Why Palo Alto Networks Canceled a Cider Security M&A Deal – BankInfoSecurity.com | Mobiz World

Application security, next-generation technologies and secure development

Palo Alto in talks to buy $200m cider, deviates from $600m Apiiro deal

Michael Novinson (Michael Novinson) •
October 21, 2022

Why Palo Alto Networks Now Wants Cider Security, Not Apiiro

Palo Alto Networks has scaled back its M&A ambitions, walking away from a $600 million deal for Apiiro in favor of a $200 million purchase of Cider Security, Calcalist reported.

See also: New OnDemand | A better approach to data backup and recovery

The Silicon Valley-based platform security giant broke negotiations with Apiiro in recent days after the two sides fell far apart on a reasonable valuation for the New York-based code risk platform provider, according to Calcalist. Apiiro has instead opted to raise a sizeable sum from a venture capital fund, said Calcalist, which first reported on the Palo Alto-Apiiro acquisition talks last month (see: Why Would Palo Alto Networks Want $600M Startup Apiiro?).

Palo Alto Networks has instead targeted Tel Aviv-based Cider Security, which focuses on securing technical processes and systems from code through deployment, Calcalist reported Thursday. The two sides are in active negotiations, Calcalist reported, and the cost of the purchase is expected to be around $200 million. Palo Alto Networks and Apiiro declined to comment, while Cider Security did not respond to inquiries.

How Cider built a growing business

Cider Security was founded in December 2020 and emerged from cover in March 2022 with a $38 million Series A funding round led by Tiger Global Management. Today, Cider Security employs 107 people and helps optimize an organization’s CI/CD security based on a set of prioritized risks and recommendations tailored to its environment. Cider customers include Perception Point and insurance provider Lemonade.

The company is led by its co-founder Guy Fletcher, who previously led mobile attribution and analytics provider AppsFlyer’s security and privacy program for three years. Co-founder and CTO Daniel Krivelevich previously spent four years at cyber consulting and IR provider Sygnia, where he led the application and cloud security teams. The two met in late 2014 at conversational AI provider LivePerson.

Since Cider Security came out of the camouflage, he has hired Snir Ben Shimol – who built Varonis’ security practice from the ground up – as Chief Strategy Officer and ShiftLeft Sales Director Carl Elsinger to fill a similar role at Cider, to which he… will focus on expanding the company’s global sales activities and serving new corporate customers. Cider’s platform was unveiled on AWS Marketplace earlier this month.

Why cider is cheaper than apiiro

Cider Security’s more modest price is likely due to it bringing less maturity and breadth to the table than Apiiro. Apiiro emerged from cover 17 months earlier than Cider Security and won the RSA Conference’s prestigious Innovation Sandbox contest four months before Cider even had its first paying customer.

And while Cider has focused on developing a single, unified platform for end-to-end CI/CD security, Apiiro already has eight products covering everything from application and cloud security to software supply chain security . Investors like to see startups continually launching new products as it allows the company to expand its total addressable market and increase its share of the wallet with existing customers.

Apiiro executives also have a track record of developing a profitable exit for investors. Co-founder and CEO Idan Plotnik previously founded and sold user and entity behavior analytics pioneer Aorato to Microsoft in November 2014, where he led the software giant’s Advanced Threat Analytics practice for a further 2.5 years.

Where cider fits in Palo Alto

Cider Security plays in a similar space to Bridgecrew, which Palo Alto Networks bought in February 2021 for $156 million in the company’s latest significant acquisition. Bridgecrew is focused on providing developers and DevOps teams with a systematic way to enforce infrastructure security standards throughout the development lifecycle.

The company’s technology now operates within Palo Alto Networks’ Prisma Cloud portfolio, and the company’s open-source tool Checkov powers Prisma Cloud’s infrastructure-as-a-code security product. Similarly, Cider Security assesses the health of an organization’s technical systems and processes to see how it would perform in realistic attack scenarios and identifies controls needed to reduce its CI/CD attack surface.

Cider would likely follow in Bridgecrew’s footsteps and become part of Palo Alto’s fast-growing Prisma Cloud practice, which secures hybrid and multi-cloud environments across the entire development lifecycle from code to runtime. Palo Alto Networks is the fourth-largest player in the fragmented cloud workload security market, capturing a 5.8% market share in 2021, up slightly from 5.6% last year. IDC found.

How Palo Alto’s M&A approach has changed

Palo Alto Networks is on a 20-month dry spell when it comes to major acquisitions stemming from the company’s purchase of Bridgecrew. That’s a far cry from early 2018 to early 2021, when Palo Alto spent $3.46 billion on 12 deals during Nikesh Arora’s first few years as CEO. Palo Alto bought everything from attack surface management provider Expanse to SOAR firm Demisto and SD-WAN player CloudGenix.

Arora announced to investors in August 2021 and reiterated this August that Palo Alto Networks has no plans for any major acquisitions as the company already has a product in virtually every category it wants to play in.

“The public market has rationalized, the private markets probably haven’t,” Arora told investors Aug. 22. “It’s a bit like real estate, and people remember what the neighbor’s house was sold for and kind of forget what their house is worth. So, until people see the true value of their home, it will be a while before the security market sees acquisitions again.”

Leave a Comment