DevOps platform JFrog bolsters security with $300M Vdoo acquisition

Developer operations (DevOps) company JFrog today announced plans to acquire Israeli product security company Vdoo in a deal worth $300 million.

Founded in 2008, JFrog serves companies such as Facebook, Google, Amazon, and Netflix with automated tools for developers to build, manage, and distribute all their software releases. Vdoo is a four-year-old startup with customers such as Verizon, Samsung, and Bosch.

Founded in 2017, Tel Aviv-based Vdoo was initially focused on software and applications designed for securing IoT and embedded systems, but it has since extended its security reach to cover “almost any software artifact, including containers, server applications, mobile applications, and more,” Ori Blitental, VP of marketing at Vdoo, told VentureBeat. “Vdoo’s focus is product security, which means we analyze and secure applications in their production context.”

JFrog hit the public market last September, though it has had a lukewarm reception in the intervening months, with its market cap currently sitting at around 30% below its opening day valuation. Security continues as a major area of concern for enterprises, however, with recent reports suggesting that despite a 10% spike in cybersecurity spending last year, data breaches were at an all-time high. And so bringing Vdoo under its wing makes JFrog a stickier proposition for companies looking to protect their production processes across multiple attack vectors, with security fully-integrated into the software lifecycle.

It’s also worth noting that this acquisition will bolster JFrog’s in-house “security experts” personnel, with its team tripling across engineering, marketing, and sales.

What’s next

Vdoo’s existing SaaS product will remain as a standalone product in the near term, but JFrog said that it expects to integrate Vdoo’s technology into its platform to “provide a continuous, holistic security analysis platform” sometime next year. “Following the completion of the acquisition, JFrog and Vdoo will work with joint customers to ensure business continuity and streamlined migration to the joint offering,” JFrog chief product officer Dror Bereznitsky said.

More specifically, Bereznitsky said that Vdoo will add to JFrog’s existing security credentials, including run-time protection, the ability to find new zero-day threats, and detection of configuration risks that aren’t typically tested such as open source components.

“The joint solution will provide deeper coverage of different security risks — CVEs, SBOMs, configuration risks, and so on — and improved prioritization and mitigation capabilities,” Bereznitsky said.