Palo Alto Networks drops $156m to absorb DevSecOps firm Bridgecrew
Open-source stuff stays for now, company promises
Palo Alto Networks (PAN) has described its $156m buy of cloudy DevSecOps biz Bridgecrew as a "key bet" at a time when the world has never been more reliant on off-premises computing.
The buyout was made public early yesterday evening, and Palo Alto said Bridgecrew's "developer-first infrastructure-as-code security platform" sits well with its Prisma public cloud security product.
"Bridgecrew provides a very valuable set of capabilities that our customers are looking for," wrote Palo Alto exec veep Lee Klarich in an update. "Most importantly, [it] opens up an opportunity for us to further engage with the developer community which is so important to the future of cloud security."
The smaller firm's founders will remain with the company after the buyout completes. As for Bridgecrew's open-source emphasis, Palo Alto said it "will continue to invest" in that "as part of its ongoing commitment to DevOps security."
Bridgecrew's open-source Checkov code analysis product (neither a typo relating to the Russian playwright nor a Star Wars character, despite Google's automated suggestions) featured prominently in the two companies' joint statement about the buyout, with Palo Alto noting it passed a million downloads in 2020.
"Once integrated," said Palo Alto, "Prisma Cloud customers will benefit from a single platform that will deliver cloud security from build time to runtime, seamlessly connecting security and DevOps teams."
Checkov focuses on infrastructure-as-code (IaC), said Klarich. Once an IaC template enters use within a particular org, any security problems with it "will be replicated across every deployment, and then for every deployment, all of those errors will be flagged by cloud security products."
Gartner analyst Neil MacDonald told The Register: "This acquisition fits into the overall Prisma Cloud strategy to deliver what Gartner calls a cloud-native application protection platform. It deepens and extends the existing PAN Prisma Cloud cloud security posture management (CSPM) capabilities and shifts them left into the development pipeline for infrastructure-as-code scanning.
MacDonald added: "It is the sixth acquisition for PAN for the PC team – Redlock, evident.io, Twistlock, Aporeto, Puresec, and now Bridgecrew. There are several small IaC pure plays left in the market as this space is just developing."
Palo Alto has been keen to talk about the size of the global infosec industry over the past few years, contrasting the large number of smaller firms in the market with its own position – though it does occasionally overreact when anybody tries making product comparisons involving its kit.
The buyout makes a minuscule dent in the $1.5bn the firm raised in 2018 for doing stuff 'n' things, including acquiring smaller market players. ®