Blog Icon

Blog Post

The Twistlock Acquisition: An Analysis of Palo Alto Network’s strategy

twistlock palo alto

Congratulations Twistlock!

One of the best signs of an emerging market is when existing, massive players are willing to put hundreds of millions of dollars on the line to get into that market right now. Given today’s Twistlock acquisition by Palo Alto Networks, and other recent acquisitions like Heptio/VMware, we believe this is happening in the cloud-native market. Congratulations to Twistlock on their success.

This is a great chance to provide an analysis of the cloud-native market and what this acquisition means for the market. Let’s take it from two viewpoints: Palo Alto, and the Enterprise Buyer.

How the Palo Alto Networks Twistlock combination validates cloud-native visibility

The single, most important observation to come out of the Twistlock acquisition is that Palo Alto Networks has chosen to make a strategic investment in containers. It shows that “container intelligence” cannot be thought of as a “bolt-on” feature to existing visibility and security products.

With buying Twistlock, Palo Alto had come to the realization that:

  • Containers represent a new abstraction layer that make it challenging to derive container health, risk, and performance data

  • Microservices and Kubernetes enable developers to decompose applications and run tens, hundreds, or thousands of containers where there used to be a single, static, monolithic application

  • The move to multi-cloud means the typical “perimeter” that traditional firewalls and other security solutions will not be sufficient on their own – the borderless application is coming.

PAN could have thrown hundreds of engineers at the container security challenge and built something if they had chosen to. But they would need to wait 18-24 months, quite possibly longer, and would have had to overcome a steep learning curve in understanding cloud-native security.

The Buyer perspective: an evolving set of visibility and security needs

So we now understand Palo Alto’s viewpoint. What about the buyer’s?

In order to understand this, it’s helpful to understand the market at large. According to the 451 Analyst Group, the container market will approach $5 Billion in the next couple of years. Surveys like the CNCF survey showed that, late last year, over 40% of enterprises are already running cloud-native technologies in production, *with over 80% of those enterprises running Kubernetes!

Suffice it to say – this is a massive market that is radically changing how enterprises deploy and operate applications in production. So why would Twistlock consider an acquisition at this stage?

Our belief is that the basis of competition in cloud-native market is changing radically. As one of the pioneers in container security, Twistlock did a fantastic job building a feature set based on a core capability that enterprises were initially interested in: container image scanning. As the market matured, however, it was evident that their strategy, which gave them a foothold, was too narrow to survive the onslaught of scanning alternatives.

As enterprises grew more sophisticated in their understanding of containers, and more importantly Kubernetes, they grew to see cloud-native as a way to radically improve operations through the new capabilities and efficiencies that modern technologies afford the market.

Point solutions such as image scanning, run-time protection, and custom performance metrics, as well as other data sources were acceptable in the early days. As the sources of data grew – as well as the need for a sophisticated approach to cloud provider and orchestrator context, it became clear that a new approach to operations was needed. The approach needed a data-centric strategy that eliminated the typical barriers between security and devops. After all, data is data: any piece of information that gives you a leg up on solving your use case should be at your fingertips. For example, the first indicator of an IOC or DOS attack is often times a monitoring alarm that detects an abnormal performance metric spike.

As the market evolved from “I just need to scan images” and “I just need to collect Prometheus Metrics” to “How do I operate containers with massive efficiency”, enterprises shifted to look for a unified data platform to address their security and monitoring challenges at scale. Visibility turns out to be the missing essential component needed across health, risk, and performance of the entire cloud-native lifecycle.

Conclusion: Congratulations Twistlock

Twistlock was an early participant in the container market and in a successful acquisition – something that many startups aspire to, but do not always achieve. That’s a milestone that should be celebrated, no matter where you live in the cloud-native landscape.

We look forward to competing with Palo Alto Networks as this nascent market grows into a massive market opportunity over the next few years!

Share This

Stay up to date

Sign up to recieve our newest.

Related Posts

Kubernetes security guide.

Announcing the Sysdig Cloud-Native Visibility + Security Platform 2.0

Better together with Sysdig and Anchore: Comprehensive container security across the software development lifecycle.