Palo Alto Networks is acquiring Aporeto, a provider of zero trust cloud security, for $150 million in cash.

Palo Alto said the proposed acquisition will further strengthen its cloud-native security platform delivered by Prisma Cloud. The acquisition is expected to close by early next year, subject to customary closing conditions.

Aporeto provides comprehensive network security through microsegmentation, and secure access to infrastructure and resources by using application identity rather than IP addresses.

Palo Alto Networks’ Nikesh Arora

“We are thrilled to welcome Aporeto to the Palo Alto Networks family,” said Nikesh Arora, Palo Alto‘s chairman and CEO. “We believe the addition of Aporeto’s unique machine identity technology will further enhance our leading Prisma Cloud capabilities and strengthen our commitment to helping customers secure their journey to the cloud.”

Rik Turner, principal analyst at Ovum, said with this acquisition, Palo Alto seeks to capitalize on the increasing demand among enterprises to ensure access to cloud instances is not misconfigured or otherwise overly broad, through which various types of breaches can occur.

Ovum’s Rik Turner

“The Aporeto technology will now be rolled into Palo Alto Networks’ Prisma Cloud suite, joining those of Evident.io, RedLock, Twistlock and PureSec,” he said. “This will inevitably raise the question of how well the vendor can integrate yet another technology into its arsenal, but it has already made notable progress by enabling the TwistLock and PureSec technology to integrate with the RedLock management system, less than six months after those two companies were acquired.”

Aporeto differentiates itself from other microsegmentation vendors by describing what it does as “machine identity-based,” Turner said.

“This means it draws on factors beyond the IP address to determine application access control policies, including attributes from the cloud service provider, application infrastructure (such as container image vulnerability scanners), and the compute host itself,” he said.

Microsegmentation is an established approach to securing cloud workloads by creating and enforcing stringent access rights to, from and between workloads, based on their operational requirements and typical communication behavior, Turner said. Microsegmentation is categorized among the increasingly large number of “zero trust” techniques, he said.

“We have dedicated ourselves to helping organizations securely embrace the cloud,” said Dimitri Stiliadis, Aporeto’s co-founder and CTO. “Teaming up with Palo Alto Networks allows us to bring our machine identity-based microsegmentation technology to a large customer base. We are thrilled to join forces to help customers secure their journey to the cloud.”