Why Palo Alto Networks paid $560 million for Demisto: Security operations need to be automated
Demisto orchestrates and automates security response and Palo Alto Networks has an application platform strategy. Combine the two companies and you get more tools to automate security incident responses.
Palo Alto Network is spending $560 million for privately held Demisto in a deal designed to build out the company's application framework strategy and consolidate the security tools within an enterprise.
Demisto focuses on security orchestration, automation and response (SOAR) tools. SOAR is a hot market in security.
The plan for Palo Alto is to take Demisto's technology and combine it with its application framework. Palo Alto Networks application framework is an ecosystem that allows third parties to build security apps on its data and security tools. Here's the applications framework stack in a chart:
Demisto has automated playbooks designed to reduce human review on alerts. That automation leaves the more complex threats to the humans. Palo Alto is looking to use artificial intelligence and machine learning to automate many aspects of security operations.
Here's a look at the Demisto approach to unifying security tasks such as orchestration, incident management and investigation in real time.
Demisto has more than 150 customers in multiple verticals via a strong channel partner strategy. Demisto founders, Slavik Markovich, Rishi Bhargava, Dan Sarel and Guy Rinat, will join Palo Alto Networks.
Palo Alto Networks CEO Nikesh Arora explained the rationale behind the Demisto deal on a conference call:
A few weeks ago, I was talking to a customer, debating how many security vendors they have deployed. We agreed that it was likely a large and undesirable number. She was kind enough to e-mail me later and share that the actual number was 35. We cannot solve security by deploying more and more solutions that alert us to potential issues, we need solutions. Demisto is a leader in the evolving space called SOAR. In Demisto, we add more security and analytics and automation technologies to our platform and can strengthen the security items that we deliver to our 60,000 customers and more. We believe that Demisto multi-vendor orchestration capabilities and unique analytics and playbooks will help our customers further automate a significant part of their security operations and allow them to turn their attention to solving unique and complex threats.
Wedbush analyst Daniel Ives said the acquisition of Demisto fits well with Palo Alto Networks effort to be a platform and automate security.
Demisto's ability to integrate with hundreds of security products and to enable customers to build playbooks for different security processes has allowed them to land significant Fortune 500 customers (25% of their total customer base) across the Healthcare, Technology, and Financial Services industries, among others. These playbooks incorporate a combination of automated tasks and manual best practices to standardize and scale incident response which in our opinion will fit well into Palo Alto's Application Framework. In addition, the case management and machine learning capabilities help security teams maintain incident oversight and improve their security posture. In a nutshell, the price tag for this high quality asset is on the higher end of the valuation spectrum relative to a small revenue base, although we believe from a product portfolio this was a smart deal as the solution set should "fit like a glove" into the Palo Alto Network's Application Framework strategy over the coming years.
Analysts also said Arora is likely to keep acquiring companies as he scales the company. BTIG analysts Joel Fishbein said:
Assuming this acquisition closes at the $560M price, Palo Alto Networks is still sitting on about $3 billion in cash and short-term investments. We expect more M&A from CEO Arora and his team as a means of accelerating the proliferation of its Application Framework.