Palo Alto Networks Acquires Supply Chain Security Vendor, Aims to Strengthen Application Security

Check out the Low-Code/No-Code Summit on-demand sessions to learn how to successfully innovate and achieve efficiencies by enhancing and scaling citizen developers. Watch now.


Palo Alto Networks (PAN) announced Thursday that it will acquire application security and software supply chain security provider Cider Security for approximately $195 million in cash. This acquisition is a good step to allow security to scale with modern software development, according to Melinda Marks, a senior analyst at Enterprise Strategy Group.

PAN said the plan is for Cider to support its Prisma Cloud platform to protect the entire application security lifecycle, from code to cloud.

“For cloud-native development, you have developers trained to provision and deploy applications in the cloud to make them available to customers, partners, and employees, and while it increases productivity, it’s a challenge for security teams to keep up with speed and protect applications in these dynamic and exposed environments,” Marks told VentureBeat in an email interview.

Cider Security is a good example of a company incorporating observability into developer workflows, such as CI/CD pipelines, to better embed security, he said. “What PAN is doing with Prisma by bringing all of these solutions together is allowing security to be more integrated into development, leaving some of the work to developers, while giving security teams visibility and control to achieve consistency across developers. development teams.

Event

smart security summit

Learn about the critical role of AI and ML in cybersecurity and industry-specific case studies on December 8. Sign up for your free pass today.

Register now

According to ESG’s recently released report, Walking the Line: GitOps and Shift Left Security, 68% of respondents said adopting developer-focused security solutions is a high priority, 31% said it is important but not a high priority , and only 1% said it is not a priority.

Securing the software supply chain

Today’s software engineering ecosystem is more diverse, faster moving, and more dynamic in nature. This has introduced a wide range of new cybersecurity challenges and gaps, making the software supply chain one of the largest emerging attack vectors for cyberattacks, PAN said in a press release announcing the acquisition. .

“The average CI/CD pipeline can have hundreds of development tools attached, posing a huge security risk,” the company said. “While a lot of attention has been paid to source code, very little attention has been paid to the applications and software used in the development pipeline.”

“Any organization using the public cloud has an application infrastructure with hundreds of tools and applications that can access their code and yet have limited visibility into their configuration or whether they are protected,” said Lee Klarich, director of product of PAN, in a statement. statement. “Cider has made it possible to connect to the infrastructure, analyze the tools and identify the risks, as well as how to remediate them. We are acquiring Cider for their innovation that will help Prisma Cloud deliver this capability that anyone operating in the cloud must have.”

>>Don’t miss our new special issue: Zero Trust: The new security paradigm.<

Cider’s AppSec platform was designed to allow engineering to continue to move quickly, without compromising security, Guy Flechter, chief executive officer of Cider Security, said in a statement. “By scanning and securing the CI/CD pipeline, we can help identify where there may be vulnerabilities in your code.”

New products designed for the cloud-native stack

Security teams have struggled because they need to implement security technology and processes that don’t break modern application development processes, Marks said. “We are seeing newer security vendors with innovative products built for the cloud-native stack and modern development processes with CI/CD.”

Over the past five years, PAN has made several strategic investments to expand its portfolio to support cloud adoption by its customers. In 2018, the company acquired Evident.io for cloud infrastructure security and then RedLock for cloud threat defense. Then, in 2019, the company “had the foresight to announce its Prisma cloud strategy in an effort to build a platform to simplify access, data protection and enforcement,” Marks said.

PAN acquired more companies and little by little has been incorporating their technologies into its platform. These include Twistlock for container security and Bridgecrew for developer-focused security with automated infrastructure as code (IaC) and supply chain security, according to Marks.

Other vendors in this space include Check Point, TrendMicro, Crowdstrike, and Lacework, which has begun making acquisitions with a similar goal. Marks noted that there are also new startups like Orca and Wiz.

PAN said the proposed acquisition is expected to close during the second quarter of fiscal 2023.

VentureBeat’s mission is to be a digital public square for technical decision makers to gain insights into transformative business technology and transact. Discover our informative sessions.

Leave a Comment