Palo Alto Networks plans to purchase analytics and automation vendor Demisto for US$560 million to bolster threat prevention and response to security teams.
The platform security giant said the deal will drive better use of AI and machine learning to further automate security operations. The automated playbooks from Demisto have helped reduce alerts that require human review by up to 95 percent, allowing security teams to focus on more complex matters.
"Coupled with our Application Framework, Demisto will help us strengthen our commitment to security teams by delivering a platform that provides higher levels of integration, automation and innovation to prevent successful cyberattacks," said Palo Alto Networks CEO Nikesh Arora in a prepared statement.
Palo Alto Networks' stock remains unchanged at US$226.77 in pre-market trading this week. The deal is being paid for with a mix of cash and stock, and is expected to close by the end of April.
Demisto was founded in 2015 as a security orchestration, automation and response (SOAR) player, and employs 166 people. The cybersecurity startup has raised US$69 million in three rounds of outside funding.
More than 150 customers work with Demisto today, including large organizations in healthcare, technology, financial services and other industry verticals. A quarter of Demisto's customers are in the Fortune 500, according to the company.
From a sales standpoint, the company said Demisto plans to continue executing against the company's aggressive growth plans with he aim of leveraging Palo Alto Networks' distribution network to achieve its ambitious goals. On the technical side, Demisto plans to work closely with the Palo Alto Networks team to strengthen its existing integration with Palo Alto Networks’ Application Framework.
"We have dedicated ourselves to the challenge of automation because we believe that relying on people alone to combat threats will fail against the scale of today's attacks," Demisto CEO Slavik Markovich said in a statement. "And we have found a like-minded team that shares our conviction that the future of security is all about automation and AI."
Demisto's four co-founders - CEO Markovich, marketing leader Rishi Bhargava, product management leader Dan Sarel, and engineering leader Guy Rinat – will join Palo Alto Networks after the transaction closes.
Demisto introduced the two-tiered Nucleus Partner Program in June 2017, which provides partners with deal registration provisions, incumbency on expansionary and renewal sales, first right of refusal on professional services, pre- and post-sales training, and high-margin pricing for partners. The program was being led by Bob Kruse, who joined from Optiv in April 2017 as vice president of alliances.
Demisto said it was looking to add managed security service providers, system integrators, technology partners, and consulting partners. The company has already implemented a 100 percent channel model prior to the launch of its partner program and does not sell direct.
Palo Alto Networks has infused its C-suite with new talent over the past year, bringing in former SoftBank and Google executiveArora as CEO in June and ex-Google executive Amit Singh as president in October. The company reported total sales of US$656 million in its fiscal first quarter of 2019, which ended 31 October 2018.
The company has made three acquisitions over the past year, kicking things off in March with the US$300 million purchase of Evident.io to make it easier for enterprise cloud users to keep their deployments compliant and secure. A month later, Palo Alto Networks bolstered its data collection and visualization capabilities on the endpoint through its purchase of emerging vendor Secdo for a reported US$100 million.
Then in October, Palo Alto Networks agreed to purchase cloud security startup RedLock for US$173 million to help security teams replacing manual investigations with automated, real-time remediation. The firm plans to create a single offering from the technologies of RedLock and Evident that delivers cloud security analytics, advanced threat detection, and continuous security and compliance monitoring.