In a move that reflects the constantly evolving nature of cybersecurity, Fortinet has acquired Israeli startup Suridata, a company specializing in SaaS Security Posture Management (SSPM). While financial details were not disclosed, the deal is estimated to be worth tens of millions of dollars.
As organizations continue to adopt cloud-based applications, the need to secure sprawling SaaS environments has now become a top priority. Suridata’s platform uses AI to identify misconfigurations, monitor risk, and automate remediation across a wide range of SaaS tools.
The acquisition signals Fortinet’s continued investment in expanding its cloud security capabilities and offering more integrated solutions to enterprise customers. It also seems to be part of a larger industry shift: cybersecurity vendors are no longer focused solely on perimeter defense, but on securing the dynamic, decentralized infrastructure that defines today’s digital workplace.
“Suridata is a small startup in the SaaS posture management space, an area that Fortinet is probably seeing demand for but is outside their realm of network expertise,” said Richard Stiennon, an analyst with IT-Harvest and author of Security Yearbook 2025: A History and Directory of the IT Security Industry. “This deal makes sense in this case to buy versus build.”
Suridata: Pioneering SaaS Security
Founded in Tel Aviv in 2020, Suridata was launched to address a growing blind spot in enterprise security: the configuration and monitoring of SaaS applications. As businesses adopted a growing number of specialized cloud-based tools, many lacked real visibility into how these services were configured or whether sensitive data was exposed.
Suridata’s SaaS Security Posture Management (SSPM) platform helps organizations identify and fix risky misconfigurations across their entire SaaS environment. The platform integrates with dozens of popular SaaS applications and provides a centralized dashboard for monitoring compliance, user permissions, and data access policies. It also prioritizes risks based on potential severity and business context, helping security teams focus on what matters most.
A key differentiator is Suridata’s use of artificial intelligence and machine learning. These technologies enable the platform to detect anomalies, automate remediation tasks, and continuously learn from user behavior, helping to make it adaptive and scalable in complex enterprise environments.
Fortinet’s Strategic Objectives
Fortinet has long positioned itself as a leader in integrated cybersecurity, offering solutions that span network security, endpoint protection, cloud security, and secure SD-WAN. Its flagship FortiOS operating system and Security Fabric architecture are built to provide broad, consistent protection across increasingly complex IT environments.
The acquisition of Suridata helps round out Fortinet’s SaaS security capabilities by filling a critical gap in the company’s ability to secure third-party applications. Suridata’s SSPM technology complements Fortinet’s platform by giving customers more control over the security posture of the SaaS tools they use on a daily basis. This alignment should strengthen Fortinet’s standing as a single source for security across the modern enterprise stack.
The acquisition also enhances Fortinet’s Unified SASE (Secure Access Service Edge) strategy. By integrating Suridata’s visibility and remediation tools, Fortinet can offer more robust protection for users accessing cloud applications from remote or hybrid work environments. This is an important distinction, as it ensures effective security follows the user, no matter where they are.
The Growing Importance of SaaS Security
SaaS applications have become the backbone of modern business operations, powering everything from communication and collaboration to finance and HR. With the average enterprise now using hundreds of SaaS tools, the concept of the traditional security perimeter is quickly disappearing. This shift has introduced new challenges in security, especially in terms of managing access, maintaining compliance, and preventing data exposure across a wide array of platforms.
Unlike on-premises software, SaaS tools are managed by third-party vendors, leaving IT and security teams with limited visibility and control. Misconfigured permissions, excessive data sharing, and inconsistent authentication policies are common issues that can expose sensitive data or create compliance gaps. As these risks multiply, so does the need for specialized tools that address them.
These challenges have created a new category of tools known as SaaS Security Posture Management (SSPM). These solutions continuously monitor the configuration and usage of SaaS applications, flagging risks and automating remediation when possible. By introducing greater visibility and control, SSPM helps organizations better manage the security of increasingly complex and distributed cloud environments.
Israel’s Role in Cybersecurity Innovation
Israel has emerged as a global powerhouse in cybersecurity innovation, with a large startup community fueled by deep technical talent and strong government support. Many of the country’s cybersecurity entrepreneurs bring experience from elite military intelligence units, contributing to a steady stream of innovative solutions that address ever-evolving digital threats.
Suridata is the latest in a growing list of Israeli cybersecurity startups to be acquired by global tech leaders. While this may be Fortinet’s first major acquisition of an Israeli firm, it aligns with the industry’s recognition of Israel as a hub for security innovation, especially in areas such as cloud, SaaS, and AI-driven threat detection.
Implications for the Cybersecurity Industry
Fortinet’s acquisition of Suridata is the latest in the trend of consolidation within the cybersecurity sector, where large vendors seek to fill gaps in their portfolios through targeted acquisitions. As the threat landscape evolves and attack surfaces expand, enterprises are demanding more comprehensive, platform-based solutions rather than managing a patchwork of point products.
This shift is especially true in cloud and SaaS security. Today, organizations need integrated tools that provide end-to-end visibility across cloud workloads, user access, and SaaS configurations – often delivered through unified platforms that support automation and real-time response.
Looking ahead, the importance of SSPM is likely to grow as more enterprises move business-critical operations into the cloud. The industry is likely to see continued investment in SSPM, as well as related areas such as identity governance, cloud access security brokers (CASBs), and AI-powered threat detection. Acquisitions like this one are just the tip of the iceberg and show that SSPM is becoming a core pillar of modern cybersecurity strategy.
Looking Ahead in SaaS Security
Fortinet’s acquisition of Suridata marks a strategic step forward in addressing the growing security challenges of the SaaS-driven enterprise. By integrating Suridata’s SSPM capabilities into its larger platform, Fortinet is positioning itself to deliver more comprehensive protection across today’s hybrid IT environments.
