Network security giant Palo Alto Networks (NYSE: PANW) said on Tuesday that it has agreed to acquire Demisto, a Security Orchestration, Automation and Response (SOAR) firm, in a deal valued at $560 million.
The final price is subject to adjustment, and will be paid through a combination of cash and PANW stock.
Cupertino, California-based Demisto was founded in 2015 by Dan Sarel, Guy Rinat, Rishi Bhargava, and Slavik Markovich, and has raised $69 million in funding to date, including $43 million in October 2018.
Demisto’s founders decided that the market needed, not so much a new security control product, but a new product able to maximize use of existing products. “We asked a bunch of security executives and analysts, ‘What is your biggest problem today?” Bhargava told SecurityWeek in October 2018. “All of them replied that the problem is operational — they simply do not have the staff to handle the volume of alerts generated by existing products. This is the problem we decided to solve through automation and orchestration.”
“The addition of Demisto’s orchestration and automation technologies will accelerate Palo Alto Networks Application Framework strategy and serve as a critical step forward in the company’s aim to deliver immediate threat prevention and response for security teams,” Palo Alto said.
Key to this is Demisto’s playbooks, which automate a consistent method, or progression of steps, needed to handle the different types of alert generated by the security control products. “The playbooks are not built around specific threats or exploits, but on the methods of exploitation,” explained Bhargava. “So, if you get a new type of threat — say ransomware — you need to check the malware playbook to see if it handles the new threat. If the answer is no, then you need to tweak the playbook.”
Demisto says it has more than 150 customers, a quarter of which are in the Fortune 500, and its products will continue to be available to customers and partners after the transaction closes.
“We believe this a strategic and complementary acquisition that positions PANW in the emerging orchestration market,” analysts from Jefferies Financial Group wrote in a research note to investors. “Nonetheless, there are questions around the required neutrality of Demisto relative to competitors now that it’s part of PANW.”
Related: Splunk to Acquire Security Orchestration Firm Phantom for $350 Million

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.
More from Mike Lennon
- Watch Now: Threat Detection and Incident Response Virtual Summit
- Registration Now Open: 2023 ICS Cybersecurity Conference | Atlanta
- NetRise Adds $8 Million in Funding to Grow XIoT Security Platform
- Virtual Event Today: Zero Trust Strategies Summit
- Virtual Event Tomorrow: Zero Trust Strategies Summit
- Watch: How to Build Resilience Against Emerging Cyber Threats
- Video: How to Build Resilience Against Emerging Cyber Threats
- Webinar Today: Understanding Hidden Third-Party Identity Access Risks
Latest News
- In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- Google Introduces SAIF, a Framework for Secure AI Development and Use
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Finds
