Cisco Systems Inc. is acquiring Lightspin Technologies Ltd., a startup that helps enterprises find and understand vulnerabilities in their cloud infrastructure.

Cisco announced the deal today without disclosing financial terms. Previously, Lightspin received $20 million from investors.

“The Lightspin team has extensive technical expertise in cloud security, product development, and SaaS security products,” Vijoy Pandey, senior vice president of product incubations at Cisco, wrote in a blog post. “The team’s experience supporting DevOps and DevSecOps with context and tooling will accelerate our ability to deliver the solutions and support needed to prioritize and remediate vulnerabilities.”

Tel Aviv-based Lightspin sells a cloud security platform of the same name. The platform can automatically scan cloud environments for insecure configuration settings, vulnerable code and other risks. The platform lists the issues it finds in a centralized dashboard and prioritizes them based on severity. 

Many cybersecurity tools require companies to install a piece of software called on an agent in their cloud environments. For administrators, deploying new software is often a complicated and time-consuming process. Lightspin doesn’t require downloading an agent, which makes it simpler to deploy.

The startup’s platform not only detects vulnerabilities but also explains them. Next to each security issue it finds, the platform displays the associated attack path. An attack path is a graph that explains what breach tactics hackers might use, as well as in what order, to compromise a given system.

Alongside its vulnerability detection features, Lightspin provides tools for detecting malware. It spots malicious programs using Amazon Web Services Inc.’s Amazon GuardDuty threat detection service and Falco, an open-source tool for spotting breach indicators.

Cisco plans to integrate Lightspin into its ET&I, or emerging technologies and incubation, business unit. The group is responsible for exploring new product ideas in segments such as the cybersecurity market.

The technology could potentially complement Panoptica, one of the software tools Cisco’s ET&I unit has developed as part of its work. The latter tool can detect vulnerabilities in companies’ cloud environments and prioritize them by severity. It’s also capable of spotting potentially malicious activity.

Lightspin is the second cybersecurity startup Cisco has bought since February. It earlier acquired Valtix Inc., a venture-backed firewall developer. The startup’s firewall can detect and block malicious network traffic in cloud environments, as well as automatically adjust its settings when necessary. 

Cybersecurity is an important component of Cisco’s growth strategy. The company’s end-to-end security business reported revenue of $943 million last quarter after growing 7% year-over-year. Cisco’s overall sales also increased 7% during the quarter, to $13.59 billion, surpassing the $13.43 billion that analysts had projected. 

Photo: Cisco