Palo Alto Networks to acquire container security startup Twistlock for $410M

At KubeCon last week in Barcelona, container security was a hot topic, so it shouldn’t come as a surprise that Palo Alto Networks announced today that it was buying container security startup, Twistlock for $410 million.

The company also announced it was buying serverless security startup, PureSec. It did not reveal the purchase price for this deal, but Israeli business publication Globes is reporting it was in the $60-70 million range. The pair of companies gives Palo Alto a set of tools for modern development approaches, as the meaning of securing applications and infrastructure changes.

Twistlock has raised a little over $63 million, according to Crunchbase data, so that price tag presumably gives its investors quite a nice rate of return, but Palo Alto probably sees what everyone else is seeing, and having a container security piece in its toolkit is going to be a highly valuable asset.

With a company like Twistlock in the fold, it not only gives them a container security platform, it’s also giving them the 120 employees with a lot of container security knowledge and 400 customers using that toolset, and that in itself may in some ways be even more valuable.

Developers have been moving to containers quickly over the last several years, and as with so many rapidly growing technologies, the security hasn’t necessarily kept up with the development of containerization in general. Companies like Twistlock and Aqua Security have been trying to build tools to change that. Both companies had a big presence at KubeCon last week.

Company CTO John Morello says his company works with the cloud native community to help define security standards, then builds that into the application. “Within Twistlock, we have literally 500 plus checks that cover the Center for Internet Security (CIS) benchmarks for Linux, for Docker, for Kubernetes and gives you that visibility. So you can see what the configuration state of your environment is, but we also give you a preventative capability. So if the environment is configured insecurely, then we won’t allow the application to be deployed,” Morello told TechCrunch in an interview at KubeCon last week.

Twistlock, which was founded 2015, got into the container security quite early, but the founders saw that this new way of developing software would require a new way of securing it. That’s partly because of the ephemeral nature of containers, but more because containerization brings with it a high level of automation, and when no humans are touching the process, it’s easier for hackers to insert themselves without anyone knowing it.

The company’s most recent funding round was a $33 million Series C investment last summer. As for PureSec, it had raised $10 million, according to Crunchbase.

Per usual, the acquisitions are subject to standard regulatory approvals and are expected to close in Palo Alto’s fiscal Q4