Rubrik acquires Laminar to expand in data security across public clouds

Cybersecurity startups, in particular those hatched in Israel, have been getting scooped up at a rapid pace by larger tech companies looking to bolt on new capabilities to address business customers’ growing security needs as they adopt new technologies themselves. In the latest development, Rubrik, a cloud data management company, is buying Laminar — a specialist in securing data run and stored across popular public cloud platforms like AWS, Azure, Google and Snowflake.

Financial terms of the deal have not been officially disclosed but one source puts the figure at “north” of $100 million, while two other sources say the total deal is actually closer to $200 to $250 million.

Rubrik is acquiring all of Laminar’s assets with the deal: workers, tech and customer contracts.┬áLaminar has its roots in Tel Aviv (officially it is headquartered in the U.S.), and it will become the basis of a new cybersecurity R&D operation for Rubrik.

It is not clear how many employees will be coming over with the acquisition: I have heard chatter that some workers are getting let go ahead of the deal being made public and closing. Rubrik and Laminar declined to comment on those details.

For Rubrik, the deal, which should be finalized by the end of this year, helps it close the loop on the tools it provides to its customers. Initially these were built ten years ago and designed to cover backup and management but have, in the name of resilience, extended deeper into the more granular aspects of data security over the years.

“Backup, recovery and data protection have a lot of overlap with security, but the watershed moment was in 2018 when a customer had a ransomware attack,” and that required more than just data recovery to fix, said Mike Tornincasa, chief business officer. He said that the business has been “completely reoriented over the last five years” to be increasingly about proactive security posture rather than simply data recovery. (Rubrik itself has had at least one big security run-in that could have also precipitated that move.)

Rubrik is privately held and VC-backed, but in June it was reported that it hired bankers to start the IPO process, notable given how few public listings we’ve seen in recent times. It has more than 4,500 customers and an extensive list of investors, including Bain, Greylock, IVP, Khosla, Lightspeed, and a number of individuals. Rubrik’s last equity round was in 2021, included Microsoft as a strategic backer, and came in at a $4 billion valuation. Rubrik declined to comment on its IPO plans today.

Laminar launched in 2021 with some buzz, coming out of stealth with $37 million in funding to secure public cloud assets, right at a time when many companies, thanks to COVID-19, were undergoing “digital transformation” and migrating work to public clouds, exposing a new and growing security risk in doing so.

Its backers included the cybersecurity company SentinelOne, Salesforce Ventures, TLV Partners, Meron Capital, Tiger Global and Insight, the latter of which partnered with the company to help it identify potential customers by way of Insight Ignite, a sourcing and business intelligence platform covering Insight’s wider portfolio.

But that Series A, which got extended a few months later to $67 million, turned out to be Laminar’s last round. It was apparently looking to raise more, but with the funding landscape drying up, another option started to emerge: rumors earlier this year said the company was talking to a number of potential buyers, including Rubrik and Datadog, for a price up to $250 million.

It may have also been finding it a struggle to scale. Amit Shaked, the CEO who co-founded Laminar with Oran Avraham (CTO), said that its customers numbered in the “double digits.” He also confirmed that Laminar was indeed approached by multiple acquirers ahead of going with Rubrik; he said the company hadn’t been looking for more funding.

Years of easy-to-raise capital led to the proliferation of thousands of new startups; now as those startups struggle to raise further rounds to grow, it’s created a very ripe market for M&A.

Tornincasa said that the Laminar acquisition came after an “exhaustive search to find the best team and product” in public cloud security posture management, and that Rubrik met with more than a dozen startups in the space. That says something too about the very competitive environment: Joining with Rubrik gives Laminar a competitive edge in terms of product development.

“The moment I met with Mike and Bipul [Sinha, Rubrik’s founder and CEO] I realized that we shared the same vision, and it made more sense to join them to move faster, rather than stay independent,” said Shaked.

The gap in the market that Laminar aims to tackle is a persistent one for enterprises and other businesses that manage and use data in the cloud, and it boils down to the issue of visibility. In many cases, organizations are opting for hybrid solutions, where data might be kept across multiple silos in public clouds, private clouds, and on premises.

As apps, data, functionality, users, devices are all switched in and out across that organization’s network, the ability to track how data is moving, who is using it, and inadvertent vulnerabilities all become harder to see and manage. Rubrik estimates that by 2025, the cost of cybercrime to business will be as high as $10 trillion, a threat — and, yes, an opportunity.

Laminar is among a group of cybersecurity companies that have emerged to address that by providing both posture management and remediation tools to help security operations teams track activity and identify when something is amiss. While organizations can buy into these capabilities from a third party — indeed, that is what Laminar has offered to date, as have others like Symmetry Systems, Dig, Flow Security, Cyera and others — the logic here for Rubrik is that it’s creating a one-stop shop for its customers, growing its revenue funnel, improving how it can work with customer data, and helping customers reduce the number of contracts they need to manage in the process.

The Tel Aviv cybersecurity R&D center will sit alongside other R&D operations in Bangalore, India and Palo Alto, California.

Other recent deals in cybersecurity in Israel have included CrowdStrike buying Bionic.AI for between $200 million and $300 million; IBM buying Polar Security; and Palo Alto Networks buying Cider Security for up to $300 million, among a number of others.