Cloudflare Buys Cloud Access Security Broker Startup Vectrix

‘In this SaaS age, something as innocent as a calendar invite can introduce risks that IT and security teams now have to think about. This is why we’re excited to grow further at Cloudflare,’ says Vectrix CEO Corey Mahan.

Cloudflare has purchased Vectrix to detect and mitigate issues like inappropriate filing sharing and user permission misconfigurations in tools like AWS, Google Workspace and GitHub.

The San Francisco-based security and performance services vendor said its acquisition cloud access security broker (CASB) startup Vectrix, also based in San Francisco, will provide businesses with one-click visibility and control across all their SaaS applications. Integrating Vectrix with Cloudflare’s existing Zero Trust platform will provide enterprises with comprehensive control of both data-at-rest and data-in-motion.

“Cloudflare’s global network blocks attempts to compromise data at multiple levels while accelerating traffic to the Internet,” Cloudflare co-founder and CEO Matthew Prince said in a statement. “We’re excited to welcome the Vectrix team to Cloudflare to help deliver the fastest, more secure, and robust Zero Trust platform for the enterprise.”

[Related: Cloudflare Buys Startup Zaraz To Secure, Speed Up Websites]

Terms of the acquisition weren’t disclosed, and Cloudflare executives weren’t available for a telephone interview. The company’s stock is up $9.26 (7.99%) to $125.22 in after-hours trading Thursday, which is the highest Cloudflare’s stock has traded since Jan. 3. Cloudflare also announced that fourth-quarter revenue increased 54 percent to $193.6 million while net loss worsened by 128 percent to $77.5 million.

Vectrix was founded in 2020, employs 10 people, and has raised $2.2 million in two rounds of outside funding, according to LinkedIn and Crunchbase. Vectrix most recently closed a $2 million seed round in October 2020 with participation from Paladin Capital Group, ACE & Company and 1984 Ventures. The company was co-founded and led by Corey Mahan, who was previously Vimeo’s director of security.

“Everyone uses SaaS applications from sending emails to managing HR, but simply ticking the wrong box can leave a business’s critical data exposed,” Mahan said in a statement. “By combining Vectrix’s API first approach with the scale of Cloudflare’s Zero Trust platform we’re able to give customers an easy and simple way to control how data from those applications is shared.”

Vectrix extends the security of Cloudflare’s network to the data stored in SaaS applications, giving customers a single control plane for the security of their workforce and mission-critical resources. Cloudflare evaluated options including building its own API-driven CASB offering and talked to other companies in the space and was impressed by Vectrix’s customer obsession and rapid time to value.

“The Vectrix product focuses on delivering immediate value in less than five minutes after the two or three clicks required to configure the first scan of a SaaS application,” Cloudflare CTO John Graham-Cumming and Director of Product Sam Rhea wrote in a blog post. “Customers can begin to flag risks in their organization in a matter of minutes without the need for a complex deployment.”

Vectrix will be integrated into the Cloudflare Zero Trust platform later this year, meaning that services like zero trust network access (ZTNA), secure web gateway (SWG), and browser isolation are managed from a single platform and dashboard. Combining Vectrix and SWG will allow organizations to detect all SaaS apps in use, block those that are unapproved, and ensure that data stays safe in sanctioned ones.

Vectrix and ZTNA will be married to ensure only users who match an organization’s device policies are allowed into SaaS apps and that SaaS apps stay configured only for approved authentication methods. And Vectrix combined with browser isolation can prevent users from copy/pasting or printing data and ensure that data isn’t modified to be shared publicly from within the SaaS app itself, the company said.

“In this SaaS age, something as innocent as a calendar invite can introduce risks that IT and security teams now have to think about,” Vectrix CEO Mahan wrote in a blog post. “This is why we’re excited to grow further at Cloudflare, helping more teams stay one step ahead.”

The Vectrix acquisition comes two months after Cloudflare bought startup Zaraz for an undisclosed amount to boost website speed and security without sacrificing privacy by reducing the impact of third-party marketing and analytics tools. A year earlier, Cloudflare acquired automation platform Linc for an undisclosed amount to help front-end developers collaborate and build powerful applications.

And in January 2020, Cloudflare purchased early-stage browser isolation vendor S2 Systems for $17.7 million to keep security threats away from devices and make everyday web browsing safer and faster. All told, Cloudflare has made eight acquisitions since being established nearly 13 years ago, according to Crunchbase.