10 Notable Cybersecurity Acquisitions of 2019, Part 2
As mergers and acquisitions continued to shape the security industry throughout 2019, these deals were most significant.
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt0f113d5af278807b/64f0d3f03d73a37e57614eb9/MA2introUSETHIS.jpg?width=700&auto=webp&quality=80&disable=upscale)
This year has been a significant one for mergers and acquisitions in cybersecurity. A strong pattern of M&A activity in the first half of 2019 continued into the second as large companies sought to create more sophisticated platforms, and smaller businesses continued consolidation.
"The bottom line is we're on pace for record growth in 2019 and definitely a bigger year than 2018," says Hank Thomas, CEO at Strategic Cyber Ventures, who notes the industry is on pace to reach $17 billion in total for M&A activity for 2019.
While the stream of M&A activity remained fairly constant from the first half of 2019 into the second, the past six months brought a few overall larger deals, notes Jeff Pollard, Forrester vice president and principal analyst for security and risk professionals. Deals involving Broadcom, Sophos, and VMware, underscored another trend of enterprise players investing in security.
The first half of 2019 was marked with acquisitions by companies expanding their portfolios, Pollard explains. We saw Carbonite aiming to become more of a software provider with Webroot, and Palo Alto Networks expanding its offerings with Demisto, Twistlock, and Puresec, he notes.
January through June "was more focused on companies trying to flesh out what they have now," he continues. Toward the second half of 2019, smaller companies began partnering with other smaller companies to become medium-size businesses, as opposed to large firms trying to get bigger. As big organizations continue to buy more midsized companies, it creates an opportunity for some of the smaller players to get together and create a larger company.
"If you're small and looking at smaller, but together you're midsize, that's now an attractive target for you," Pollard explains.
Another key M&A driver is a lack of sophistication in today's security platforms, Thomas points out. Many of the point tools companies rely on are "very much just features," he says. CISO are looking to consolidate their data feeds and dashboards; to do security orchestration, automation, and response. The problem is, they don't have a sufficiently advanced platform.
"I think we'll continue to see consolidation occur because there's a demand for that," he adds.
Here, security experts share the most noteworthy M&A deals from July through December and what these acquisitions mean for this changing industry. See anything they missed? Please feel free to share your thoughts in the Comments section.
Related Content:
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "10 Security 'Chestnuts' We Should Roast Over the Open Fire."
VMware offered $2.1 billion to buy endpoint security vendor Carbon Black in August. The deal is considered by many security experts to be among the most significant this year.
"VMware is so focused on the cloud that I think it's natural for them to want to bring on a security [company] to accelerate people's journey to the cloud," says Thomas.
At a time when organizations are grappling with too many security tools and not enough people to handle them, many are seeking new ways to maximize efficiency in their existing products.
"All these things are creating sort of an inflection point in the security market," says Nick Lantuh, president and CEO at Fidelis Cybersecurity. "There's a desire to have more visibility from a holistic standpoint," and work with security vendors that are more strategic in their platform. The trend is moving away from buying several "best of breed" point products and toward investing in fewer, more comprehensive security tools.
Broadcom confirmed plans to acquire Symantec Enterprise Security for $10.7 billion in an all-cash transaction expected to close in the first quarter of its 2020 fiscal year.
Symantec's enterprise security portfolio, which has product lines across endpoint security, Web security services, cloud security, and data loss prevention, will be deployed through Broadcom's channels. In doing so, its new parent company aims to strengthen its differentiated portfolio license agreement strategy for customers. At the time it was announced, the deal was expected to drive more than $2 billion in sustainable, incremental, run-rate revenue for Broadcom.
Pollard describes this transaction as an example of enterprise players trying to move into the cybersecurity space. Broadcom is a traditional enterprise hardware company; acquiring Symantec brings security software and services into its portfolio.
This acquisition also stood out for its value, which Pollard notes is another consistent trend throughout the second half of 2019. While the number of deals stayed relatively constant, the past six months have brought a handful of transactions with higher overall value.
Palo Alto Networks, which has already bought several smaller security companies this year, continued its shopping spree with acquisitions of IoT security startup Zingbox and Aporeto, a machine identity-based microsegmentation company.
The Zingbox acquisition, confirmed in late September and valued at $75 million, is intended to drive Palo Alto Networks' delivery of IoT security through its Next-Generation Firewall and Cortex platforms. Zingbox's cloud-based platform aims to help organizations identify and secure connected devices, and it will continue to be available to customers following the transaction.
Two months later, Palo Alto Networks announced plans to buy Aporeto for $150 million. The idea is to further strengthen its Cloud Native Security Platform with Aporeto's technology, which identifies workloads and applies microsegmentation across infrastructures to improve application security. This deal highlights the importance of both cloud security and application security, which Pollard anticipates will continue to be a hot target for acquisitions going forward. Successful security businesses "will be cloud first, or at least will be cloud savvy," he says.
Lantuh agrees. "There's going to be a continuing of consolidation there; going to be a movement of focus and consolidation in the entire cloud workload security space," he says. "That is a very, very hot market right now."
Another one of this year's standout deals was Thoma Bravo's $3.9 billion offer for endpoint security firm Sophos. At the time it was announced in October, Sophos' board of directors planned to "unanimously recommend" the offer to company shareholders.
UK-based Sophos offers security tools for endpoint protection, managed services, firewall, and public cloud to a base of 400,000 customers. Its own recent acquisitions included Rook Security, DarkBytes, and Avid Secure. This acquisition is one of many shifting the endpoint security market, which overall is undergoing major change as its many vendors consolidate. Pollard hypothesizes Thoma Bravo could potentially be planning to add to Sophos' current offerings and eventually exit the company further down the road to make it a portfolio player.
This acquisition marks the latest addition to Thoma Bravo's cybersecurity portfolio. The private equity firm has more than $35 billion in investor commitments and bought more than 200 software and technology companies. Among its security investments are Barracuda Networks, Veracode, Imperva, LogRhythm, and McAfee, of which it bought a minority stake in 2017 following its spinout from Intel.
Fortinet's October acquisition of enSilo, targeting endpoint detection and response technology, was another indicator of ongoing activity in the endpoint security space. It did not disclose how much it paid for enSilo, which had raised $57.5 million since it was founded in August 2014.
San Francisco-based enSilo offers a range of endpoint security tools including automated detection and response, code-tracing technologies to prevent data exfiltration and ransomware, and coordinated security for IoT, among other capabilities. Prior to the deal, enSilo's technology was already being used to complement Fortinet's with endpoint security capabilities. Following this acquisition, Fortinet plans to extend enSilo's capabilities through further integration with its own SIEM tool, user entity behavior analytics features, and access control platform, officials explained in a release.
Tenable recently confirmed its purchase of early-stage industrial security company Indegy, whose technology aims to improve visibility, security, and control across operational technology (OT) environments. The all-cash deal is valued at $78 million.
As Tenable CEO Amit Yoran said in a statement, CISOs are being asked to secure OT systems alongside IT systems but lack the visibility to manage and measure OT risk in the same way they handle IT risk. The goal of Tenable's acquisition of Indegy is to bring together IT vulnerability management and industrial cybersecurity to create a unified view of IT and OT security.
Thomas says it's a fitting move for Tenable, which has "always had a really good brand" and had reportedly been on the market for an acquisition. Indegy brings expertise in IoT, which is a key component to industrial security. "They can harness the expertise Indegy has put into securing IoT devices in the industrial space," he adds.
Check Point Software Technologies invested in IoT firmware security with its November acquisition of Tel Aviv-based Cymplify, which offers a firmware analysis engine combined with an on-device software security-hardening module for IoT security. Terms of the deal were not disclosed.
Cymplify, founded in 2019, offers an on-device agent that informs security posture reports, which can be used to optimize security for each individual device. Check Point plans to build this technology into its Infinity architecture to reduce customer exposure to IoT attacks.
Shortly after its Cymplify deal, Check Point set its sights on cloud security with an acquisition of Protego, an Israeli startup focused on serverless security technology. Protego's tech aims to prevent attacks against serverless functions and block vulnerable code from being deployed into production. Check Point also plans to integrate this technology into its Infinity architecture; its goal is to mitigate some of the risk companies take on by adopting cloud-native applications.
Continuing the cloud trend was Sumo Logic's acquisition of JASK Labs, confirmed in November. The deal is intended to combine SumoLogic's intelligence platform and SIEM capabilities with JASK's autonomous security operations center (ASOC) software. Terms were not disclosed.
JASK, founded in 2015, has raised a total of $39 million over three rounds of funding. Its ASOC platforms aims to increase visibility into multicloud environments so employees can better understand the context surrounding security incidents, and to lessen alert fatigue by automating repetitive tasks.
This acquisition is "two as-a-service companies coming together to offer a more complete offering in the cloud," Pollard says. Indeed, Sumo Logic plans to leverage JASK's technology to develop a new Sumo Logic ASOC solution and Spec Ops threat hunting tool, both of which will be delivered as a service. JASK CEO Greg Martin has been named vice president and general manager of Sumo Logic's security business unit; JASK employees will also join the organization.
Pollard anticipates consolidation in the security market "will heat up for a different reason."
"When you look at the funding from early in the security market, going back to 2015, 2014, and 2013, a lot of those investments are aged now," he explains. "To an extent, a lot of those companies have become what they're going to become." As this happens, investors will begin shedding the companies that haven't "crossed the chasm" to meet the expectations they set three years ago. Prices may be more attractive from an acquisition perspective, Pollard notes.
Some automated malware analysis or sandboxing vendors, for example, may experience this because these tools went from a standalone product to a feature built into network security appliances. Similarly, deception technology is a network security feature but not quite as strong for a stand-alone product. "A lot of feature and product companies are features and products masquerading as companies," he explains.
The companies that can stand alone are the ones building products that customers ask for, versus telling the customer what they need. They will be "customer obsessed," says Pollard, a trait more characteristic of small- and medium-sized companies than massive enterprises. The larger an organization gets, the greater chance they'll lose sight of what their customers want.
Pollard anticipates consolidation in the security market "will heat up for a different reason."
"When you look at the funding from early in the security market, going back to 2015, 2014, and 2013, a lot of those investments are aged now," he explains. "To an extent, a lot of those companies have become what they're going to become." As this happens, investors will begin shedding the companies that haven't "crossed the chasm" to meet the expectations they set three years ago. Prices may be more attractive from an acquisition perspective, Pollard notes.
Some automated malware analysis or sandboxing vendors, for example, may experience this because these tools went from a standalone product to a feature built into network security appliances. Similarly, deception technology is a network security feature but not quite as strong for a stand-alone product. "A lot of feature and product companies are features and products masquerading as companies," he explains.
The companies that can stand alone are the ones building products that customers ask for, versus telling the customer what they need. They will be "customer obsessed," says Pollard, a trait more characteristic of small- and medium-sized companies than massive enterprises. The larger an organization gets, the greater chance they'll lose sight of what their customers want.
This year has been a significant one for mergers and acquisitions in cybersecurity. A strong pattern of M&A activity in the first half of 2019 continued into the second as large companies sought to create more sophisticated platforms, and smaller businesses continued consolidation.
"The bottom line is we're on pace for record growth in 2019 and definitely a bigger year than 2018," says Hank Thomas, CEO at Strategic Cyber Ventures, who notes the industry is on pace to reach $17 billion in total for M&A activity for 2019.
While the stream of M&A activity remained fairly constant from the first half of 2019 into the second, the past six months brought a few overall larger deals, notes Jeff Pollard, Forrester vice president and principal analyst for security and risk professionals. Deals involving Broadcom, Sophos, and VMware, underscored another trend of enterprise players investing in security.
The first half of 2019 was marked with acquisitions by companies expanding their portfolios, Pollard explains. We saw Carbonite aiming to become more of a software provider with Webroot, and Palo Alto Networks expanding its offerings with Demisto, Twistlock, and Puresec, he notes.
January through June "was more focused on companies trying to flesh out what they have now," he continues. Toward the second half of 2019, smaller companies began partnering with other smaller companies to become medium-size businesses, as opposed to large firms trying to get bigger. As big organizations continue to buy more midsized companies, it creates an opportunity for some of the smaller players to get together and create a larger company.
"If you're small and looking at smaller, but together you're midsize, that's now an attractive target for you," Pollard explains.
Another key M&A driver is a lack of sophistication in today's security platforms, Thomas points out. Many of the point tools companies rely on are "very much just features," he says. CISO are looking to consolidate their data feeds and dashboards; to do security orchestration, automation, and response. The problem is, they don't have a sufficiently advanced platform.
"I think we'll continue to see consolidation occur because there's a demand for that," he adds.
Here, security experts share the most noteworthy M&A deals from July through December and what these acquisitions mean for this changing industry. See anything they missed? Please feel free to share your thoughts in the Comments section.
Related Content:
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "10 Security 'Chestnuts' We Should Roast Over the Open Fire."
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024