Security News

Palo Alto Networks has made key bets around the shift to cloud and the need for integrated best-in-class security. Today Palo Alto Networks is making a further bet that cloud security must "Shift left," with security increasingly performed during the DevOps process.

Palo Alto Networks on Tuesday snapped up early-stage startup Bridgecrew, adding a cloud security platform for developers to its $3.4 billion-a-year enterprise product portfolio. For Palo Alto, the deal is part of a strategy to spend big to snap up early-stage companies in the cloud security and DevOps workflow space.

Network security giant Palo Alto Networks announced on Wednesday that it has agreed to acquire attack surface management firm Expanse in a deal valued at roughly $800 million. As its largest acquisition to date, Palo Alto will pay $670 million in cash and stock and approximately $130 million in equity awards.

Palo Alto Networks introduced Enterprise Data Loss Prevention-a cloud-delivered service that brings a fresh, simple and modern approach to data protection, privacy and compliance. "Data breaches are a huge and growing problem worldwide, but the existing legacy and point solutions are not accessible, appropriate or effective for many of the companies that need them," said Anand Oswal, senior vice president and general manager, Firewall as a Platform, Palo Alto Networks.

Palo Alto Networks has threatened legal action against cloud visibility solutions provider Orca Security after the latter published a video comparing products from the two companies. The video made by Orca in August, which is still available on YouTube, is described as a "Detailed competitive comparison" between Orca Security's platform and Palo Alto Networks' Prisma Cloud product.

Palo Alto Networks has threatened a startup with legal action after the smaller biz published a comparison review of one of its products. Israel-based Orca Security received a cease-and-desist letter from a lawyer representing Palo Alto after Orca uploaded a series of online videos reviewing of one of Palo Alto's products and compared it to its own.

Palo Alto Networks this week announced that it has patched critical and high-severity denial-of-service and arbitrary code execution vulnerabilities in its PAN-OS firewall software. Another potentially serious vulnerability, classified as high severity and tracked as CVE-2020-2041, allows a remote, unauthenticated attacker to get all PAN-OS services to enter a DoS condition by causing the device to restart and enter maintenance mode.

Palo Alto Networks remediated vulnerabilities in PAN-OS. Attackers can use these vulnerabilities to gain access to sensitive data or develop the attack to gain access to the internal segments of the network of a company that uses vulnerable protection tools. Attackers can access a special firewall section, place malicious code in one of the web forms, and obtain maximum privileges in the OS. "We performed black-box testing of the NGFW management web interface to detect this vulnerability, which results from the lack of user input sanitization. During a real attack, hackers can, for example, bruteforce the password for the administrator panel, perform RCE, and gain access to the Palo Alto product, as well as the company's internal network," said Mikhail Klyuchnikov, researcher at Positive Technologies.

Palo Alto Networks announced that it has entered into a definitive agreement to acquire The Crypsis Group, a leading incident response, risk management and digital forensics consulting firm. Under the terms of the agreement, Palo Alto Networks will acquire The Crypsis Group for a total purchase price of $265 million, subject to adjustment, to be paid in cash.

Palo Alto Networks announced on Monday that it has agreed to acquire incident response and digital forensics consulting firm The Crypsis Group. Under the terms of the agreement, Palo Alto Networks will pay $265 million in cash, subject to adjustment, to acquire Crypsis.