Palo Alto Networks jumps into the IoT security fray with Zingbox buy

September 5 2019
by Patrick Daly


Security persists as one of the top pain points for organizations deploying Internet of Things (IoT) devices in their environments, with enterprises increasingly allocating budget to relieve that pain. According to 451 Research's Internet of Things, Budgets and Outlook survey, security was the second most frequently cited category for IoT budget spending and 20% of organizations expect security to receive the largest share of IoT budget spending in 2019. With the acquisition of Zingbox, Palo Alto Networks has extended the range of security services it already offers customers to include visibility into and control over IoT and unmanaged devices.

Snapshot Snapshot


Palo Alto Networks




IoT security

Deal value


Date announced

September 4, 2019

Closing date, expected

Q1 FY 2020


DBO Partners

The 451 Take

While this deal comes with a somewhat small price tag, it is still notable for a couple of reasons. First, it represents Palo Alto's latest strategic investment in its single platform approach. By identifying emerging areas of need in the security market and acquiring vendors strategically positioned to meet those needs, Palo Alto has (thus far) managed to avoid the innovator's dilemma that can plague IT security incumbents. It's also the company's first foray into IoT security and is one of the first enterprise-IoT security focused acquisitions to date. If the purchase is executed well and customers value the consolidation of visibility and control across managed and unmanaged devices, we may begin to see Palo Alto's main competitors make similar investments in the space. Given the glut of players focused on device discovery and behavioral analysis, however, the move is unlikely to spark a run on companies offering this functionality.

Deal details

Palo Alto is paying $75m in cash for Zingbox, which we estimate to be roughly 10x the target's expected 2019 revenue. The transaction is expected to close in the buyer's first fiscal quarter of 2020. Prior to its sale, Zingbox had grown to about 80 employees and had raised $23.5m in venture funding on top of an undisclosed series A round. The most recent investment came in 2017 in the form of a $22m series B led by Triventures and Dell Technologies Capital, with participation from Envision Ventures and Clearvision Ventures. Once the acquisition closes, Zingbox's founding team of Xu Zou, May Wang and Jianlin Zeng will join Palo Alto. According to 451 Research's M&A KnowledgeBase, this is the seventh deal that Palo Alto has announced over the past 18 months.

Deal rationale

Reaching for Zingbox continues Palo Alto's inorganic growth strategy of buying businesses in emerging security 'frontiers' while marking its entry into IoT security. Thus far in 2019 alone, the company has added security orchestration and automated response (Demisto), container security (Twistlock) and serverless security (PureSec) to its set of offerings, according to the M&A KnowledgeBase. The addition of Zingbox should enable Palo Alto to provide its customers with consolidated visibility of both managed and unmanaged devices throughout the corporate network as well as control over those devices via automated incident response. Feeding data from Cortex's data lake into Zingbox should dramatically increase the number of unique device profiles Zingbox has on hand and integrating these profiles directly into Palo Alto's next-generation firewalls provides an enforcement and incident-response mechanism that the target could not offer on its own.

Target profile

Zingbox was founded in 2014 by CEO Xu Zou, CTO May Wang and VP of Engineering Jianlin Zeng. All three founders came from engineering backgrounds – Xu was previously an engineering director at Aerohive, a cloud-based networking specialist that went public in 2014; Wang served as a principal architect in the CTO office of Cisco, leading the company's Asia-Pacific research efforts; and Zeng was previously principal architect at Aerohive. While its technology is broadly applicable across IoT devices, Zingbox primarily targets medical and discrete manufacturing use cases.

The vendor's product, IoT Guardian, passively monitors network traffic to discover and inventory an organization's unmanaged IoT devices. From there, it generates behavioral profiles for each device based on traffic observed during an initial learning period. These profiles take into account what the device is (e.g., a camera, printer or infusion pump), the purpose it serves in the organization, and what typical communication patterns look like. Zingbox maintains a database of profiles for devices it has previously discovered, allowing it to apply device intelligence collected from one deployment across its entire customer base. If a device deviates from the profile, IoT Guardian will alert the customer to a potential breach and offer several options for response such as blacklisting, quarantining or shutting down the device. Due to its passive deployment model, the enforcement component of the product is typically triggered through integrations with a customer's firewall.

Acquirer profile

Originally known for its next-generation firewall product line, Palo Alto Networks has grown to become one of the largest public companies in the security space, with a $20bn market cap and over 60,000 commercial customers. The vendor now offers a broad security portfolio ranging from security operations centers to endpoint software, cloud-based data logging and analytics. It has also been working on integrating all of these offerings via cloud-based infrastructure, where it can deploy deep analytics and automation resources to provide efficacy and efficiency to its customer's security operations. Additionally, Palo Alto has become one of the security industry's more active strategic acquirers, with 10 transactions since 2014 and four this year alone.


The IoT security market predominantly consists of startups, although Palo Alto's IT security rivals have demonstrated more interest in the sector in recent years. ForeScout and Cisco have both placed some bets on industrial control systems security with the purchases of SecurityMatters and Sentryo, respectively, although Palo Alto is among the first to buy an enterprise IoT security offering. Among IoT-specific security providers, Armis and Ordr are Zingbox's most direct competitors. Like Zingbox, both of these vendors passively monitor network traffic to discover devices, model their behavior, and detect and respond to incidents. If executed well, this deal could put pressure on Palo Alto's primary rivals to increase their investment in IoT security.