Network security giant Palo Alto Networks (NYSE: PANW) said on Tuesday that it has agreed to acquire Demisto, a Security Orchestration, Automation and Response (SOAR) firm, in a deal valued at $560 million.
The final price is subject to adjustment, and will be paid through a combination of cash and PANW stock.
Cupertino, California-based Demisto was founded in 2015 by Dan Sarel, Guy Rinat, Rishi Bhargava, and Slavik Markovich, and has raised $69 million in funding to date, including $43 million in October 2018.
Demisto’s founders decided that the market needed, not so much a new security control product, but a new product able to maximize use of existing products. “We asked a bunch of security executives and analysts, ‘What is your biggest problem today?” Bhargava told SecurityWeek in October 2018. “All of them replied that the problem is operational — they simply do not have the staff to handle the volume of alerts generated by existing products. This is the problem we decided to solve through automation and orchestration.”
“The addition of Demisto’s orchestration and automation technologies will accelerate Palo Alto Networks Application Framework strategy and serve as a critical step forward in the company’s aim to deliver immediate threat prevention and response for security teams,” Palo Alto said.
Key to this is Demisto’s playbooks, which automate a consistent method, or progression of steps, needed to handle the different types of alert generated by the security control products. “The playbooks are not built around specific threats or exploits, but on the methods of exploitation,” explained Bhargava. “So, if you get a new type of threat — say ransomware — you need to check the malware playbook to see if it handles the new threat. If the answer is no, then you need to tweak the playbook.”
Demisto says it has more than 150 customers, a quarter of which are in the Fortune 500, and its products will continue to be available to customers and partners after the transaction closes.
“We believe this a strategic and complementary acquisition that positions PANW in the emerging orchestration market,” analysts from Jefferies Financial Group wrote in a research note to investors. “Nonetheless, there are questions around the required neutrality of Demisto relative to competitors now that it’s part of PANW.”
Related: Splunk to Acquire Security Orchestration Firm Phantom for $350 Million