Palo Alto Networks plans to bolster its data collection and visualization capabilities on the endpoint through its agreement to purchase emerging vendor Secdo.
The Santa Clara, Calif.-based network security titan said its plan to acquire New York-based endpoint detection and response (EDR) vendor Secdo will enhance Palo Alto Networks' ability to rapidly detect and stop stealthy attacks.
"With Secdo's EDR capabilities as part of our platform, we will accelerate our ability to detect and prevent successful cyberattacks across the cloud, endpoint and network," Mark McLaughlin, Palo Alto Networks chairman and CEO, said in a statement.
Palo Alto Networks stock is up $3.52 (1.87%) to $191.44 in pre-market trading Tuesday. Terms of the deal were not disclosed, and Palo Alto Networks didn't immediately respond to a request for comment. The deal is expected to close by the end of this month.
Secdo's thread-level approach to data collection and visualization goes far beyond traditional EDR methods, which Palo Alto Networks said only collect general event data. As a result, security operations teams are hamstrung as they try to reconstruct each step of an attack and distinguish between malicious and normal activity, according to Palo Alto Networks.
Once integrated with Palo Alto Networks' Traps advanced endpoint protection offering, the data from Secdo will feed into the logging service and give applications running in the framework greater precision to visualize, detect and stop cyberattacks. Secdo's engineers will also complement the deep security expertise inside the Palo Alto Networks research and development organization, the company said.
"We founded Secdo to dramatically increase visibility for security operations teams to reduce the time it takes to detect and respond to an alert," Shai Morag, co-founder and CEO of Secdo, said in a statement. "The combined capabilities of Secdo and Palo Alto Networks will provide customers the capabilities they need to swiftly and accurately detect and respond to cyberattacks."
Secdo was founded in 2015 and currently employs 68 people, according to LinkedIn. The company has raised $10 million in two rounds of outside funding, according to CrunchBase, with the most recent investment coming in May 2017 from O.G. Tech Ventures, a venture capital practice investing in early growth tech startups.
The company has expanded very rapidly around the globe, setting up shop in the United Kingdom, Germany and Japan, Gil Barak, Secdo's CTO and co-founder, told CRN in November. Secdo initially started by going direct, but has expanded the share of its business going through channel partners to 80 percent, Barak said.
Secdo's technology can be used from a defensive and offensive standpoint, Barak said in November, and is focused on helping security operations centers (SOCs) and MSSPs automate. Barak described the company's offering as "BDR on steroids."
This is the second announced acquisition in two months for Palo Alto Networks, and comes less than a month after the company's proposed $300 million purchase of cloud security vendor Evident.io. Evident.io's technology will make it easier for enterprise cloud users to ensure their deployments are compliant and secure, Palo Alto Networks said at the time.
Secdo's unique data collection capabilities will be very helpful since one of the primary ways organizations figure out they've been breached is by looking at the logs and seeing what transpired, according to Tom Turkot, vice president of client solutions for Buffalo Grove, Ill.-based Arlington Computer Products.
The Traps offering is a perfect, hand-in-glove fit with Palo Alto Networks' next-generation firewall, leveraging zero-day threats identified by the WildFire malware analysis service to cover the endpoint better than most, Turkot said. And acquisitions like Secdo will only provide further long-term enhancement to the company's platform, according to Turkot.
"People aren't looking for a point solution these days," Turkot told CRN. "Anything they do to enhance the overall package is great."