skip to main content
Close Icon We use cookies to improve your website experience.  To learn about our use of cookies and how you can manage your cookie settings, please see our Cookie Policy.  By continuing to use the website, you consent to our use of cookies.


Palo Alto Networks has once again expanded its cloud security portfolio through acquisition, announcing the purchase of microsegmentation vendor Aporeto for $150m in cash. This is its eighth acquisition since the beginning of 2018, and further underlines its commitment to be a major player in security for the burgeoning infrastructure- and platform-as-a-service (IaaS and PaaS) markets.

Microsegmentation is a zero-trust approach to cloud security

Palo Alto Networks already has arguably the industry's broadest portfolio of security offerings for IaaS and PaaS, spanning virtual machines (VM), containers, and serverless workloads. It has been assembled almost entirely by acquisition, a practice that continues with the Aporeto buy, which is in line with CEO Nikesh Arora's accelerated growth strategy. By accumulating as many unique security products as possible, the company can increase its total addressable market while keeping operating costs manageable.

Microsegmentation is an established approach to securing cloud workloads by creating and enforcing stringent access rights to, from, and between them, based on their operational requirements and typical communication behavior. All other assets in the corporate infrastructure are effectively “grayed out”, a modus operandi that enables microsegmentation to be categorized among the increasingly large number of zero-trust techniques.

Aporeto is seeking to differentiate itself from other microsegmentation vendors by describing what it does as “machine identity-based." This means it draws on factors beyond the IP address to determine application access control policies, including attributes from the cloud service provider, application infrastructure (such as container image vulnerability scanners), and the compute host itself.

The Aporeto technology will now be rolled into Palo Alto Networks’ Prisma Cloud suite, joining those of, RedLock, Twistlock, and PureSec. This will inevitably raise the question of how well the vendor can integrate yet another technology into its arsenal, given the varied success, historically speaking, of highly acquisitive security companies, such as Cisco, Symantec, and McAfee.

The initial signs, however, are positive. Last month the vendor was already touting the ability for the TwistLock and PureSec technology to report up into and be managed from the console that came with RedLock, less than six months after the two companies were acquired. Ultimately, customers will decide whether Palo Alto Networks' acquisition-centric strategy is the right approach for addressing an increasingly cloud-centric security product landscape.


Further reading

Palo Alto Networks is redefining what it means to be a cybersecurity platform vendor, INT005-000018 (July 2019)

“Aqua expands into cloud posture management with CloudSploit acquisition”, INT005-000057 (November 2019)

“Trend Micro adds cloud security and compliance checking with Cloud Conformity buy”, INT005-000043 (October 2019)

“Zingbox IoT security acquisition adds to Palo Alto Networks' toolbox of solutions”, INT005-000035 (September 2019)


Rik Turner, Principal Analyst, Infrastructure Solutions

[email protected]