Take a look at the on-demand classes from the Low-Code/No-Code Summit to discover ways to efficiently innovate and obtain effectivity by upskilling and scaling citizen builders. Watch now.
Palo Alto Networks (PAN) introduced Thursday that it’ll purchase software safety and software program provide chain safety supplier Cider Safety for about $195 million in money. This acquisition is an effective transfer towards enabling safety to scale with trendy software program improvement, in keeping with Melinda Marks, a senior analyst at Enterprise Technique Group.
PAN stated the plan is to have Cider help its Prisma Cloud platform to safe the whole software safety lifecycle from code to cloud.
“For cloud-native improvement, you’ve builders empowered to provision and deploy purposes to the cloud to make them accessible for purchasers, companions, and workers, and whereas it will increase productiveness, it’s a problem for safety groups to maintain up with the pace and defend the purposes in these dynamic, uncovered environments,’’ Marks informed VentureBeat in an electronic mail interview.
Cider Safety is an effective instance of an organization constructing observability into developer workflows, reminiscent of CI/CD pipelines, to higher incorporate safety, she stated. “What PAN is doing with Prisma by tying all of those options collectively is to allow safety to turn out to be extra embedded in improvement — shifting some work left to builders — whereas giving safety groups visibility and management for consistency throughout improvement groups.”
Clever Safety Summit
Study the essential position of AI & ML in cybersecurity and business particular case research on December 8. Register on your free go at the moment.
In accordance with ESG’s newly-released report, Strolling the Line: GitOps and Shift Left Safety, 68% of respondents stated it’s a excessive precedence to undertake developer-focused safety options, 31% stated it’s essential however not a excessive precedence, and only one% stated it’s not a precedence.
Securing the software program provide chain
As we speak’s software program engineering ecosystem is extra numerous, strikes at better pace, and is extra dynamic by nature. This has launched a wide selection of recent cybersecurity challenges and gaps, making the software program provide chain one of many greatest rising assault vectors for cyberattacks, PAN stated in a press launch saying the acquisition.
“The common CI/CD pipeline can have lots of of developer instruments related to it, which poses an unlimited safety threat,’’ the corporate stated. “Whereas a lot consideration has been placed on the place code comes from, little or no has been positioned on the purposes and software program used within the improvement pipeline.”
“Any group utilizing public cloud has an software infrastructure with lots of of instruments and purposes that may entry their code and but, they’ve restricted visibility to their configuration or if they’re secured,” stated Lee Klarich, chief product officer for PAN, in an announcement. “Cider has made it potential to attach into infrastructure, analyze the instruments, and establish the dangers, in addition to learn how to remediate them. We’re buying Cider for his or her innovation that may assist allow Prisma Cloud to supply this functionality that anybody doing cloud operations has to have.”
>>Don’t miss our new particular concern: Zero belief: The brand new safety paradigm.<<
Cider’s AppSec platform was designed to permit engineering to proceed to maneuver quick, with out making compromises on safety, stated Man Flechter, CEO at Cider Safety, in an announcement. “By scanning and securing the CI/CD pipeline, we can assist establish the place there could also be vulnerabilities in your code.”
New merchandise designed for the cloud-native stack
Safety groups have struggled as a result of they should implement safety processes and know-how that don’t disrupt trendy software improvement processes, Marks stated. “We see newer safety distributors with modern merchandise constructed for the cloud-native stack and trendy improvement processes with CI/CD.’’
Over the previous 5 years, PAN has made a number of strategic investments to broaden its portfolio with the intention to help its prospects’ cloud adoption. In 2018, the corporate acquired Evident.io for cloud infrastructure safety, then RedLock for cloud risk protection. Then, in 2019, the corporate “had the foresight to announce their Prisma cloud technique as an effort to construct out a platform to simplify entry, knowledge safety and software,’’ Marks stated.
PAN acquired extra corporations and has regularly integrated their applied sciences into its platform. These embody Twistlock for container safety and Bridgecrew for developer-focused safety with automated infrastructure as code (IaC) and provide chain safety, in keeping with Marks.
Different distributors on this house embody Verify Level, TrendMicro, Crowdstrike and Lacework — which has began to make acquisitions with an identical aim. Marks famous that there are additionally newer startups reminiscent of Orca and Wiz.
PAN stated the proposed acquisition is predicted to shut throughout the second quarter of fiscal 2023.
VentureBeat’s mission is to be a digital city sq. for technical decision-makers to realize data about transformative enterprise know-how and transact. Uncover our Briefings.