Governance & Risk Management , IT Risk Management , Security Operations

Palo Alto Networks Acquiring Expanse for $800 Million

Acquisition Is Palo Alto's Third So Far This Year
Palo Alto Networks Acquiring Expanse for $800 Million
Palo Alto Networks' headquarters in Santa Clara, California (Photo: Palo Alto)

Palo Alto Networks plans to acquire security startup Expanse in an $800 million deal. It will integrate Expanse’s attack surface monitoring capabilities into its Cortex product suite.

See Also: Risk Management Framework: Assessing and Monitoring NIST 800-53 Controls for DoD

The pending deal, announced Wednesday, includes Palo Alto Networks paying $670 million in cash and stock to acquire Expanse and an additional $130 million in equity awards to the startup's employees.

San Francisco-based Expanse, founded in 2012, says it’s been developing tools to help enterprises better understand and monitor their attack surface, especially those assets that could be exposed or not properly tracked within the network. The company says its technology also provides ways to prioritize risk and mitigate attacks that target vulnerable assets.

Integrating Capabilities

"By integrating Expanse's attack surface management capabilities into Cortex after closing, we will be able to offer the first solution that combines the outside view of an organization's attack surface with an inside view to proactively address all security threats," says Nikesh Arora, chairman and CEO of Palo Alto Networks.

Since its founding, Expanse has raised about $136 million in funding, including a $70 million Series C round in April 2019, according to Crunchbase. The company's co-founders, Tim Junio and Matt Kraning, will join Palo Alto Networks, according to the Wednesday announcement.

Expanse's customer base includes financial, healthcare, entertainment and technology firms as well as U.S. government entities, including the departments of Defense and Energy, according to a company blog post.

Acquisition Streak

Over the last two years, Palo Alto Networks, a publicly traded company, has been on an acquisitions streak, acquiring at least 10 firms as part of its push to deliver next-generation and cloud security product offerings.

The company acquired two other companies earlier this year: The Crypsis Group, a consulting firm that focuses on data breach response and risk management, and CloudGenix, which offers SD-WAN products that will be integrated into Palo Alto's secure access service edge, or SASE, platform.

In a client note published on Oct. 20, analysts at JPMorgan say that Palo Alto Networks' acquisitions, along with its networking, endpoint, cloud security and orchestration portfolios, are helping the company compete against other firms, including Cisco Systems and Check Point Software Technologies.

"Spending in cybersecurity has been a top priority for the past five years,” the JPMorgan analysis states. “If that spending focus by customers were to fade … then share performance could suffer."

Other Deals

In other merger and acquisition news this week, Barracuda announced Wednesday that it plans to acquire startup Fyde, which provides zero trust network access. Financial details were not disclosed.

Barracuda plans to integrate Fyde's technology into its CloudGen SASE platform.


About the Author

Scott Ferguson

Scott Ferguson

Former Managing Editor, GovInfoSecurity, ISMG

Ferguson was the managing editor for the GovInfoSecurity.com media website at Information Security Media Group. Before joining ISMG, he was editor-in-chief at eWEEK and director of audience development for InformationWeek. He's also written and edited for Light Reading, Security Now, Enterprise Cloud News, TU-Automotive, Dice Insights and DevOps.com.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.