Jamaica’s JamCOVID pulled offline after third security lapse exposed travelers’ data

Jamaica’s JamCOVID app and website were taken offline late on Thursday following a third security lapse, which exposed quarantine orders on more than half a million travelers to the island.

JamCOVID was set up last year to help the government process travelers arriving on the island. Quarantine orders are issued by the Jamaican Ministry of Health and instruct travelers to stay in their accommodation for two weeks to prevent the spread of COVID-19.

These orders contain the traveler’s name and the address of where they are ordered to stay.

But a security researcher told TechCrunch that the quarantine orders were publicly accessible from the JamCOVID website but were not protected with a password. Although the files were accessible from anyone’s web browser, the researcher asked not to be named for fear of legal repercussions from the Jamaican government.

More than 500,000 quarantine orders were exposed, some dating back to March 2020.

TechCrunch shared these details with the Jamaica Gleaner, which was first to report on the security lapse after the news outlet verified the data spillage with local cybersecurity experts.

Amber Group, which was contracted to build and maintain the JamCOVID coronavirus dashboard and immigration service, pulled the service offline a short time after TechCrunch and the Jamaica Gleaner contacted the company on Thursday evening. JamCOVID’s website was replaced with a holding page that said the site was “under maintenance.” At the time of publication, the site had returned.

Amber Group’s chief executive Dushyant Savadia did not return a request for comment.

Matthew Samuda, a minister in Jamaica’s Ministry of National Security, also did not respond to a request for comment or our questions — including if the Jamaican government plans to continue its contract or relationship with Amber Group.

This is the third security lapse involving JamCOVID in the past two weeks.

Last week, Amber Group secured an exposed cloud storage server hosted on Amazon Web Services that was left open and public, despite containing more than 70,000 negative COVID-19 lab results and over 425,000 immigration documents authorizing travel to the island. Savadia said in response that there were “no further vulnerabilities” with the app. Days later, the company fixed a second security lapse after leaving a file containing private keys and passwords for the service on the JamCOVID server.

The Jamaican government has repeatedly defended Amber Group, which says it provided the JamCOVID technology to the government “for free.” Amber Group’s Savadia has previously been quoted as saying that the company built the service in “three days.”

In a statement on Thursday, Jamaica’s prime minister Andrew Holness said JamCOVID “continues to be a critical element” of the country’s immigration process and that the government was “accelerating” to migrate the JamCOVID database — though specifics were not given.

An earlier version of this report misspelled the name of the Jamaican Gleaner newspaper. We regret the error.

SolarWinds hackers targeted NASA, Federal Aviation Administration networks

Hackers are said to have broken into the networks of U.S. space agency NASA and the Federal Aviation Administration as part of a wider espionage campaign targeting U.S. government agencies and private companies.

The two agencies were named by the Washington Post on Tuesday, hours ahead of a Senate Intelligence Committee hearing tasked with investigating the widespread cyberattack, which the previous Trump administration said was “likely Russian in origin.”

Spokespeople for the agencies did not immediately respond to a request for comment, but did not deny the breach in remarks to the Post.

It’s believed NASA and the FAA are the two remaining unnamed agencies of the nine government agencies confirmed to have been breached by the attack. The other seven include the Departments of Commerce, Energy, Homeland Security, Justice, and State, the Treasury, and the National Institutes of Health, though it’s not believed the attackers breached their classified networks.

FireEye, Microsoft, and Malwarebytes were among a number of cybersecurity companies also breached as part of the attacks.

The Biden administration is reportedly preparing sanctions against Russia, in large part because of the hacking campaign, the Post also reported.

The attacks were discovered last year after FireEye raised the alarm about the hacking campaign after its own network was breached. Each victim was a customer of the U.S. software firm SolarWinds, whose network management tools are used across the federal government and Fortune 500 companies. The hackers broke into SolarWinds’ network, planted a backdoor in its software, and pushed the backdoor to customer networks with a tainted software update.

It wasn’t the only way in. The hackers are also said to have targeted other companies by breaking into other devices and appliances on their victims’ networks, as well as targeting Microsoft vendors to breach other customers’ networks.

Last week, Anne Neuberger, the former NSA cybersecurity director who last month was elevated to the White House’s National Security Council to serve as the deputy national security adviser for cyber and emerging technology, said that the attack took “months to plan and execute,” and will “take us some time to uncover this layer by layer.”

Jamaica’s Amber Group fixes second JamCOVID security lapse

Amber Group has fixed a second security lapse that exposed private keys and passwords for the government’s JamCOVID app and website.

A security researcher told TechCrunch on Sunday that the Amber Group left a file on the JamCOVID website by mistake, which contained passwords that would have granted access to the backend systems, storage, and databases running the JamCOVID site and app. The researcher asked not to be named for fears of legal repercussions from the Jamaican government.

This file, known as an environment variables (.env) file, is often used to store private keys and passwords for third-party services that are necessary for cloud applications to run. But these files are sometimes inadvertently exposed or uploaded by mistake, but can be abused to gain access to data or services that the cloud application relies on if found by a malicious actor.

The exposed environmental variables file was found in an open directory on the JamCOVID website. Although the JamCOVID domain appears to be on the Ministry of Health’s website, Amber Group controls and maintains the JamCOVID dashboard, app, and website.

The exposed file contained secret credentials for the Amazon Web Services databases and storage servers for JamCOVID. The file also contained a username and password to the SMS gateway used by JamCOVID to send text messages, and credentials for its email-sending server. (TechCrunch did not test or use any of the passwords or keys as doing so would be unlawful.)

A portion of the exposed credentials found on the JamCOVID website, controlled and maintained by Amber Group. (Image: TechCrunch)

TechCrunch contacted Amber Group’s chief executive Dushyant Savadia to alert the company to the security lapse, who pulled the exposed file offline a short time later. We also asked Savadia, who did not comment, to revoke and replace the keys.

Matthew Samuda, a minister in Jamaica’s Ministry of National Security, did not respond to a request for comment or our questions — including if the Jamaican government plans to continue its contract or relationship with Amber Group, and what — if any — security requirements were agreed upon by both the Amber Group and the Jamaican government for the JamCOVID app and website?

Details of the exposure comes just days after Escala 24×7, a cybersecurity firm based in the Caribbean, claimed that it had found no vulnerabilities in the JamCOVID service following the initial security lapse.

Escala’s chief executive Alejandro Planas declined to say if his company was aware of the second security lapse prior to its comments last week, saying only that his company was under a non-disclosure agreement and “is not able to provide any additional information.”

This latest security incident comes less than a week after Amber Group secured a passwordless cloud server hosting immigration records and negative COVID-19 test results for hundreds of thousands of travelers who visited the island over the past year. Travelers visiting the island are required to upload their COVID-19 test results in order to obtain a travel authorization before their flights. Many of the victims whose information was exposed on the server are Americans.

One news report recently quoted Amber’s Savadia as saying that the company developed JamCOVID19 “within three days.”

Neither the Amber Group nor the Jamaican government have commented to TechCrunch, but Samada told local radio that it has launched a criminal investigation into the security lapse.


Send tips securely over Signal and WhatsApp to +1 646-755-8849. You can also send files or documents using our SecureDrop. Learn more

SailPoint is buying Saas management startup Intello

SailPoint, an identity management company that went public in 2017, announced it was going to be acquiring Intello today, an early stage SaaS management startup. The two companies did not share the purchase price.

SailPoint believes that by helping its customers locate all of the SaaS tools being used inside a company, it can help IT make the company safer. Part of the problem is that it’s so easy for employees to deploy SaaS tools without IT’s knowledge, and Intello gives them more visibility and control.

In fact, the term ‘shadow IT’ developed over the last decade to describe this ability to deploy software outside of the purview of IT pros. With a tool like Intello, they can now find all of the SaaS tools and point the employees to sanctioned ones, while shutting down services the security pros might not want folks using.

Grady Summers, EVP of product at SailPoint says that this problem has become even more pronounced during the pandemic as many companies have gone remote, making it even more challenging for IT to understand what SaaS tools employees might be using.

“This has led to a sharp rise in ungoverned SaaS sprawl and unprotected data that is being stored and shared within these apps. With little to no visibility into what shadow access exists within their organization, IT teams are further challenged to protect from the cyber risks that have increased over the past year,” Summers explained in a statement. He believes that with Intello in the fold, it will help root out that unsanctioned usage and make companies safer, while also helping them understand their SaaS spend better.

Intello has always seen itself as a way to increase security and compliance and has partnered in the past with other identity management tools like Okta and Onelogin. The company was founded in 2017 and raised $5.8 million according to Crunchbase data. That included a $2.5 million extended seed in May 2019.

Yesterday, another SaaS management tool, Torii, announced a $10 million Series A. Other players in the SaaS management space include BetterCloud and Blissfully, among others.

Following backlash, WhatsApp to roll out in-app banner to better explain its privacy update

Last month, Facebook-owned WhatsApp announced it would delay enforcement of its new privacy terms, following a backlash from confused users which later led to a legal challenge in India and various regulatory investigations. WhatsApp users had misinterpreted the privacy updates as an indication that the app would begin sharing more data — including their private messages — with Facebook. Today, the company is sharing the next steps it’s taking to try to rectify the issue and clarify that’s not the case.

The mishandling of the privacy update on WhatsApp’s part led to widespread confusion and misinformation. In reality, WhatsApp had been sharing some information about its users with Facebook since 2016, following its acquisition by Facebook.

But the backlash is a solid indication of much user trust Facebook has since squandered. People immediately suspected the worst, and millions fled to alternative messaging apps, like Signal and Telegram, as a result.

Following the outcry, WhatsApp attempted to explain that the privacy update was actually focused on optional business features on the app, which allow business to see the content of messages between it and the end user, and give the businesses permission to use that information for its own marketing purposes, including advertising on Facebook. WhatsApp also said it labels conversations with businesses that are using hosting services from Facebook to manage their chats with customers, so users were aware.

Image Credits: WhatsApp

In the weeks since the debacle, WhatsApp says it spent time gathering user feedback and listening to concerns from people in various countries. The company found that users wanted assurance that WhatsApp was not reading their private messages or listening to their conversations, and that their communications were end-to-end encrypted. Users also said they wanted to know that WhatsApp wasn’t keeping logs of who they were messaging or sharing contact lists with Facebook.

These latter concerns seem valid, given that Facebook recently made its messaging systems across Facebook, Messenger and Instagram interoperable. One has to wonder when similar integrations will make their way to WhatsApp.

Today, WhatsApp says it will roll out new communications to users about the privacy update, which follows the Status update it offered back in January aimed at clarifying points of confusion. (See below).

Image Credits: WhatsApp

In a few weeks, WhatsApp will begin to roll out a small, in-app banner that will ask users to re-review the privacy policies — a change the company said users have shown to prefer over the pop-up, full-screen alert it displayed before.

When users click on “to review,” they’ll be shown a deeper summary of the changes, including added details about how WhatsApp works with Facebook. The changes stress that WhatsApp’s update don’t impact the privacy of users’ conversations, and reiterate the information about the optional business features.

Eventually, WhatsApp will begin to remind users to review and accept its updates to keep using WhatsApp. According to its prior announcement, it won’t be enforcing the new policy until May 15.

Image Credits: WhatsApp

Users will still need to be aware that their communications with businesses are not as secure as their private messages. This impacts a growing number of WhatsApp users, 175 million of which now communicate with businesses on the app, WhatsApp said in October.

In today’s blog post about the changes, WhatsApp also took a big swipe at rival messaging apps that used the confusion over the privacy update to draw in WhatsApp’s fleeing users by touting their own app’s privacy.

“We’ve seen some of our competitors try to get away with claiming they can’t see people’s messages – if an app doesn’t offer end-to-end encryption by default that means they can read your messages,” WhatsApp’s blog post read.

This seems to be a comment directed specifically towards Telegram, which often touts its “heavily encrypted” messaging app as more private alternative. But Telegram doesn’t offer end-to-end encryption by default, as apps like WhatsApp and Signal do. It uses “transport layer” encryption that protects the connection from the user to the server, a Wired article citing cybersecurity professionals explained in January. When users want an end-to-end encrypted experience for their one-on-one chats, they can enable the “secret chats” feature instead. (And this feature isn’t even available for group chats.)

In addition, WhatsApp fought back against the characterization that it’s somehow less safe because it has some limited data on users.

“Other apps say they’re better because they know even less information than WhatsApp. We believe people are looking for apps to be both reliable and safe, even if that requires WhatsApp having some limited data,” the post read. “We strive to be thoughtful on the decisions we make and we’ll continue to develop new ways of meeting these responsibilities with less information, not more,” it noted.

Logging startups are suddenly hot as CrowdStrike nabs Humio for $400M

A couple of weeks ago SentinelOne announced it was acquiring high-speed logging platform Scalyr for $155 million. Just this morning CrowdStrike struck next, announcing it was buying unlimited logging tool Humio for $400 million.

In Humio, CrowdStrike gets a company that will provide it with the ability to collect unlimited logging information. Most companies have to pick and choose what to log and how long to keep it, but with Humio, they don’t have to make these choices with customers processing multiple terabytes of data every single day.

Humio CEO Geeta Schmidt writing in a company blog post announcing the deal described her company in similar terms to Scalyr, a data lake for log information:

“Humio had become the data lake for these enterprises enabling searches for longer periods of time and from more data sources allowing them to understand their entire environment, prepare for the unknown, proactively prevent issues, recover quickly from incidents, and get to the root cause,” she wrote.

That means with Humio in the fold, CrowdStrike can use this massive amount of data to help deal with threats and attacks in real time as they are happening, rather than reacting to them and trying to figure out what happened later, a point by the way that SentinelOne also made when it purchased Scalyr.

“The combination of real-time analytics and smart filtering built into CrowdStrike’s proprietary Threat Graph and Humio’s blazing-fast log management and index-free data ingestion dramatically accelerates our [eXtended Detection and Response (XDR)] capabilities beyond anything the market has seen to date,” CrowdStrike CEO and co-founder George Kurtz said in a statement.

While two acquisitions don’t necessarily make a trend, it’s clear that security platform players are suddenly seeing the value of being able to process the large amounts of information found in logs, and they are willing to put up some cash to get that capability. It will be interesting to see if any other security companies react with a similar move in the coming months.

Humio was founded in 2016 and raised just over $31 million, according to Pitchbook Data. Its most recent funding round came in March 2020, a $20 million Series B led by Dell Technologies Capital. It would appear to be a decent exit for the startup.

CrowdStrike was founded in 2011 and raised over $480 million along the way before going public in 2019. The deal is expected to close in the first quarter, and is subject to typical regulatory oversight.

California DMV warns of data breach after a contractor was hit by ransomware

California’s Department of Motor Vehicles is warning of a potential data breach after a contractor was hit by ransomware.

The Seattle-based Automatic Funds Transfer Services (AFTS), which the DMV said it has used for verifying changes of address with the national database since 2019, was hit by an unspecified strain of ransomware earlier this month.

In a statement sent by email, the DMV said that the attack may have compromised “the last 20 months of California vehicle registration records that contain names, addresses, license plate numbers and vehicle identification numbers.” But the DMV said AFTS does not have access to customers’ Social Security numbers, dates of birth, voter registration, immigration status or driver’s license information, and was not compromised.

The DMV said it has since stopped all data transfers to AFTS and has since initiated an emergency contract to prevent any downtime.

AFTS is used across the United States to process payments, invoices and verify addresses. Several municipalities have already confirmed that they are affected by the data breach, suggesting it may not be limited to California’s DMV. But it’s not known what kind of ransomware hit AFTS. Ransomware typically encrypts a company’s files and will unlock them in exchange for a ransom. But since many companies have backups, some ransomware groups threaten to publish the stolen files online unless the ransom is paid.

AFTS could not be immediately reached for comment. Its website is offline, with a short message: “The website for AFTS and all related payment processing website [sic] are unavailable due to technical issues. We are working on restoring them as quickly as possible.”

“We are looking at additional measures to implement to bolster security to protect information held by the DMV and companies that we contract with,” said Steve Gordon, the director of the state’s DMV.

Last year it was reported that California’s DMV makes more than $50 million a year by selling drivers’ personal information, including to bondsmen and private investigators.

California has more than 35 million registered vehicles.

Jamaica’s immigration website exposed thousands of travelers’ data

A security lapse by a Jamaican government contractor has exposed immigration records and COVID-19 test results for hundreds of thousands of travelers who visited the island over the past year.

The Jamaican government contracted Amber Group to build the JamCOVID19 website and app, which the government uses to publish daily coronavirus figures and allows residents to self-report their symptoms. The contractor also built the website to pre-approve travel applications to visit the island during the pandemic, a process that requires travelers to upload a negative COVID-19 test result before they board their flight if they come from high-risk countries, including the United States.

But a cloud storage server storing those uploaded documents was left unprotected and without a password, and was publicly spilling out files onto the open web.

Many of the victims whose information was found on the exposed server are Americans.

The data is now secure after TechCrunch contacted Amber Group’s chief executive Dushyant Savadia, who did not comment when reached prior to publication.

The storage server, hosted on Amazon Web Services, was set to public. It’s not known for how long the data was unprotected, but contained more than 70,000 negative COVID-19 lab results, over 425,000 immigration documents authorizing travel to the island — which included the traveler’s name, date of birth and passport numbers — and over 250,000 quarantine orders dating back to June 2020, when Jamaica reopened its borders to visitors after the pandemic’s first wave. The server also contained more than 440,000 images of travelers’ signatures.

Two U.S. travelers whose lab results were among the exposed data told TechCrunch that they uploaded their COVID-19 results through the Visit Jamaica website before their travel. Once lab results are processed, travelers receive a travel authorization that they must present before boarding their flight.

Both of these documents, as well as quarantine orders that require visitors to shelter in place and several passports, were on the exposed storage server.

Travelers who are staying outside Jamaica’s so-called “resilient corridor,” a zone that covers a large portion of the island’s population, are told to install the app built by Amber Group that tracks their location and is tracked by the Ministry of Health to ensure visitors stay within the corridor. The app also requires that travelers record short “check-in” videos with a daily code sent by the government, along with their name and any symptoms.

The server exposed more than 1.1 million of those daily updating check-in videos.

An airport information flyer given to travelers arriving in Jamaica. Travelers may be required to install the JamCOVID19 app to allow the government to monitor their location and to require video check-ins. (Image: Jamaican government)

The server also contained dozens of daily timestamped spreadsheets named “PICA,” likely for the Jamaican passport, immigration and citizenship agency, but these were restricted by access permissions. But the permissions on the storage server were set so that anyone had full control of the files inside, such as allowing them to be downloaded or deleted altogether. (TechCrunch did neither, as doing so would be unlawful.)

Stephen Davidson, a spokesperson for the Jamaican Ministry of Health, did not comment when reached, or say if the government planned to inform travelers of the security lapse.

Savadia founded Amber Group in 2015 and soon launched its vehicle-tracking system, Amber Connect.

According to one report, Amber’s Savadia said the company developed JamCOVID19 “within three days” and made it available to the Jamaican government in large part for free. The contractor is billing other countries, including Grenada and the British Virgin Islands, for similar implementations, and is said to be looking for other government customers outside the Caribbean.

Savadia would not say what measures his company put in place to protect the data of paying governments.

Jamaica has recorded at least 19,300 coronavirus cases on the island to date, and more than 370 deaths.


Send tips securely over Signal and WhatsApp to +1 646-755-8849. You can also send files or documents using our SecureDrop. Learn more.

vArmour the multi-cloud security startup, raises $58M en route to IPO

Enterprises have been loading more of their operations into cloud — and, more often than not, multi-cloud — environments over the last year, creating vast networks of services that can be complex to manage. Today, vArmour, a startup that provides ways to manage in real time and ultimately secure how applications (and people) work in those fragmented environments is announcing funding to capitalize on the demand for its services.

The Bay Area startup has picked up funding of $58 million in what it described as an oversubscribed round. Co-led by previous backers AllegisCyber Capital and NightDragon, existing investors Standard Chartered Ventures, Highland Capital Partners, Australian carrier Telstra, Redline Capital, and EDBI also participated.

CEO Tim Eades (who co-founded the company with Roger Lian) said this round is likely to be its final fundraising ahead of an IPO for the company.

“We had one hell of a year in 2020 with companies rushing to the cloud,” he said in an interview, with net new annual recurring revenue doubing year over year in the last year. It started out, he noted, with perhaps 10% of business processes in the cloud, and ended at more like 50%. “Now the focus for us is to get to the public markets, maybe in two or 2.5 years from now.”

The company appointed a CFO last October as part of its go-public plan, he noted — Chris Dentiste, who previously had been the CFO of RSA. “His job is to help me find the right window. My job is to make sure we have enough fuel in the tank, and we do,” said Eades.

He added that the company is likely also to look at making some acquisitions in the meantime. A recent launch of an AI lab in Calgary, Canada, points to one area where we might see some activity.

The company is not disclosing its valuation, although Eades confirmed it was a significant up-round. We’re also double checking what the total raised to date is now too (we’ll update when we get that information).

For some context, in the last round of funding that we covered — a $44 million round in 2019 led by the same two investors — we mentioned a PitchBook estimate of $420 million from the previous round — a figure that the company did not dispute with us at the time.

vArmour has been around for several years, with the first three spent in stealth mode, quietly building its technology, raising money and amassing early customers. Those customers, Eades said, fall into categories like telecommunications (strategic backer Telstra being one of them), and financial services.

Those industries speak largely to the challenges that vArmour is addressing in its business.

Legacy businesses in critical verticals often pre-date the modern era of business, and while many of them are going through what enterprise people like to refer to as “digital transformation”, the evolution is not a smooth one.

In many cases, adopting new technologies can be slow, and in almost every case, when you are talking about large enterprises, the changes are very piecemeal, affecting one particular service, or region, or department, or even a subsection of any of those.

All of this means that for malicious actors, there are a number of options to tackle when setting out to look for vulnerabilities in a business or its network, and for those on the inside, it makes for a very complicated and fragmented situation when it comes to monitoring those networks and the services running on them, finding vulnerabilities or suspicious activity, and doing something about that. VArmour’s term that it uses for this is “Application Relationship Management.”

Eades — whose background includes working for the likes of IBM but also leading number of startups acquired by bigger technology giants — has first-hand understanding of how that complexity looks from both sides, from the end user end and from the service provider end. That is in essence what his company has identified and is trying to fix.

Having started out in managing application policies and providing insights to protect on that front, the company is expanding the range of tools that it provides with the recent launch of identity access management on top of that.

But that is likely to be just one of the product steps that it takes to tackle what remains a difficult problem to fix, as its growth is related not just to the growth of activity on a network, but further digital migration of services, and the rise of new technology within an organization’s stack.

(And that is also an area that vArmour is not alone in considering, or even the only approach to tackling it: consider yesterday’s news of Palo Alto Networks acquiring Bridgecrew to extend its own ability to provide automated security monitoring services to DevOps teams.)

“Managing risk and resiliency in the hybrid cloud is one of the most significant security challenges for enterprises,” said Bob Ackerman, Founder and Managing Director at AllegisCyber Capital, in a statement. “vArmour’s platform provides the visibility, controls, and accountability necessary to actively manage these challenges and has done this for hundreds of customers. We are ecstatic to be part of their next stage of growth.”

“As applications become more complex, more distributed, and more targeted by attackers, the importance of full visibility into the relationships between applications becomes increasingly important.” added Dave DeWalt, founder of NightDragon. “vArmour’s approach to application relationship management ensures that enterprises of all sizes can continuously audit, respond, and control identity relationships to best protect their important IP, and mitigate risk to the business.”

Sources: Palo Alto Networks acquired DevOps security startup Bridgecrew for around $200M

 

The pandemic and the world’s big shift to doing (even) more online has put an unprecedented amount of pressure on cybersecurity. Now, it looks like one of the big public players in that space, Palo Alto Networks, has made an acquisition that will help it address that challenge, specifically with security tools designed for those working in DevOps to handle vast volumes of security data more efficiently.

According to our sources and reports, the company is acquiring Bridgecrew, a startup out of Israel that automates the process of network monitoring and security remediation by translating the feedback into code. Its tools are used by fast-scaling, internet-based businesses like Robinhood, BetterHelp and OneMain Financial.

The acquisition was first rumored earlier this month in Israeli press as a deal worth more than $100 million. Two sources confirmed the talks to us at the time but said the deal had not yet been closed. Then, a report this morning in Israel’s Calcalist said the acquisition is now valued at around $200 million, possibly more if you count earn-outs.

Sources close to the startup’s investors confirm to us that the papers have indeed now been signed on the deal, so expect an official announcement soon.

Spokespeople for both companies previously declined to comment on any deal when we asked earlier this month. We are reaching out to both again.

A $200 million price tag would represent a strong return for Bridgecrew and its investors.

The startup, backed by the likes of Battery Ventures, Operator Partners and more than a dozen others, has only raised around $18 million, including a Series A of $14 million last year. According to PitchBook data, Bridgecrew had a valuation of about $40 million at the time of that last round.

Cybersecurity — specifically the need for better and more sophisticated solutions in the face of an increasing amount of breaches in an ever-growing threat landscape — has seen an increasing focus for years. Indeed, it’s one of the rising tides that has lifted Palo Alto Networks’ boat.

But in the last year, the Covid-19 pandemic has brought more attention to cybersecurity and the need for more automation in it than ever before.

The reason is fairly obvious but is worth repeating: as more organizations migrate operations into distributed, digital-only, cloud-based environments, architectures have become more fragmented, complex and simply bigger and more of an exploitation target.

That’s presented a challenge for those provisioning security for these operations, and that has led to a new wave of companies over the last several years building automated solutions, merging DevOps with security monitoring.

“We founded Bridgecrew because we saw that there was a huge bottleneck in security engineering, in DevSecOps, and how engineers were running cloud infrastructure security,” Bridgecrew CEO and co-founder Idan Tendler told TechCrunch last year. Others in this wider space include PortShift (which was acquired by Cisco last year), Tines and many others.

Palo Alto Networks has also been building its own tools for DevOps security, namely with Prisma, which it introduced in 2019 and updated last year.

It’s not clear why Palo Alto would choose to supplement that with an outside acquisition, but it’s notable that Bridgecrew focuses on DevOps security specifically and it has seen a lot of traction in that area.

Its sweet spot appears to be customers who are building huge businesses themselves on cloud infrastructure and are using automation as part of bigger efforts to ensure better cybersecurity practices.

It counts customers like Databricks for its flagship Bridgecrew platform product, which provides security scanning and remediation in the form of code across a wide range of infrastructure environments. The company recently said that its customer base and monthly sign ups both tripled in the second half of last year.

It has also seen a lot of pick-up of Checkov, its open source infrastrcuture-as-code (IaC) scanner that it says works across cloud infrastructure in Terraform, Cloudformation, Kubernetes, Arm templates or Serverless Framework to detect misconfigurations.

Checkov passed a milestone of 1 million downloads last quarter, speaking to the company’s reputation and traction with the very customers that Palo Alto is looking to reach.

Notably, Bridgecrew says it’s working on other open source projects, so that could also be a focus for Palo Alto here.

Another takeaway from this news is how Israel continues to be fertile ground for hatching and growing cybersecurity businesses.

“Palo Alto Networks was established by Israeli founders, and Bridgecrew will be the seventh Israeli cybersecurity company acquired by Palo Alto in the recent years,” said Avihai Michaeli, a Tel Aviv-based senior investment banker and startup advisor.

We will update this story as we learn more.