Leading cybersecurity solutions vendor Palo Alto Networks has been on a steady drumbeat of acquisitions. Now, the company is expanding its footprint in cloud applications security with Bridgecrew, a Silicon Valley startup.Â
Palo Alto Networks’ $156 million acquisition of Bridgecrew aims to streamline the identification and enforcement of security early in the cloud-based applications development lifecycle. The two-year-old Silicon Valley startup harnesses infrastructure-as-a-code (IaC) to scale security remediation and prevent misconfigurations. Bridgecrew’s IaC services are used by well-known tech companies, including Robinhood, Databricks, People.ai, and Rapyd.
Its open-source scanner Checkov enables all stakeholders in application development, including security teams, to identify and implement security practices throughout the development lifecycle. Being open source also gives it a competitive edge over proprietary services. According to an O’Reilly survey,Â 70% of developersOpens a new window Â and IT managers prefer open-source cloud software.
Besides Checkov, other security services on the Bridgecrew platform will be integrated with Palo Alto’s Prisma Cloud for enterprises to maintain a healthy cloud security posture and protect cloud workloads. Thanks to the integration, Prisma Cloud will add infrastructure-as-a-code to its stack along with existing solutions such as container security, IAM security, and serverless security.
Palo Alto has made a string of acquisitions in the cloud security space. In 2020, the company acquired Cloudgenix for $420 million and grabbed attack surface management company Expanse for $800 million. The Bridgecrew buy comes at a time when leading cybersecurity vendors are leveraging strategic acquisitions as a tool to offer advanced and integrated solutions to the technology industry.
Improving Security Assessments and Enforcement In DevOps Processes
Developers are now aware of the existing imbalanced approach to inculcating security best practices in application development. Disinclined developer and security teams can result in tactless security implementations that may delay production functions and expose cloud-based applications to external threats.Â
By acquiring Bridgecrew, Palo Alto Networks focuses on improving the security assessment and enforcement capabilities throughout the DevOps process. Bridgecrew adopts a â€˜shift left’ approach, which means its DevOps services enable teams to detect flaws, misconfiguration, etc., in clouds in runtime rather than in production. According toÂ BMCOpens a new window , it is a practice intended to find and prevent defects early in the software delivery process. The idea is to improve quality by moving tasks to the left as early in the lifecycle as possible. Shift Left testing means testing earlier in the software development process.
â€œDevelopers and security teams alike are looking for a solution: Developers don’t want to figure out that security is not working at the late stage of the development cycle. And the CISO who is charged with protecting the entire organization certainly values the higher levels of security gained from fixing issues earlier in the development lifecycle,â€ wrote Lee KlarichOpens a new window , Chief Product Officer at Palo Alto Networks, in a blog post.
The startup was founded by CEOÂ Idan TendlerOpens a new window ,Â Barak Schoster GoihmanOpens a new window , andÂ Guy EisenkotOpens a new window . Bridgecrew’s leadership will join Palo Alto networks following the acquisition that is expected to be completed in the third quarter.