Palo Alto Networks has agreed to purchase early stage startup Bridgecrew to deliver cloud security across the full application life cycle by codifying infrastructure configuration during development.
The platform security vendor said San Francisco-based Bridgecrew’s platform offers developers and DevOps teams a systematic way to enforce infrastructure security standards throughout the development life cycle. The deal will allow Palo Alto Networks to give developers security assessment and enforcement capabilities throughout the DevOps process, according to the company.
Bridgecrew focuses on shift left, in which infrastructure configuration is codified during development, the company said.
“Shift left security is a must-have in any cloud security platform,” Palo Alto Networks CEO Nikesh Arora said in a statement. “Developers don’t want to wait until runtime to find out their security is not working, and the CISO charged with protecting the entire organizations certainly valued higher security from fixing issues earlier in the development life cycle.”
Palo Alto Networks’ US$156 million acquisition of Bridgecrew is expected to close by the end of April, and the deal isn’t expected to have a material impact on the company’s financials. The company’s stock remains unchanged at US$395.12 in pre-market trading Tuesday. Palo Alto Networks declined to make an executive available to CRN US for further comment, citing the company’s pre-earnings quiet period.
Bridgecrew was founded in 2019, employs 49 people and has raised US$18.1 million in two rounds of outside funding, according to LinkedIn and Crunchbase. All three of Bridgecrew’s co-founders—CEO Idan Tendler, Chief Technology Officer Barak Schoster, and Vice President of Product Guy Eisenkot— and their teams will join Palo Alto Networks, according to the company.
“We have dedicated ourselves to building developer-first tools that bridge the gap between developers and cloud security,” Tendler said in a statement. “By joining Palo Alto Networks, we will be able to bring codified cloud security to the developer community on a wider scale.”
Bridgecrew’s open-source scanner, Checkov, has gained significant early traction with developers, surpassing 1 million downloads in 2020—its first full year of availability, according to the company. In addition, Palo Alto Networks said Bridgecrew’s full security platform has seen good early traction across many cloud-first organizations, including Robinhood, Databricks and LendingHome.
Palo Alto Networks said it will continue to invest in Bridgecrew’s open-source initiatives as part of its ongoing commitment to DevOps security. Bridgecrew’s product makes it easy to identify and fix issues as early in the development process as possible, Lee Klarich, Palo Alto Networks’ chief product officer, wrote in a blog post Tuesday.
By fixing issues at their source, Klarich said templates are secured prior to being deployed to hundreds of workloads, resulting in a massive reduction in security alerts. Bridgecrew alerts developer teams to security issues in real time, which Klarich said maximizes developer productivity and makes it possible for security teams to focus on critical runtime security threats.
“[Historically], any security mistakes made in … one template will be replicated across every deployment, and then for every deployment, all of those errors will be flagged by cloud security products,” Klarich wrote in the blog post. “A single mistake can easily turn into thousands of alerts.”
Combining Palo Alto Networks and Bridgecrew will allow more security controls to be embedded earlier in the development life cycle, which Klarich said will lead to fewer compliance errors, a faster time to remediation, and reduced friction between security and development teams. The deal will also open up more opportunities for Palo Alto Networks to engage with the developer community, Klarich said.
Including the proposed Bridgecrew deal, Palo Alto Networks has spent US$3.46 billion on 12 acquisitions since the start of 2018. Some of the larger transactions include: the US$800 million buy of attack surface management vendor Expanse in October 2020; the US$560 million buy of analytics and automation vendor Demisto in February 2019; and the US$420 million purchase of SD-WAN player CloudGenix in March 2020.