Zscaler Buys Workflow Automation Firm ShiftRight for $25.6M

ShiftRight Acquisition to Simplify Management, Operations Across DLP, CASB & CNAPP
Zscaler Buys Workflow Automation Firm ShiftRight for $25.6M

Zscaler has purchased a startup in stealth mode established by the founders of Lacework to automate security management and dramatically reduce incident resolution time.

See Also: OnDemand | Panel Discussion Featuring Forrester Analyst | A CISO Guide to Calculating the ROI of Prisma Cloud Based on the Commissioned TEI Study

The San Jose, California-based company says ShiftRight is being integrated into Zscaler's cloud security platform to provide customers with real-time visibility into their security posture and help them manage a growing influx of risks and incidents. The $25.6 million acquisition closed June 17 and was announced Thursday, according to filings with the U.S. Securities and Exchange Commission.

"This is all about solving real customer problems so that people feel very comfortable about deploying security technology," Vice President of Data Protection Moinul Khan tells Information Security Media Group. "The ShiftRight technology should be plugged into every feature and capability that we have today."

Streamlining Security for All Stakeholders

Zscaler has partnered with ShiftRight for the past six months to bring its workflow automation muscle to the company's data loss prevention and cloud access security broker products, he says. Going forward, Khan expects to bring ShiftRight's technology to Zscaler's cloud-native application protection platform along with the rest of the company's products and services (see: Zscaler Posture Control Correlates, Prioritizes Cloud Risks).

ShiftRight's technology can help with everything from delegating alerts to the people in the organization responsible for managing them to ensuring security is built in when applications are lifted and shifted from on-premises data centers to the public cloud. Zscaler has provided workflow automation around CASB and DLP through a partnership with Marketo, which Khan says will be phased out over time.

Zscaler anticipates embedding ShiftRight's capabilities in all its technology will drive more purchases of existing products and services, particularly around the company's data protection portfolio, Khan says. ShiftRight's functionality will be included in enterprise license agreements for large Zscaler customers rather than sold on a stand-alone basis, according to Khan.

"The DevSecOps team will be fully empowered to look at every single violation, make a decision and then be able to close the ticket and move on," Khan says. "All of that will be natively provided from Zscaler itself."

Emerging From Lacework's Shadow

San Jose-based ShiftRight was established in August 2019 by Lacework co-founder and Chief Product Officer Sanjay Kalra and Murat Bog, a Lacework founding engineer. Kalra is now ShiftRight's CEO and Bog is its CTO. The company didn't raise any outside funding and employed 20 engineers at the time of its acquisition by Zscaler, according to Khan and Crunchbase.

ShiftRight was still in stealth mode at the time of its acquisition and doesn't have any information about the company on its website. The company had just come off of exhibiting at the Early Stage Expo during RSA Conference 2022 when the deal with Zscaler took place. Zscaler's stock is down $1.66, or 2.7%, to $166.14 per share in trading midday Thursday (see: How to Distinguish True Zero Trust From Imposters).

"ShiftRight is a natural fit for the Zscaler Zero Trust Exchange by automating accountability and responsibility management for security teams," Kalra says in a statement. "ShiftRight's technology will strengthen Zscaler's offerings and transform security into a collaborative solution for internal teams to tackle numerous security challenges such as remediation, deployment, compliance and upgrades."

Security teams are often held accountable for security-related actions they're not directly responsible for, which Zscaler says has become a source of contention for organizations. The responsibility for cybersecurity is in actuality distributed throughout multiple teams in an organization, forcing security teams to work with multiple departments to keep users and data properly secured, according to Zscaler.

Organizations today typically rely on an ineffective patchwork of error-prone spreadsheets interlaced with disparate systems to oversee security across the IT ecosystem, according to Zscaler. This results in critical security issues falling through the cracks, the company says.

Tuck-In Transactions Continue for Zscaler

ShiftRight is Zscaler's seventh acquisition over the past five years, according to Crunchbase, and is consistent with the company's pursuit of tuck-in deals.

"Our highly targeted, early-stage acquisition strategy shortens our time to market for new innovations and expands our market opportunity," Zscaler founder, chairman and CEO Jay Chaudhry told investors earlier this month.

The ShiftRight acquisition came a year after Zscaler bought deception technology startup Smokescreen Technologies for $11.7 million to proactively hunt for emerging adversary tactics and techniques. A month earlier, Zscaler purchased cloud infrastructure entitlement management startup Trustdome for $31.1 million to control who and what has access to data, applications and services in public cloud.

Zscaler in May 2020 acquired early-stage vendor Edgewise Networks for $30.7 million to protect application-to-application communications in public cloud and data center settings. A month before that, Zscaler bought cloud security posture management startup Cloudneeti for $8.9 million to prevent and remediate app misconfigurations in the cloud.

In May 2019, Zscaler got into the browser isolation space with its $13 million buy of Appsulate to provide users with secure access to web-based applications and content. The company's first-ever deal came in August 2018, when it purchased the development team and artificial intelligence and machine-learning technology of TrustPath to enhance security efficacy and accelerate incident response.


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.