While this week’s acquisitions by enterprise security provider Palo Alto Networks of container security provider Twistlock and serverless security provider PureSec are not the first for the cloud native security space, they may very well be the most notable, and a number of other competitors in the space are calling the move a validation of their own efforts.
Palo Alto Networks disclosed on Wednesday that it will pay “approximately $410 million in cash” for Twistlock, offering no specific number for PureSec, and will integrate the two products into its newly announced Prisma cloud security suite, which the company says will provide “visibility across the entire cloud environment while consistently governing access, protecting data, and securing applications regardless of location.” According to a statement, the co-founders of both Twistlock and PureSec will be joining Palo Alto Networks, though no mention was made of the other team members.
“It’s clear that every major IT vendor is considering its cloud native strategy. VMware acquired Heptio, NetApp acquired StackPointCloud, Microsoft invested in Aqua Security… the list goes on. Add to this the fact that every major cloud provider is retooling their offerings to provide development and operations capabilities for Kubernetes and containers, and you can imagine how things will evolve,” said Vasudevan. “I don’t think you can say Twistlock was the first, but it’s certainly the most visible. And that’s really what we pinpointed as the key takeaway from this acquisition — cloud native is going mainstream, and now every enterprise has to have it and every major vendor needs to support it.”
Dror Davidoff, co-founder and CEO of container, serverless and cloud native application security platform Aqua Security, meanwhile, said that the acquisition points to the need for purpose-built tools to handle the complexity of cloud native environments.
“The first thing this does is to validate the market need for a dedicated solution for securing cloud native environments. Simply adding new features onto network or cloud security products doesn’t address the real customer requirements,” said Davidoff. “But, it also shows that this is difficult for even big companies to build on their own now (as demonstrated by the high price paid for Twistlock)… the early leaders (including Aqua) have a significant advantage in terms of understanding these new technologies and how they are best secured.”
Kamal Shah, CEO of container and Kubernetes security platform StackRox, similarly points to the acquisition as a validation of the market, noting that enterprise adoption of containers is a driving force that he thinks will likely lead to more market consolidation.
“This acquisition is a major validation of the strategic importance of the container security market and reflects the growing importance of the broader cloud security market,” said. “Other, recent acquisitions have proven that companies that focus on the long-term and have the right architecture often win and I wouldn’t be surprised to see other security vendors acquire a container security vendor over the next 12 months. Enterprises today are looking for ways to enforce security and compliance policies as they embrace the business benefits of cloud native application architectures across multicloud and hybrid cloud environments.”
Whether or not this move by Palo Alto Networks will prove beneficial of course remains to be seen, but Davidoff remains skeptical. In a world of cloud native, he notes, companies may not be looking for monolithic providers, but rather piecemeal solutions that they can integrate in much the same way they have decomposed their applications into microservices.
“One of the great things about cloud native environments, is the ability to utilize the best tools from across the market (not just for security, but for your whole DevOps pipeline), whether those are open source, or commercial, and whether they come from big vendors or smaller ones. Unlike the more traditional security markets where a single solution has distinct advantages of a common management console, and clear points of control, DevOps is more about the flexibility to work the way the customer wants,” said Davidoff. “So, while having another product in the bag could benefit Palo Alto to some degree, their competitors will likely find that the customer is more concerned with integrating best of breed than having everything come from one vendor.”
Of course, Palo Alto Networks points to the 9,000 pre-existing enterprise customers as a point of affirmation, with Nikesh Arora, chairman and CEO of Palo Alto Networks, saying in a company statement that “We believe that our acquisition of these leading companies will significantly enhance our ability to be the cybersecurity partner of choice for our customers, while expanding our capabilities and strengthening our Prisma cloud security strategy.”
Twistlock is a sponsor of The New Stack.