Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Palo Alto Networks Buys Bridgecrew in ‘Shift Left’ Cloud Security Push

Palo Alto Networks on Tuesday snapped up early-stage startup Bridgecrew, adding a cloud security platform for developers to its $3.4 billion-a-year enterprise product portfolio.

The two sides said the deal is valued at $156 million in cash and is expected to close in the third quarter this year.

Palo Alto Networks on Tuesday snapped up early-stage startup Bridgecrew, adding a cloud security platform for developers to its $3.4 billion-a-year enterprise product portfolio.

The two sides said the deal is valued at $156 million in cash and is expected to close in the third quarter this year.

For Palo Alto, the deal is part of a strategy to spend big to snap up early-stage companies in the cloud security and DevOps workflow space.  The Bridgecrew deal follows a $420 million purchase of CloudGenix last March and a separate $173 million deal to buy Redlock, both cloud security specialist plays.

For Bridgecrew, an Israel-based venture-backed startup that’s barely two years old, the exit is significant.  Bridgecrew raised a total of $18 million over two funding rounds with public reports pegging its valuation last year at around $40 million.

[ RELATED: Palo Alto Spends $420 Million to Buy CloudGenix ]

The company was founded by serial entrepreneur Idan Tendler with venture capital backing from Battery Ventures, NFX, Tectonic Ventures, DNX Ventures, Sorensen Ventures, and Homeward Ventures. 

Bridgecrew styles itself as a pioneer in Shift Left, the popular practice aimed at finding and preventing defects early in the software delivery process. The idea is to improve quality by moving tasks to the left as early in the software lifecycle as possible, meaning that important security testing is done earlier in the software development process.

Bridgecrew’s security platform, which includes the Checkov open-source scanner, offers developers and DevOps teams a systematic way to enforce infrastructure security standards throughout the development lifecycle. 


[ ALSO READ: Palo Alto Networks to Acquire

Cloud Security Firm RedLock for $173 Million ]

“Shift left security is a must-have in any cloud security platform. Developers don’t want to wait until runtime to find out their security is not working, and the CISO charged with protecting the entire organization certainly values higher security from fixing issues earlier in the development lifecycle,” said Palo Alto chief executive Nikesh Arora. 

Palo Also plans to fit Bridgecrew’s technology into its own Prisma Cloud to provide developers with security assessment and enforcement capabilities throughout the DevOps process.

Prisma Cloud is Palo Alto’s security platform that sells into the enterprise  cloud security posture management (CSPM) and cloud workload protection platform (CWPP) categories.  

Palo Alto said it would continue to invest in Bridgecrew’s open-source initiatives.  

RELATED: Palo Alto Networks Acquires Incident Response Firm Secdo

RELATED: Palo Alto Networks to Acquire CIA-Backed Cloud Security Firm Evident.io for $300 Million

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.