Palo Alto Networks Acquires Supply Chain Security Vendor, Aims to Strengthen Application Security

Check out the on-demand sessions from the Low-Code/No-Code Summit to learn how to successfully innovate and gain efficiencies by improving and scaling citizen developers. look now.

Palo Alto Networks (PAN) announced on Thursday that it will acquire an application security and software supply chain security provider Safety cider for approximately $195 million in cash. According to Melinda Marks, senior analyst at Enterprise Strategy Group, this acquisition is a good step forward in enabling security to evolve with modern software development.

PAN said the plan is for Cider to support its Prisma Cloud platform to secure the entire application security lifecycle, from code to cloud.

“For cloud-native development, you have developers empowered to provision and deploy applications on the cloud. cloud to make them available to customers, partners and employees, and while this increases productivity, it is a challenge for security teams to keep up with speed and protect applications in these dynamic and exposed environments”, Marks told VentureBeat in an email interview.

Cider Security is a good example of a company integrating observability into developer workflows, such as CI/CD pipelines, to better integrate security, she said. “What PAN is doing with Prisma by tying all of these solutions together is allowing security to be more integrated into development – shifting some of the work left to developers – while giving security teams visibility and a consistency check between the development teams.”


Smart Security Summit

Learn about the critical role of AI and ML in cybersecurity and industry-specific case studies on December 8. Sign up for your free pass today.

Register now

According to the recently published ESG report, Walk the Line: GitOps and Shift Left Safety68% of respondents said adopting developer-focused security solutions was a high priority, 31% said it was important but not a priority, and only 1% said it was not a priority.

Securing the software supply chain

Today’s software engineering ecosystem is more diverse, evolves faster, and is inherently more dynamic. This introduced a wide range of new cyber security challenges and gaps, making the software supply chain one of the largest emerging attack vectors for cyberattacks, PAN said in a press release announcing the acquisition.

“The average CI/CD pipeline can have hundreds of development tools connected, posing a huge security risk,” the company said. “While a lot of attention has been paid to the origin of the code, very little has been paid to the applications and software used in the development pipeline.”

“Any organization using the public cloud has an application infrastructure with hundreds of tools and applications that can access their code and yet they have limited visibility into their configuration or if they are secure,” said Lee Klarich, chief product officer for PAN, in a statement. “Cider made it possible to connect to the infrastructure, analyze the tools and identify the risks, as well as the way to solve them. We are acquiring Cider for their innovation that will enable Prisma Cloud to provide this capability that anyone doing cloud operations must have.

>> Don’t miss our new special issue: Zero trust: the new security paradigm.

Cider’s AppSec platform was designed to allow engineering to continue to evolve rapidly, without compromising on security, said Guy Flechter, CEO of Cider Security, in a statement. “By analyzing and securing the CI/CD pipeline, we can help identify where there may be vulnerabilities in your code.”

New products built for the cloud-native stack

Security teams have struggled because they need to implement security processes and technology that don’t disrupt modern app development processes, Marks said. “We are seeing new security vendors with innovative products built for the native cloud stack and modern development processes with CI/CD.”

Over the past five years, PAN has made several strategic investments to expand its portfolio to support cloud adoption by its customers. In 2018, the company acquired for cloud infrastructure security, then Red Lock for cloud threat defense. Then, in 2019, the company “had the foresight to announce its Prisma cloud strategy with the goal of building a platform to simplify access, data protection, and enforcement,” Marks said.

PAN acquired more companies and gradually integrated their technologies into its platform. These include Twistlock for container security and Bridgecrew for developer-focused security with automated infrastructure as code (IaC) and supply chain security, according to Marks.

Other vendors in this space include Check Point, TrendMicro, Crowdstrike, and Lacework, which have started making acquisitions with a similar goal. Marks noted that there are also new startups such as Orca and Wiz.

PAN said the proposed acquisition is expected to be completed in the second quarter of fiscal 2023.

VentureBeat’s mission is to be a digital public square for technical decision makers to learn about transformative enterprise technology and conduct transactions. Discover our Briefings.