Take a look at the on-demand periods from the Low-Code/No-Code Summit to learn to efficiently innovate and obtain effectivity by upskilling and scaling citizen builders. Watch now.
Palo Alto Networks (PAN) introduced Thursday that it’s going to purchase utility safety and software program provide chain safety supplier Cider Safety for roughly $195 million in money. This acquisition is an effective transfer towards enabling safety to scale with fashionable software program improvement, in line with Melinda Marks, a senior analyst at Enterprise Technique Group.
PAN mentioned the plan is to have Cider assist its Prisma Cloud platform to safe the whole utility safety lifecycle from code to cloud.
“For cloud-native improvement, you may have builders empowered to provision and deploy functions to the cloud to make them accessible for patrons, companions, and workers, and whereas it will increase productiveness, it’s a problem for safety groups to maintain up with the pace and defend the functions in these dynamic, uncovered environments,’’ Marks instructed VentureBeat in an e-mail interview.
Cider Safety is an effective instance of an organization constructing observability into developer workflows, akin to CI/CD pipelines, to raised incorporate safety, she mentioned. “What PAN is doing with Prisma by tying all of those options collectively is to allow safety to grow to be extra embedded in improvement — shifting some work left to builders — whereas giving safety groups visibility and management for consistency throughout improvement groups.”
Occasion
Clever Safety Summit
Be taught the vital function of AI & ML in cybersecurity and trade particular case research on December 8. Register in your free cross right this moment.
Register Now
In keeping with ESG’s newly-released report, Strolling the Line: GitOps and Shift Left Safety, 68% of respondents mentioned it’s a excessive precedence to undertake developer-focused safety options, 31% mentioned it’s vital however not a excessive precedence, and only one% mentioned it’s not a precedence.
Securing the software program provide chain
At present’s software program engineering ecosystem is extra various, strikes at better pace, and is extra dynamic by nature. This has launched a wide selection of recent cybersecurity challenges and gaps, making the software program provide chain one of many largest rising assault vectors for cyberattacks, PAN mentioned in a press launch asserting the acquisition.
“The typical CI/CD pipeline can have a whole bunch of developer instruments linked to it, which poses an unlimited safety threat,’’ the corporate mentioned. “Whereas a lot consideration has been placed on the place code comes from, little or no has been positioned on the functions and software program used within the improvement pipeline.”
“Any group utilizing public cloud has an utility infrastructure with a whole bunch of instruments and functions that may entry their code and but, they’ve restricted visibility to their configuration or if they’re secured,” mentioned Lee Klarich, chief product officer for PAN, in a press release. “Cider has made it doable to attach into infrastructure, analyze the instruments, and establish the dangers, in addition to how one can remediate them. We’re buying Cider for his or her innovation that may assist allow Prisma Cloud to supply this functionality that anybody doing cloud operations has to have.”
>>Don’t miss our new particular situation: Zero belief: The brand new safety paradigm.<<
Cider’s AppSec platform was designed to permit engineering to proceed to maneuver quick, with out making compromises on safety, mentioned Man Flechter, CEO at Cider Safety, in a press release. “By scanning and securing the CI/CD pipeline, we may help establish the place there could also be vulnerabilities in your code.”
New merchandise designed for the cloud-native stack
Safety groups have struggled as a result of they should implement safety processes and know-how that don’t disrupt fashionable utility improvement processes, Marks mentioned. “We see newer safety distributors with modern merchandise constructed for the cloud-native stack and fashionable improvement processes with CI/CD.’’
Over the previous 5 years, PAN has made a number of strategic investments to broaden its portfolio in an effort to assist its prospects’ cloud adoption. In 2018, the corporate acquired Evident.io for cloud infrastructure safety, then RedLock for cloud menace protection. Then, in 2019, the corporate “had the foresight to announce their Prisma cloud technique as an effort to construct out a platform to simplify entry, knowledge safety and utility,’’ Marks mentioned.
PAN acquired extra firms and has steadily included their applied sciences into its platform. These embrace Twistlock for container safety and Bridgecrew for developer-focused safety with automated infrastructure as code (IaC) and provide chain safety, in line with Marks.
Different distributors on this area embrace Test Level, TrendMicro, Crowdstrike and Lacework — which has began to make acquisitions with an identical purpose. Marks famous that there are additionally newer startups akin to Orca and Wiz.
PAN mentioned the proposed acquisition is predicted to shut in the course of the second quarter of fiscal 2023.