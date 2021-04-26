Photo by Michael Vi/iStock Editorial via Getty Images

The recent completion of the acquisition of Bridgecrew represents a big boost to Palo Alto Networks' (NASDAQ:PANW) future growth forecasts. This has positive implications for Palo Alto's valuation. My positive outlook projects the following assumptions:

1. Bridgecrew drives expanded capabilities into the booming DevSecOps trend.

2. Potential to drive more monetization by evolving shift-left solutions.

3. Good fit with Prisma and Sinefa drives ease of integration into a central platform.

4. Huge installed base of Prisma customers to drive market adoption.

5. More ARR/customer drives stickiness and high-margin renewals (accretive to future earnings).

6. Mid- to long-term accretive to cash flows by leveraging sales and technology assets.

7. DevSecOps capabilities position Palo Alto as a leader in the winner-take-all data management battle.

Overview

What is Bridgecrew?

So what happens is you do, you build an application with a developer, you give it to your IT team and they deploy it and say, hey, you silly guy, you've got a bunch of security bugs and go fix it, the guy says, so what's my security bugs. Why didn't you tell me before? They started going to open source and trying to find security monitoring software to see, let me just make sure, I don't build stuff with security bugs in it. So what happens is what Bridgecrew has is such a – it's an open source, free, no credit card needed, piece of software just starts tracking the security bugs in your development side, CICD side. Source: Palo Alto

Bridgecrew is a developer-first cloud security platform. This means that Bridgecrew has the technology to allow developers to bake in cybersecurity solutions and best practices from application development to runtime. This means Bridgecrew is more of an application security offering. This shouldn't be confused with existing capabilities to protect cloud infrastructures.

Uses

With Bridgecrew, users will have complete visibility into cloud resources. Other use cases include policy management, runtime security, and IAM automation (Bridgecrew has a standalone IAM solution for AWS called AirIAM). To work efficiently, Bridgecrew has integrated with the leading cloud service providers. It has also integrated with top code repositories, including GitLab, GitHub, and collaboration platforms.

Market Opportunity

Shift-Left Security

Bridgecrew's robust cloud security capabilities and developer-first approach have contributed to its impressive adoption; in 2H 2020, both its customer base and monthly sign-ups tripled. Source: Bridgecrew

The market opportunity is validated by the need to build security into cloud apps and infrastructure projects from the ground up. This opportunity has spurred DevOps platforms to shift into the cybersecurity space. Recent moves by Datadog (DDOG), Elastic (ESTC), and Dynatrace (DT) validate the market opportunity.

Product Implication

Plugs into Prisma

Bridgecrew is expected to complement Prisma Cloud. We can expect Prisma to remain the central cloud security platform. Palo Alto already has abundant cloud security capabilities across functions such as data loss protection, workload protection, segmentation, access security, and posture management.

With Bridgecrew, security monitoring will start from application development. Bridgecrew also comes with an open-source infrastructure security scanner called Chekov (over 1.2m downloads) which is popular on GitHub. This should attract a new wave of users. It could also form a foundation for the evolution of more shift-left security capabilities in the future. This makes sense given the volatility of the last layer of abstraction when building a cloud app or infrastructure. Currently, Bridgecrew supports infrastructure-as-code frameworks like Terraform, CloudFormation, Azure Resource Manager, and AWS SDK.

Competition

DevOps Players

I expect DevOps players to expand into the application security space. Most DevOps platforms already have endpoint agents monitoring the performance of cloud and network resources. This makes it easy for them to evolve security solutions.

DevOps platforms like Datadog and Dynatrace recently announced capabilities in application security. This makes the acquisition of Bridgecrew a timely one. Though, Bridgecrew drills deep into the details of infrastructure security. This appears to be a competitive difference. I have observed similar moves by Fortinet (FTNT) and Check Point Software (CHKP).

To the left of the table above are the core DevOps capabilities, including infrastructure monitoring, application performance monitoring, IT operations, and AIOps. Fortinet's acquisition of an infrastructure monitoring platform is the most recent encroachment of this space by a cybersecurity player.

As we move to the right, we enter a battleground.

The first battleground is log management. Both DevOps and security players have valid reasons to enter the log management space. CrowdStrike's (CRWD) recent acquisition of Humio heralds the first big move by a cloud security player into one of the core capabilities of DevOps players. I covered this move in a previous article.

ZDX by Zscaler (ZS) and the acquisition of Sinefa by Palo Alto highlight the shift of security players into DEM (digital experience monitoring). This is another segment rife with DevOps players.

As we swing into the WAF (web application firewall) segment (core cybersecurity), we observe moves by Dynatrace and Datadog. WAF is for web application security. Readers will call that Dynatrace recently launched its application security offering. Datadog acquired a WAF capability via Sqreen earlier in the year. I believe Bridgecrew plays mostly into this segment.

Lastly, DevOps players have never hid their willingness to expand into core cybersecurity markets like SIEM, endpoint security [EPP] and cloud security (CSPM/CWPP). This explains their huge representation in the table above.

I believe the future revolves around data management. DevOps players are using insights churned from their agents to evolve vertical-specific solutions. On the other hand, cybersecurity players need to harness and process data efficiently to drive better security insights.

I will be thinking in terms of infrastructure and app security offerings when making my future assumptions. Both can be on-prem or cloud-based. Here are my predictions.

I expect DevOps players to move into infrastructure security as soon as they are done perfecting their capabilities in app security.

I expect more cybersecurity players to move into digital experience monitoring and log management to harness more data.

There is the possibility that DevOp players move deeper into endpoint security. With this move, they simultaneously gain market share in cloud security (via cloud endpoints).

This makes DevOps players more of a threat to cybersecurity players.

Cybersecurity players can defend their turf by leveraging log management and endpoint management to build standalone data management platforms.

The data king wins at the end.

My cybersecurity data kings are Palo Alto Networks, CrowdStrike, and Google (GOOG) (GOOGL)

Palo Alto Networks is building something unique with Cortex. This has been improved with Expanse and Bridgecrew.

CrowdStrike has made a significant move with Humio.

Google has Chronicle and BeyondCorp. Google is also a major cloud platform.

My DevOps data kings are Splunk (SPLK) (top player), Elastic, and Sumo Logic (SUMO).

Splunk has been in data management for a long time. It has built the right muscle memory.

Elastic's pace of innovation has been unstoppable in recent quarters.

Sumo Logic's positioning statement revolves around data management.

Given recent disruptions, second-best won't be enough.

Being second best has a huge opportunity cost for all players. New Relic (NEWR) is a perfect case study here.

I expect competition to extend beyond product innovation into pricing and partnerships.

Overall, a weak data management strategy has dire consequences for players on both sides.

Financial Impact/Valuation Update

Cash cost: $156m. Equity cost of $44m

Here, we expect investors to be worried about the impact of acquisitions on earnings. Palo Alto has largely leveraged share-based compensation to augment spending on sales and development. So far, this strategy seems to be good because its acquisitions are driving strong product demand via its huge base of customers. This is generating so much cash flows that Palo Alto has maintained a share buyback program that can offset potential EPS dilution.

As a result, I expect Bridgecrew to be accretive to the future growth projections baked into Palo Alto's valuation. The timeliness of the acquisition also positions Palo Alto as a leading player in the disruptive DevSecOps and data management trends. As enterprise customers demand the best and most efficient platforms, we can expect the top DevSecOps players with the capabilities to simplify security and DevOps problems to outshine their peers.

Bridgecrew is going to complement Prisma Cloud. Prisma cloud is under ClaiSec. ClaiSec is the cloud and AI security segment of Palo Alto driving strong double-digit growth. Palo Alto is planning to create a separate equity structure for ClaiSec to provide more visibility for the segment. This makes sense because Palo Alto is valued more for its network security business. Meanwhile, ClaiSec has a growth rate similar to CrowdStrike. Palo Alto is currently valued at a discount (market cap) to CrowdStrike. The major argument against a mispricing opportunity is the case that CrowdStrike is overvalued. From my recent coverage, CrowdStrike is yet to prove that it doesn't deserve its premium valuation.

When we combine the added capabilities from Bridgecrew to the bullish outlook for ClaiSec, we can make the case that Palo Alto is conservatively valued.

Conclusion

Palo Alto is right up there alongside top innovators propelling the disruptive DevSecOps trend. Bridgecrew is expected to help Palo Alto develop the much-needed capabilities to stay competitive while evolving the capabilities of Prisma Cloud.

Palo Alto Networks is conservatively valued given the unlocked potential of its ClaiSec segment, which has been updated and improved with Bridgecrew.

Tracking these updates is important because a significant portion of Palo Alto's valuation is embedded in its future growth projections. The veracity of our forecasts can only be validated with regular assessments of platform updates. Readers will recall that these cloud platforms are built to scale. As Palo Alto adds more capabilities to its platform, we can have more conviction in our projections. This is important for long-term investors.