The Expert's View with Michael Novinson

Big Data Security Analytics , Data Loss Prevention (DLP) , Endpoint Security

Why Palo Alto Is Eyeing Data Defense Firm Dig at $300M-$400M

Dig Security Is Set for a 9-Figure Deal Just 16 Months After Emerging From Stealth
Why Palo Alto Is Eyeing Data Defense Firm Dig at $300M-$400M

A data security startup led by a Microsoft and Google veteran and backed by Samsung and CrowdStrike could soon be acquired by Palo Alto Networks.

See Also: 5 Requirements for Modern DLP

The Silicon Valley-based platform security behemoth is in advanced negotiations to buy data security posture management startup Dig Security for between $300 million and $400 million, TechCrunch and Calcalist reported Tuesday. The report comes just six days after Calcalist said Palo Alto Networks is in advanced talks to buy red-hot enterprise browser startup Talon Cyber Security for $600 million (see: Why Palo Alto Is Eyeing Secure Browser Firm Talon for $600M).

Palo Alto Networks and Dig Security declined Information Security Media Group's requests for comment. TechCrunch and Calcalist said Palo Alto is prepared to spend upward of $1 billion to consummate the two transactions. Palo Alto Networks' stock is up $5.71 - or 2.53% - to $230.96 per share in trading since Calcalist reported on the Dig deal talks Tuesday afternoon.

Reports of the Dig deal emerged nine months after Palo Alto Networks had purchased application security startup Cider Security for $198.3 million, which at the time was the company's first major acquisition in nearly two years. Like Cider and Talon, Dig is based in Israel. Its co-founders Dan Benjamin, Ido Azran and Gad Akuka all live there - along with nearly 90% of the company's 82 employees (see: Palo Alto Networks to Buy Startup Cider Security for $250M).

CEO Benjamin previously led strategy, innovation and M&A for Microsoft Azure Cloud Security and served as a CTO in residence at Google Cloud for Startups, Vice President of R&D Azran previously led engineering at consumer intelligence vendor Toluna for nearly three years, and CTO Akuka was co-founder and CTO of Segasec, which was acquired in January 2020 by Mimecast for $24.2 million.

What Makes Dig Special?

The company, established in September 2021, raised $45 million in three rounds of outside funding and grew its headcount by nearly 130% over the past year, according to IT-Harvest. Notable Dig backers include Samsung Venture Investment, CrowdStrike, Okta Ventures, CyberArk Ventures, SignalFire, Team8, Merlin Ventures, Exabeam co-founder Nir Polak, and Tenable co-founder Jack Huffard (see: CyberArk Debuts $30M Venture Fund to Back Talented Startups).

"Dig's innovative and comprehensive approach to cloud data security and stellar leadership are the underpinnings of its market leadership," said the investment director of Samsung Ventures in June 2023 after leading a strategic investment of undisclosed size.

Nearly half of Dig's employees are in engineering, approximately one-quarter are in sales, one-fifth are in operations and the remainder are in human resources, according to IT-Harvest. IT-Harvest estimates a valuation of between $49 million and $67 million for Dig and annual recurring revenue of $24 million - or roughly $300,000 per employee - just 16 months after the company emerged from stealth.

Dig plans to use the Samsung Ventures investment to accelerate its product development and go-to-market efforts around data security posture management and data detection and response. Dig said its technology allows organizations to classify, monitor, protect and govern cloud data in real time across any cloud and any data store by bringing DSPM, DDR and data loss prevention together.

Recently, Dig expanded its data security platform to protect data anywhere enterprises store sensitive information such as public cloud, software as a service, database as a service, and on-premises environments. The company also can secure large language models by maintaining visibility and control over the data being passed to AI models and preventing inadvertent data exposure during training or deployment.

"Training and deploying LLMs and generative AI also introduces new security hazards, especially when these tools are given access to enterprise data," Benjamin said in a July 2023 statement. "We are proud to provide capabilities that allow enterprises to innovate securely - to train and deploy LLMs while maintaining data security, privacy and compliance."

Would Palo Alto Make a Good Home for Dig?

Dig would build on Palo Alto Networks' existing data loss prevention tool, which protects personal identifiable information and intellectual property across all applications and users. Palo Alto Networks said in a regulatory filing that its cloud-delivered enterprise DLP service minimizes the risk of a data breach both on-premises and in the cloud and helps in meeting stringent data privacy and compliance regulations.

Palo Alto Networks had a 22-month dry spell in terms of major acquisitions, lasting from the company's $156 million acquisition of cloud security startup Bridgecrew in February 2021 until the December 2022 purchase of Cider. That's a far cry from early 2018 to early 2021, when Palo Alto spent $3.46 billion on 12 deals during Nikesh Arora's first few years as CEO (see: Why Palo Alto Networks Now Wants Cider Security, Not Apiiro).

During that period, Palo Alto bought everything from attack surface management vendor Expanse to SOAR firm Demisto and SD-WAN player CloudGenix. Arora told investors in August 2021 and reiterated in August 2022 that Palo Alto Networks doesn't plan to pursue any major acquisitions since the company already has a product in virtually every category where it wishes to play.

"The public market has rationalized; the private markets probably haven't yet," Arora told investors in August 2022. "It's a bit like real estate, and people remember what the neighbor's house sold and kind of forget what their house is worth. So, until people realize the true value of their house, it's going to be a while longer before acquisitions come into the security market again."

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.