Palo Alto Networks To Buy Cloud Security Startup RedLock For $173 Million

Palo Alto Networks has agreed to purchase cloud security startup RedLock for $173 million to help security teams replacing manual investigations with automated, real-time remediation.

The Santa Clara, Calif.-based platform security vendor said reports from Menlo Park, Calif.-based RedLock will help highlight an organization's cloud risks. The firm plans to create a single offering from the technologies of RedLock and Evident—which was acquired in March for $300 million—that delivers cloud security analytics, advanced threat detection, continuous security and compliance monitoring.

"The addition of their technologies allows us to offer the most comprehensive security for multi-cloud environments, including Amazon Web Services, Google Cloud Platform and Microsoft Azure, and significantly strengthens our cloud strategy going forward," said Nikesh Arora, Palo Alto Networks chairman and CEO, in a statement.

[Related: Palo Alto Networks To Buy Evident.io For $300M To Fortify Cloud Services Infrastructure Capabilities]

The deal is expected to close in the quarter ended Nov. 30, with RedLock co-founders Varun Badhwar and Guarav Kumar joining Palo Alto Networks. The company's stock is down $0.02 (0.009%) to $222.72 in pre-market trading Wednesday.

"We are excited to join Palo Alto Networks to bring together the strength of our cloud analytics and their industry-leading compliance technologies to help security teams protect their organizations," Badhwar said in a statement.

Palo Alto Networks said it already provides a broad security offering for multi-cloud environments with inline, host-based and API-based security. The company currently serves more than 6,000 cloud customers globally with a portfolio that includes VM-Series next-generation firewall, Aperture, Evident and GlobalProtect cloud service.

RedLock, meanwhile, specializes in: discovering and classifying cloud resources and applications; detecting threats and vulnerabilities in an organization's public cloud; and prioritizing risks, investigating and remediating threats. The company's security analytics capability utilizes an artificial intelligence-driven approach that correlates disparate security data sets, according to Palo Alto Networks.

The company specializes in correlating disparate data sets—including resource configurations, user activities, network traffic, host vulnerabilities/activities and threat intelligence—to provide organizations with the necessary context on risks. This contextual understanding of the public cloud can reduce incident response time from weeks to seconds, Palo Alto Networks said.

From a risk prioritization perspective, RedLock helps organizations prioritize remediation for the riskiest items first, with risk scores determined for every cloud resource based on the severity of business risks, violations and anomalies.

RedLock's threat investigation capabilities allow for quick probes of current or past issues and analysis of downstream impact. For example, a company can search for all databases that were receiving traffic from suspicious IP addresses last month and subsequently drill down on each resource to determine connections to other resources.

The company's rapid response functions ensure businesses can quickly respond to an issue based on contextual alerts. Organizations can perform auto-remediation, orchestrate policy or send alerts via email or to third-party tools such as Slack, Demisto and Splunk.

Finally, RedLock's audit trail provides businesses with a DVR-like capability to view time-serialized activity for any given resource. Organizations can review the history of changes for a resource and better understand the root cause of a past or present incident.

RedLock was founded in 2015 and has raised $12 million through two rounds of outside equity funding, according to CrunchBase. The company currently employs 86 people, according to LinkedIn.

In addition to the RedLock and Evident acquisitions, Palo Alto Networks bolstered its data collection and visualization capabilities on the endpoint through its April purchase of New York-based emerging vendor Secdo for a reported $100 million.