Orca Security adds API protection with 1st acquisition

Missed a session from the Future of Work Summit? Visit our Future of Work Summit on-demand library to stream.

Orca Security announced today that it has acquired RapidSec, a web security startup that will add new capabilities to its cloud security platform, including in securing APIs.

It is the first acquisition for the fast-growing company since its launch in 2019, and will help further increase the visibility of Orca’s agentless cloud security platform, CEO and co-founder Avi Shua told VentureBeat.

The terms of the acquisition have not been disclosed. Founded in 2020, RapidSec has eight employees and had raised approximately $500,000 in funding. Along with its technology, the Tel Aviv, Israel-based startup also brings 50 clients, including Konica Minolta and Dun & Bradstreet.

Cloud Security Platform

Orca’s “SideScanning” technology collects data from cloud environments without the need for an agent, simplifying and accelerating the deployment of the platform.

The platform also differentiates itself by providing full visibility of cloud environments and then connecting the dots in security alert data to prioritize the most critical risks, Shua said. The platform includes public cloud environments – Amazon Web Services, Microsoft Azure and Google Cloud – as well as Kubernetes container orchestration.

Orca’s platform brings together a number of cloud security tools, including solutions for managing cloud vulnerabilities, detecting misconfigurations in cloud accounts and workloads, and detecting malware and sideways movement in cloud environments.

Securing APIs

RapidSec’s technology offers capabilities to secure web applications against client-side attacks, and the startup’s API security capabilities will be a primary focus for integration into the Orca platform.

“A problem that we are not solving today, and that we are going to solve [with RapidSec], is understanding an organization’s exposed APIs and the level of exposure they create,” Shua said.

For example, the technology will detect when someone has created an insecure API that would access the organization’s most valuable data, forcing the organization to lock down the API, he said.

While Orca doesn’t aim to replace standalone API security providers anytime soon, “I’m sure there will be many customers where our API security capabilities will suffice,” said Shua.

In addition to protecting APIs, RapidSec’s technology can also help with other web security vulnerabilities, such as detecting when a web server is configured with a weak level of security, he said.

The technology will eventually allow customers to “tighten the configuration of their web services to reduce the attack surface,” Shua said.

RapidSec’s technology is expected to be integrated into the Orca cloud security platform in the second or third quarter of the year. The founders of the startup are CEO Shai Alon, formerly of Chat Leap; vice president of R&D Ori Koral, formerly of Yahoo; and chairman Ido Yablonka, formerly Yahoo’s general manager in Israel.

Integration is crucial

Founded by a team of former Check Point Software Technologies executives, Orca will continue to look for additional acquisition opportunities, but always with a focus on ensuring their technology integrates properly, he said.

In terms of security, a common mistake by other vendors has been to “buy technology that might be great at what it does, but can’t integrate into the platform,” Shua said. “Then you sell a series of products that may have one dashboard, but they don’t speak the same language and don’t share data with each other.”

Looking forward, along with integrating the RapidSec technology into its platform, Orca also continues to develop new capabilities for its cloud security platform.

An attack chain detection module, now in beta, will help reduce “alert fatigue” by providing a visual representation of important data for security professionals using the platform, Shua said. The attack chain detection module is expected to be generally available in Q2.

Orca Security, headquartered in Portland, Oregon and Tel Aviv, now has 270 employees, up from 60 by early 2021.

In addition to strong growth — sales grew “hundreds of percent” in 2021, Shua said — Orca’s hiring was fueled by two major funding rounds last year. The company raised $210 million in March 2021, followed by a round of $550 million in October 2021 at a post-money valuation of $1.8 billion.

According to Shua, Orca also wants to grow by expanding the number of channel partners. The company currently has “several dozen” partners helping to drive sales of the company’s platform, and “we’re trying to add more,” he said.


VentureBeat’s mission is to be a digital city square for tech decision makers to learn about transformative technology and transactions. Our site provides essential information on data technologies and strategies to guide you in leading your organizations. We invite you to join our community to access:

  • up-to-date information on the topics that interest you
  • our newsletters
  • gated thought-leader content and discounted entry to our valued events, such as: Transform 2021: Learn more
  • network features and more


Leave a Comment