Take a look at the on-demand periods from the Low-Code/No-Code Summit to learn to efficiently innovate and obtain effectivity by upskilling and scaling citizen builders. Watch now.
Palo Alto Networks (PAN) introduced Thursday that it’ll purchase utility safety and software program provide chain safety supplier Cider Safety for about $195 million in money. This acquisition is an effective transfer towards enabling safety to scale with trendy software program growth, in keeping with Melinda Marks, a senior analyst at Enterprise Technique Group.
PAN mentioned the plan is to have Cider help its Prisma Cloud platform to safe your complete utility safety lifecycle from code to cloud.
“For cloud-native growth, you’ve got builders empowered to provision and deploy functions to the cloud to make them out there for patrons, companions, and workers, and whereas it will increase productiveness, it’s a problem for safety groups to maintain up with the velocity and shield the functions in these dynamic, uncovered environments,’’ Marks instructed VentureBeat in an e mail interview.
Cider Safety is an effective instance of an organization constructing observability into developer workflows, comparable to CI/CD pipelines, to higher incorporate safety, she mentioned. “What PAN is doing with Prisma by tying all of those options collectively is to allow safety to turn into extra embedded in growth — shifting some work left to builders — whereas giving safety groups visibility and management for consistency throughout growth groups.”
Clever Safety Summit
Study the crucial position of AI & ML in cybersecurity and business particular case research on December 8. Register on your free cross right this moment.
In accordance with ESG’s newly-released report, Walking the Line: GitOps and Shift Left Security, 68% of respondents mentioned it’s a excessive precedence to undertake developer-focused safety options, 31% mentioned it’s essential however not a excessive precedence, and only one% mentioned it’s not a precedence.
Securing the software program provide chain
As we speak’s software program engineering ecosystem is extra numerous, strikes at larger velocity, and is extra dynamic by nature. This has launched a big selection of latest cybersecurity challenges and gaps, making the software program provide chain one of many greatest rising assault vectors for cyberattacks, PAN mentioned in a press launch asserting the acquisition.
“The typical CI/CD pipeline can have lots of of developer instruments linked to it, which poses an infinite safety threat,’’ the corporate mentioned. “Whereas a lot consideration has been placed on the place code comes from, little or no has been positioned on the functions and software program used within the growth pipeline.”
“Any group utilizing public cloud has an utility infrastructure with lots of of instruments and functions that may entry their code and but, they’ve restricted visibility to their configuration or if they’re secured,” mentioned Lee Klarich, chief product officer for PAN, in an announcement. “Cider has made it doable to attach into infrastructure, analyze the instruments, and establish the dangers, in addition to the way to remediate them. We’re buying Cider for his or her innovation that may assist allow Prisma Cloud to supply this functionality that anybody doing cloud operations has to have.”
>>Don’t miss our new particular challenge: Zero belief: The brand new safety paradigm.<<
Cider’s AppSec platform was designed to permit engineering to proceed to maneuver quick, with out making compromises on safety, mentioned Man Flechter, CEO at Cider Safety, in an announcement. “By scanning and securing the CI/CD pipeline, we might help establish the place there could also be vulnerabilities in your code.”
New merchandise designed for the cloud-native stack
Safety groups have struggled as a result of they should implement safety processes and know-how that don’t disrupt trendy utility growth processes, Marks mentioned. “We see newer safety distributors with modern merchandise constructed for the cloud-native stack and trendy growth processes with CI/CD.’’
Over the previous 5 years, PAN has made a number of strategic investments to broaden its portfolio with a purpose to help its clients’ cloud adoption. In 2018, the corporate acquired Evident.io for cloud infrastructure safety, then RedLock for cloud menace protection. Then, in 2019, the corporate “had the foresight to announce their Prisma cloud technique as an effort to construct out a platform to simplify entry, information safety and utility,’’ Marks mentioned.
PAN acquired extra corporations and has step by step integrated their applied sciences into its platform. These embrace Twistlock for container safety and Bridgecrew for developer-focused safety with automated infrastructure as code (IaC) and provide chain safety, in keeping with Marks.
Different distributors on this area embrace Test Level, TrendMicro, Crowdstrike and Lacework — which has began to make acquisitions with an analogous purpose. Marks famous that there are additionally newer startups comparable to Orca and Wiz.
PAN mentioned the proposed acquisition is predicted to shut in the course of the second quarter of fiscal 2023.