cutimage - Fotolia

Palo Alto Networks buys Twistlock, PureSec for container security

Palo Alto Networks snaps up Twistlock and PureSec to broaden its cloud security portfolio and give enterprise IT shops more options for container and serverless security.

Palo Alto Networks has agreed to acquire startups Twistlock and PureSec to build out its ` capabilities and appeal to the increasing number of enterprises that must secure their workloads throughout the entire app lifecycle.

Twistlock's cloud-native container security and PureSec's serverless application security platform give Palo Alto Networks the flexibility enterprise customers need to deploy their apps, from experimentation right through production deployment. The Twistlock deal is an all-cash $410 million transaction, while terms were not disclosed for the PureSec purchase. The cybersecurity giant said it expects both deals to close in its fiscal fourth quarter, which ends in July.

The Twistlock and PureSec deals make sense for Palo Alto Networks to fill in a critical gap as it builds out its cloud infrastructure portfolio, said Fernando Montenegro, analyst with 451 Research. "It gives them a pretty interesting position against traditional competitors," such as Trend Micro, Cisco, Symantec and others, he said.

The deals also validate the market for all container security vendors, though serverless security is still rather nascent. "It's something top of mind with enterprises, that they are looking to buy these [container security products]," Montenegro said.

Niche tools crowd container security market

A crowded field of startups, including Twistlock, Aqua Security, StackRox, Sysdig, NeuVector, Tigera and others, has emerged to provide container security tools that give IT departments more granular functions, such as vulnerability management, secrets management and scanning of container registries, yet also stay ahead of open source alternatives.

These tools  differentiate in various areas of focus and specialty, such as compliance policies and forensics, or depth of integration, with container security and monitoring, or with Kubernetes, service mesh and PaaS platforms, or newer deployment models like AWS Fargate. Some offer a more complete view of the environment, better scalability, support for different parts -- or entirety -- of an application lifecycle, or emphasis on the networking or security side of things.

"Usually, container security vendors have had more time to work on these problems than traditional security vendors," Montenegro said.

Container security startups also must defend their nascent turf against encroachment from broader security and infrastructure vendors, such as Palo Alto, Trend Micro, Cisco, Symantec, McAfee and CloudPassage. Those startups recently upped the ante with support for legacy infrastructure through host support, for example, which puts them more squarely up against those incumbents to win enterprise business.

Palo Alto Networks' acquisitions this week should smooth inroads to enterprise IT shops for all container security vendors -- and may also help them sell themselves through acquisitions down the line, Montenegro said.

Vendors mull build vs. buy to plug container security holes

Fernando Montenegro, analyst, 451 ResearchFernando Montenegro

Traditional infrastructure and security vendors all have various levels of container support; it's not hard to add code support, or scan an image of a container, or even monitor them, Montenegro said. But as those vendors evaluate gaps in their tool sets, they've begun to ask how much their customers care about container security and what it will take in speed and cost to deliver those capabilities.

"There's going to be a lot of analysis going on in terms of what acquired portfolios may look like," he said.

So far, those incumbents have chosen mostly to build out their own container security features, rather than pluck a specialist startup. However, Palo Alto Networks clearly has shifted emphasis to buy vs. build to more quickly span the security spectrum. In 2018, it bought a pair of cloud security startups, RedLock and Evident.io. And Palo Alto's Prisma cloud security suite, rolled out this week, will incorporate features from RedLock, Twistlock and PureSec to provide secure cloud access and monitoring for private or public cloud environments.

There's going to be a lot of analysis going on in terms of what acquired [security] portfolios may look like.
Fernando MontenegroAnalyst, 451 Research

"We intend to[offer] a fully sort of integrated public cloud security suite where customers don't have to buy piece products on containers or private cloud, public cloud, on premises, SaaS or serverless," said Nikesh Arora, CEO of Palo Alto Networks, in the company's quarterly earnings call.

Whether IT shops want a one-stop shop for overall security capabilities that span containers and eventually serverless, or choose to select and build out their own preferred tool sets, depends on those organizations' structure and maturity.

"Decision-makers on containers are not necessarily the same decision-makers that buy typical security tools," Montenegro said. "It makes sense for a large enterprise to simplify procurement with a strategic partner to cover a lot of things. But the DevOps side of the house doesn't necessarily care much about that; they just want stuff to work," Montenegro said.

Security teams and DevOps teams also may evaluate and choose tools differently, and with very strong and different priorities.

"I've seen people be very happy that their traditional security vendors can help them through that journey ... it's nice that they can integrate policy," Montenegro said. "Others are very much, 'You know what? Just give me what I need and get out of my way.'" Moreover, it's potentially easier, in terms of cost and time, to integrate third-party container security tools into automated pipelines, he added.

Dig Deeper on Containers and virtualization