Palo Alto Adds Endpoint Security Via $200M Cyvera Acquisition


Palo Alto Networks has agreed to acquire Cyvera, an Israeli-based security vendor, in a $200 million deal that adds endpoint protection against targeted attacks and other threats.

The acquisition is expected to close during the second half of 2014.

Tel-Aviv-based Cyvera has 55 employees. Its platform is designed to prevent targeted attacks from executing on endpoint systems. Agents deployed on endpoint systems monitor application packages and compare their makeup against a variety of known exploit techniques. The company said its technology is designed to block zero-day attacks by focusing on blocking known exploit techniques rather than the vulnerability being exploited.

[Related: Palo Alto Update Extends File Visibility, Wildfire Detection]

"It extends our next-generation security platform with a very innovative approach to preventing attacks on the endpoint," said Mark McLaughlin, president and CEO of Palo Alto Networks in a statement. "It enables us to accelerate the delivery of the market’s only highly integrated and automated enterprise security platform spanning network, endpoints, and the cloud."

It’s Palo Alto Networks' second acquisition of 2014. In January Palo Alto acquired Morta Security a Silicon Valley-based security startup, that focuses on developing technology for advanced threat detection.

Solution providers tell CRN they have been slowly watching the bridging of endpoint and network security technologies. Palo Alto Networks competitor FireEye acquired an endpoint security platform through its $1 billion acquisition of Mandiant. Cisco Systems' Sourcefire appliances uses agent-based technology to extend its network appliance's threat detection capabilities to the endpoint.  Intel Security (formerly McAfee) is making a similar move through the integration of its Stonesoft acquisition.

While the focus has been on network security vendors, some vendors are being innovative at the endpoint, said Rick Doten, chief information security officer at Digital Management Inc., a Bethesda, Md.-based mobility solutions provider. Doten said he has used incident response tools to gain visibility at the endpoint.  Carbon Black (acquired by Bit9 in February), monitors endpoint devices for code execution and extends Bit9 beyond white-listing, Doten said.

"The best spot is on the very edge because that's where the attackers are getting in," Doten said.

It's a good short-term strategy for networks security vendors to add endpoint security products to their portfolio for an additional layer, but it is unclear if fully integrated network and endpoint components will be a long term trend, said Peter Firstbrook, a research vice president at Gartner Inc. The dissolving perimeter could prove to be a future disruption, Firstbrook said.

"Up until now people have been talking about it but there's been no real practical implementation or reason to put them together," Firstbrook said in a recent interview with CRN.

Palo Alto said Cyvera will bolster the threat detection capabilities in its cloud-based WildFire file behavior analysis engine. Cyvera competes with other firms that provide endpoint behavior analysis and memory monitoring, according to Gartner, such as HBGary a subsidiary of ManTech International, and RSA's Ecat compromise-assessment and monitoring tool. Cyvera supports Windows XP, Vista, 7, and 8, and Windows Server 2003 and 2008.

Deploying and managing endpoint agents can degrade performance on endpoint devices, because most solutions use additional CPU and memory resources, according to Gartner. The endpoint approach provides the most visibility, but managing agent software comes with an operational cost, the research firm said. Cyvera claims its method is not memory intensive and requires no signature downloads. Rather than signatures, the firm develops exploit mitigation modules to address known exploitation techniques.