Palo Alto Networks has agreed to acquire Expanse, an attack surface management vendor, for approximately $800 million.
Under the terms of the agreement, which was announced Wednesday, Palo Alto Networks will pay $670 million in cash and stock and $130 million in replacement equity awards. Expanse, which was founded in 2012, discovers, tracks and monitors internet-connected assets to identify exposed or misconfigured systems.
Expanse’s products will be integrated into Palo Alto Networks’ Cortex suite, which uses machine learning for automated threat detection and response. “By integrating Expanse’s attack surface management capabilities into Cortex after closing, we will be able to offer the first solution that combines the outside view of an organization’s attack surface with an inside view to proactively address all security threats,” Nikesh Arora, chairman and CEO of Palo Alto Networks, said in the announcement. “We believe this will be a game-changer in security operations.”
The proposed acquisition is the latest in a string of recent purchases by Palo Alto Networks. The enterprise security vendor has acquired of a variety of companies in recent years, including SD-WAN startup CloudGenix for $420 million in March, container security startup TwistLock for $410 million in May 2019 and SOAR vendor Demisto for $560 million in February 2019.
Expanse, which is headquartered in San Francisco, announced last month that it had doubled revenue year-over-year during September 2019 to September 2020, earning more than $100 million, though it did not report full financial results because it is a private company.
Chris Steffen, research director at Enterprise Management Associates in Boulder, Colo., called the acquisition “a positive strategic move” for Palo Alto Networks. “It adds additional security visibility to the Palo Alto portfolio, and provides an external views of a customer’s attack surface, something that many other security tools lack,” he said in an email to SearchSecurity. “Palo Alto can leverage the Expanse solution with their security suite to improve and differentiate their offerings.”
Eric Parizo, senior analyst at Omdia (formerly Ovum), also applauded the move. “While the purchase price seems somewhat high, it’s a good strategic move for Palo Alto Networks as it is complimentary to the vendor’s Cortex threat detection and response portfolio,” Parizo said. “It also differentiates versus key competitors, as attack surface management is still an emerging segment where few major vendors have invested.”
Jon Oltsik, senior principal analyst at Enterprise Strategy Group, said attack surface management is a relatively new market that combines elements of asset management and vulnerability management. “Once you know about these assets, you can assess any risks they pose and then implement the right controls for risk mitigation,” he said in an email. “It can go beyond known assets to find unknown assets which could include data sets, user credentials, artifacts, etc.”
Oltsik added that Palo Alto Networks ”has become very good at identifying hot areas and purchasing early,” with the Expanse acquisition being the latest example.
The acquisition is expected to close during Palo Alto Networks’ fiscal second quarter.
Security news writers Arielle Waldman and Alex Culafi contributed to this report.