and examine artifacts from across a network and deliver forensic detail after a security incident, Rapid7 VP of Engineering Sam Adams wrote in a blog. Should an incident occur, he said an investigator controls the Velociraptor agents to hunt for malicious activity, run targeted collections, perform file analysis, or pull large data samples.

“Our MDR analysts can actively search for suspicious activities using a library of Velociraptor VQL queries that can be customized to specific threat hunting needs,” Adams wrote in the blog. “If a serious event occurs on an endpoint, MDR analysts can trigger an automated response to collect evidence, silently block the malicious activity, or lock down endpoints completely,”

Cohen said in a blog post that he’s really excited about Rapid7’s commitment to open source and track record of responsible stewardship. Specifically, there’s great synergy between the Metasploit offensive security technology Rapid7 bought in 2009 and Velociraptor’s defensive technology, and being part of Rapid7 should help Velociraptor quickly respond to new vulnerabilities or exploits, according to Cohen.

The services team at Rapid7 will be able to feed a lot of practical, real-world experience around current and emerging technology to the Velociraptor community in the form of effective, well-tested queries, Cohen said. And integrating Velociraptor into a large-scale detection capability will provide impetus to develop a highly scalable Velociraptor server that’s able to serve many endpoints efficiently.

Although there are no plans to commercialize Velociraptor, Cohen said Rapid7’s managed detection and response teams will immediately leverage Velociraptor to enhance its incident response capabilities for customers. And integrating Velociraptor’s endpoint data collection capabilities with Rapid7’s Insight agent will greatly increase the company’s endpoint visibility and detection capabilities, Cohen said.

“Rapid7 will enable Velociraptor to graduate to the ‘next level’ in terms of scale, development velocity, stability and capability by drawing on a wide range of capable and experienced people to support the project,” Cohen wrote in a blog post. “I am very excited to see the Velociraptor vision coming true.”

This is Rapid7’s third acquisition in the past year, coming less than three months after the company bought early stage Kubernetes security vendor Alcide for $50 million to help facilitate the rapid deployment of applications. And in April 2020, Rapid7 bought DivvyCloud for $145 million to help customers protect cloud and container environments from misconfigurations and policy violations.