VMware has purchased application security startup Intrinsic in what is the virtualisation giant's seventh acquisition of the year, according to CNBC.

The deal is expected to fuel VMware's evolution from helping companies deploy software in their own data centre to supporting cloud technologies, CNBC said. Intrinsic said it reduces the attack surface of an application to the bare minimum needed, protecting organisations from malicious code and zero-day attacks.

Terms of the transition weren't disclosed. VMware didn't immediately respond to a CRN request for comment, but confirmed the acquisition to CNBC.

"This acquisition brings us unique expertise and technology as we look to expand our VMware AppDefense platform into the public cloud," a VMware spokesperson told CNBC.

Intrinsic was founded in 2015 and currently employs 10 people, according to LinkedIn. The company raised seed funding in August 2016 from Andreessen Horowitz, First Round Capital, NEA and the Stanford Start-X Fund.

The company's technology applies the principle of least-privilege to applications to help protect sensitive resources against worst-case scenarios like code injection attacks and malicious third-party modules. Intrinsic said it is fully compatible with legacy code, meaning that companies don't have to modify how they currently deploy and write their code.

The vast majority of an average modern Node.js application is made up of untrusted open-source code that unsafely interacts with a company's sensitive resources, Intrinsic said. Unlike other security tools that try to defend against application-level attacks by analysing or monitoring behaviour, Intrinsic protects against attacks by ensuring that Node.js code only executes as expected.

Intrinsic blocks all privileged operations that are not whitelisted by an organisation’s security policies. It can protect against bugs, exploits and malicious code in the AWS Lambda serverless computing platform, the company said, enabling organisations to define fine-grained policies that their AWS Lambda function must abide by at runtime.

The company said it also supports other serverless platforms such as Microsoft Azure Functions and Google Cloud Functions.

VMware's acquisition of Intrinsic comes 17 months after it purchased E8 Security, a provider of cybersecurity intelligence and analytics. Just last week, the company bought Veriflow, which applies continuous verification to networks, preventing outages and vulnerabilities that could lead to severe losses.

All told, VMware has made six acquisitions in 2019 prior to the reported Intrinsic deal: AetherPal, Bitnami, Avi Networks, Bitfusion.io, Uhana and Veriflow.

Intrinsic is the second serverless security company to be snatched up this year, coming three months after Palo Alto Networks bought early stage Israeli serverless security startup PureSec for US$47 million, according to a filing with the US Securities and Exchange Commission.

This article originally appeared at crn.com