Palo Alto Networks drops $156m to absorb DevSecOps firm Bridgecrew

Open-source stuff stays for now, company promises


Palo Alto Networks (PAN) has described its $156m buy of cloudy DevSecOps biz Bridgecrew as a "key bet" at a time when the world has never been more reliant on off-premises computing.

The buyout was made public early yesterday evening, and Palo Alto said Bridgecrew's "developer-first infrastructure-as-code security platform" sits well with its Prisma public cloud security product.

"Bridgecrew provides a very valuable set of capabilities that our customers are looking for," wrote Palo Alto exec veep Lee Klarich in an update. "Most importantly, [it] opens up an opportunity for us to further engage with the developer community which is so important to the future of cloud security."

The smaller firm's founders will remain with the company after the buyout completes. As for Bridgecrew's open-source emphasis, Palo Alto said it "will continue to invest" in that "as part of its ongoing commitment to DevOps security."

Bridgecrew's open-source Checkov code analysis product (neither a typo relating to the Russian playwright nor a Star Wars character, despite Google's automated suggestions) featured prominently in the two companies' joint statement about the buyout, with Palo Alto noting it passed a million downloads in 2020.

"Once integrated," said Palo Alto, "Prisma Cloud customers will benefit from a single platform that will deliver cloud security from build time to runtime, seamlessly connecting security and DevOps teams."

Checkov focuses on infrastructure-as-code (IaC), said Klarich. Once an IaC template enters use within a particular org, any security problems with it "will be replicated across every deployment, and then for every deployment, all of those errors will be flagged by cloud security products."

Gartner analyst Neil MacDonald told The Register: "This acquisition fits into the overall Prisma Cloud strategy to deliver what Gartner calls a cloud-native application protection platform. It deepens and extends the existing PAN Prisma Cloud cloud security posture management (CSPM) capabilities and shifts them left into the development pipeline for infrastructure-as-code scanning.

MacDonald added: "It is the sixth acquisition for PAN for the PC team – Redlock, evident.io, Twistlock, Aporeto, Puresec, and now Bridgecrew. There are several small IaC pure plays left in the market as this space is just developing."

Palo Alto has been keen to talk about the size of the global infosec industry over the past few years, contrasting the large number of smaller firms in the market with its own position – though it does occasionally overreact when anybody tries making product comparisons involving its kit.

The buyout makes a minuscule dent in the $1.5bn the firm raised in 2018 for doing stuff 'n' things, including acquiring smaller market players. ®

Similar topics

Broader topics


Other stories you might like

  • Chinese-sponsored gang Gallium upgrades to sneaky PingPull RAT
    Broadens targets from telecoms to finance and government orgs

    The Gallium group, believed to be a Chinese state-sponsored team, is going on the warpath with an upgraded remote access trojan (RAT) that threat hunters say is difficult to detect.

    The deployment of this "PingPull" RAT comes as the gang is broadening the types of organizations in its sights from telecommunications companies to financial services firms and government entities across Asia, Southeast Asia, Europe and Africa, according to researchers with Palo Alto Networks' Unit 42 threat intelligence group.

    The backdoor, once in a compromised system, comes in three variants, each of which can communicate with the command-and-control (C2) system in one of three protocols: ICMP, HTTPS and raw TCP. All three PingPull variants have the same functionality, but each creates a custom string of code that it sends to the C2 server, which will use the unique string to identify the compromised system.

    Continue reading
  • HelloXD ransomware bulked up with better encryption, nastier payload
    Russian-based group doubles the extortion by exfiltrating the corporate data before encrypting it.

    Windows and Linux systems are coming under attack by new variants of the HelloXD ransomware that includes stronger encryption, improved obfuscation and an additional payload that enables threat groups to modify compromised systems, exfiltrate files and execute commands.

    The new capabilities make the ransomware, first detected in November 2021 - and the developer behind it even more dangerous - according to researchers with Palo Alto Networks' Unit 42 threat intelligence group. Unit 42 said the HelloXD ransomware family is in its initial stages but it's working to track down the author.

    "While the ransomware functionality is nothing new, during our research, following the lines, we found out the ransomware is most likely developed by a threat actor named x4k," the researchers wrote in a blog post.

    Continue reading
  • Suspected phishing email crime boss cuffed in Nigeria
    Interpol, cops swoop with intel from cybersecurity bods

    Interpol and cops in Africa have arrested a Nigerian man suspected of running a multi-continent cybercrime ring that specialized in phishing emails targeting businesses.

    His alleged operation was responsible for so-called business email compromise (BEC), a mix of fraud and social engineering in which staff at targeted companies are hoodwinked into, for example, wiring funds to scammers or sending out sensitive information. This can be done by sending messages that impersonate executives or suppliers, with instructions on where to send payments or data, sometimes by breaking into an employee's work email account to do so.

    The 37-year-old's detention is part of a year-long, counter-BEC initiative code-named Operation Delilah that involved international law enforcement, and started with intelligence from cybersecurity companies Group-IB, Palo Alto Networks Unit 42, and Trend Micro.

    Continue reading
  • Microsoft details how China-linked crew's malware hides scheduled Windows tasks
    All so that it can maintain backdoor access across reboots

    The China-linked Hafnium cyber-gang is using a strain of malware to maintain a persistent presence in compromised Windows systems by creating hidden tasks that maintain backdoor access even after reboots.

    Researchers within Microsoft's Detection and Response Team (DART) and Threat Intelligence Center (MTIC) spotted the software nasty, dubbed Tarrask, creating undesirable scheduled tasks via Windows Task Scheduler, which is typically used by IT administrators to automate such chores as updating programs, tidying up file systems, and starting certain applications.

    The malware is part of a larger multi-stage attack against organizations that exploits an authentication bypass in the snappily named ManageEngine ADSelfService Plus, Zoho's password-management and single-sign-on offering for Active Directory environments; this bypass vulnerability is tracked as CVE-2021-40539. The Unit42 group at Palo Alto Networks in November wrote about this security hole and how it was being exploited by miscreants to install remote-control backdoors – namely, the Godzilla webshell – and other malware in networks.

    Continue reading
  • Unit 42: Ransomware demands we're aware of averaged $2.2m last year
    Conti, REvil declared most active criminal gangs

    The average ransom demand hit $2.2 million in 2021, a 144 percent rise from the year prior, according to Palo Alto Networks' Unit 42 consultants, while the average ransom payment grew 78 percent to $541,010.

    The research and consultancy outfit latest ransomware report, issued this week, pulls data from cases handled by Unit 42 along with analysis of ransomware gangs' leak sites. 

    These findings, combined with another ransomware report released this week from the US Senate Homeland Security and Governmental Affairs Committee, paints a disturbing picture of cyber criminals' increasingly brazen tactics, and how difficult it is for organizations of all sizes to defend themselves.

    Continue reading
  • Ukraine invasion: This may be the quiet before the cyber-storm, IT staff warned
    Now is the time to be a prepper – the computer security kind

    Updated As the invasion of Ukraine heads into its third week with NATO allies ratcheting up sanctions against Russia, infosec vendors have urged Western governments and businesses to prepare for retaliatory cyberattacks.

    According to Mandiant, Ukraine remains the top target for destructive or disruptive cyberattacks. That said, several US and EU sectors including government, financial services, energy and utilities, and transportation face a "moderate-high" risk of attack from Kremlin-backed miscreants. Media outlets, meanwhile, face a "moderate" risk. 

    So far, apart from a few standout moments – such as web systems being knocked over, wiper malware infecting machines, and satellite communication terminals coming under attack – there's been little indication of a serious, widespread escalation in cyberwarfare between Russia and Ukraine and its allies.

    Continue reading
  • Palo Alto Networks patches 9.8 severity CVE in popular GlobalProtect product
    Arbitrary code execution by unauthenticated attacker? Big oops

    Updated Palo Alto Networks (PAN) has issued a patch for a CVSS 9.8-rated buffer overflow affecting a VPN component of its widely used firewall software, warning that the flaw allows unauthenticated attackers to execute arbitrary code on unpatched appliances.

    While the current version, 10.1, and three before it are not affected, the vuln, tracked as CVE-2021-3064, still exists in version 8.1.17 and all previous versions of PAN-OS, PAN's firewall operating system.

    "A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges," said the company in an advisory published this week.

    Continue reading

Biting the hand that feeds IT © 1998–2022