• United States



Palo Alto Networks buys, extends its cloud security solution

News Analysis
Mar 15, 20184 mins
Cloud SecuritySecurity

With the Evident Security Platform, Palo Alto Networks customers get a single dashboard to quickly find cloud security vulnerabilities and then see how to correct them.

cloud security
Credit: Thinkstock

Businesses are adopting public clouds to enable them to work faster and be more agile, which are both critical to success in the digital era. In fact, many organizations have adopted a “cloud first” approach, where the mandate is to move every new application to the public clouds.

Along with the benefits of cloud computing — increased agility, faster time to market, and the ability to scale infrastructure — though, comes increase security challenges.

The biggest problem with cloud security is that there’s no single issue. One can’t just slap in the cloud security appliance and know they are secure. With the cloud, it seems almost everything causes more security risk, including the fact that data is often transmitted over the public internet, users often procure their own cloud services, weak passwords are used to protect information, and cloud providers often federate information with the awareness of the company.

Even renowned hacker Kevin Mitnick, speaking DigiCert’s recent customer event, says the public cloud is vulnerable. Mitnick, who spends his days doing penetration testing for large organizations, says he almost always goes through public cloud services because it’s the easiest way to get into companies and has been able to break into 100 percent of the companies that have hired him 

In fact, Mitnick called the cloud the biggest security risk companies face over the next decade.

Palo Alto Networks acquires

It’s those such problems that Palo Alto Networks is trying to solve with its security platform. And this week, the company announced the acquisition of — a purchase price of $300 million in cash — to add public cloud security functions to its current solution. This comes on the heels of the company’s announcement last month to extend security to the big three public cloud providers.

The current Palo Alto solution has an inline component that protects and secures workloads and a host-based one to protect operating systems and apps. Evident is focused on continuous security and compliance, giving Palo Alto the third leg of the cloud security stool.  

evident security platform dashboard Alto Networks

The Evident Security Platform dashboard

The Evident Security Platform offers security and compliance for public clouds such as Amazon Web Services (AWS) and Microsoft Azure and displays the information in a single pane of glass where breaches in security policies can be spotted immediately. The product analyzes information to detect things that can cause compliance issues, such as misconfigurations, vulnerabilities, and risk, and it is continually updated via its APIs to ensure the dashboard is up-to-the-minute accurate.

The Evident Security Platform also provides the actionable information required to remediate those risks. Further, policy enforcement can be fully automated for security teams that are willing to take that leap. The Evident platform is widely regarded as one of the better cloud compliance tools and has a full range of regulatory and industry coverage to help companies comply with HIPAA, PCI, NIST, ISO, and others. 

Palo Alto Networks and merger good for customers

In any marriage, the goal is to make each other better, and that’s certainly the case here and should be viewed as boon for customers of both companies. The data classification from Palo Alto’s Aperture product will provide a greater source of information to Evident and broaden the compliance and monitoring coverage. And Evident will add new data to Palo Alto’s Application Framework for better analytics. Also, the automated responses will expand the enforcement capabilities in Palo Alto’s platform. 

Although awareness of the increased complexity in securing public clouds has only been raised recently, Palo Alto has been working on this problem for the better part of five years when it first introduced its ESXi security capabilities and then rapidly expanded that to other virtualization platforms. The acquisition of gives customers a fast and easy way to understand where their security risks are coming from and offers a way to fix them before their company makes front-page news.


Zeus Kerravala is the founder and principal analyst with ZK Research, and provides a mix of tactical advice to help his clients in the current business climate and long-term strategic advice. Kerravala provides research and advice to end-user IT and network managers, vendors of IT hardware, software and services and the financial community looking to invest in the companies that he covers.