Following announcements earlier this month that Palo Alto Networks was in talks to buy security automation company Demisto, it has confirmed its intention to acquire the company for a sum of $560 million, in a deal expected to close in Palo Alto Networks’ Q3 2019.
“We are delighted to welcome Demisto into the Palo Alto Networks family,” said Nikesh Arora, chairman and CEO of Palo Alto Networks. “Coupled with our Application Framework, Demisto will help us strengthen our commitment to security teams by delivering a platform that provides higher levels of integration, automation, and innovation to prevent successful cyberattacks.”
‘Integration’ has been part of Palo Alto Networks’ partner strategy for some time, but ‘automation’ seems to be the key word when it comes to this acquisition.
We have found a like-minded team that shares our conviction that the future of security is all about automation and AI. We’re thrilled to be joining them to help make it a reality.Slavik Markovich, CEO and co-founder, Demisto
Last year’s spike in AI hype among the general public didn’t last long. But the potential applications of AI for information security continue to appeal – unsurprising, given the oft-discussed impossibility of manually plugging every hole in an organisation’s defences, and the even ofter-discussed shortage of experienced information security professionals.
Demisto’s automated playbooks, which the company says “have helped reduce alerts that require human review by as much as 95 percent”, are one potential method to help security teams keep ahead of the hackers while staving off alert fatigue and burnout.
“This well-developed approach will bring Palo Alto Networks closer to using AI and machine learning to help further automate significant parts of the company’s customers’ security operations,” the company said in a press statement.
We are delighted to welcome Demisto into the Palo Alto Networks family. Coupled with our Application Framework, Demisto will help us strengthen our commitment to security teams by delivering a platform that provides higher levels of integration, automation, and innovation to prevent successful cyberattacks.Nikesh Arora, CEO, Palo Alto Networks
According to the company’s press release, Demisto’s products will continue to be available to customers and partners after the transaction closes, and the company will be working closely with the Palo Alto Networks team to strengthen its existing integration with Palo Alto Networks’ Application Framework.
“We have dedicated ourselves to the challenge of automation because we believe that relying on people alone to combat threats will fail against the scale of today’s attacks,” said Slavik Markovich, CEO and co-founder of Demisto, who (along with co-founders Rishi Bhargava, Dan Sarel and Guy Rinat) will be joining Palo Alto Networks when the transaction closes. “Palo Alto Networks strategy resonates with our own vision. And we have found a like-minded team that shares our conviction that the future of security is all about automation and AI. We’re thrilled to be joining them to help make it a reality.”
While not as acquisition-driven in its strategy as companies such as Symantec or Cisco – the latter having acquired over 30 companies since 2015 – Palo Alto Networks has been on a bit of a spending spree in the last 12 months. In addition to Demisto, since March 2018 it’s also acquired Evident.io ($300 million), SECDO (terms undisclosed) and RedLock ($173 million).
Those acquisitions haven’t been quite as sizeable as some predicted – back in 2017, Credit Suisse analyst Brad Zelnick suggested ForeScout, Gigamon and Tanium as potential targets. But they have been tactical, aimed at covering ‘niche’ areas to round out Palo Alto Networks’ offerings. The focus on Demisto’s automation capabilities as a major factor in its acquisition reflects that, and indeed reflects end-users’ growing demand for a level of AI expertise, as do other apparently AI-motivated acquisitions of late, such as Fortinet’s acquisition of ZoneFox, and BlackBerry’s acquisition of Cylance.
With more and more cybersecurity companies either developing their own AI and automation solutions, or bringing the expertise on board through acquisition, it’ll be interesting to see how this area of security develops.