Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

12/9/2019
11:30 AM
Kelly Sheridan
Kelly Sheridan
Slideshows
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

10 Notable Cybersecurity Acquisitions of 2019, Part 2

As mergers and acquisitions continued to shape the security industry throughout 2019, these deals were most significant.
Previous
1 of 10
Next

(Image: Nespix stock.adobe.com)

(Image: Nespix stock.adobe.com)

This year has been a significant one for mergers and acquisitions in cybersecurity. A strong pattern of M&A activity in the first half of 2019 continued into the second as large companies sought to create more sophisticated platforms, and smaller businesses continued consolidation.

"The bottom line is we're on pace for record growth in 2019 and definitely a bigger year than 2018," says Hank Thomas, CEO at Strategic Cyber Ventures, who notes the industry is on pace to reach $17 billion in total for M&A activity for 2019.

While the stream of M&A activity remained fairly constant from the first half of 2019 into the second, the past six months brought a few overall larger deals, notes Jeff Pollard, Forrester vice president and principal analyst for security and risk professionals. Deals involving Broadcom, Sophos, and VMware, underscored another trend of enterprise players investing in security.

The first half of 2019 was marked with acquisitions by companies expanding their portfolios, Pollard explains. We saw Carbonite aiming to become more of a software provider with Webroot, and Palo Alto Networks expanding its offerings with Demisto, Twistlock, and Puresec, he notes.

January through June "was more focused on companies trying to flesh out what they have now," he continues. Toward the second half of 2019,  smaller companies began partnering with other smaller companies to become medium-size businesses, as opposed to large firms trying to get bigger. As big organizations continue to buy more midsized companies, it creates an opportunity for some of the smaller players to get together and create a larger company.

"If you're small and looking at smaller, but together you're midsize, that's now an attractive target for you," Pollard explains.

Another key M&A driver is a lack of sophistication in today's security platforms, Thomas points out. Many of the point tools companies rely on are "very much just features," he says. CISO are looking to consolidate their data feeds and dashboards; to do security orchestration, automation, and response. The problem is, they don't have a sufficiently advanced platform.

"I think we'll continue to see consolidation occur because there's a demand for that," he adds.

Here, security experts share the most noteworthy M&A deals from July through December and what these acquisitions mean for this changing industry. See anything they missed? Please feel free to share your thoughts in the Comments section.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "10 Security 'Chestnuts' We Should Roast Over the Open Fire."

 

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Previous
1 of 10
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Stop Defending Everything
Kevin Kurzawa, Senior Information Security Auditor,  2/12/2020
Small Business Security: 5 Tips on How and Where to Start
Mike Puglia, Chief Strategy Officer at Kaseya,  2/13/2020
5 Common Errors That Allow Attackers to Go Undetected
Matt Middleton-Leal, General Manager and Chief Security Strategist, Netwrix,  2/12/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20477
PUBLISHED: 2020-02-19
PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.
CVE-2019-20478
PUBLISHED: 2020-02-19
In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are unaware of the need to use methods such as safe_load in these use cases.
CVE-2011-2054
PUBLISHED: 2020-02-19
A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is left blank, providing the primary credentials are correct. The vulnerabilities is due to improper in...
CVE-2015-0749
PUBLISHED: 2020-02-19
A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker ...
CVE-2015-9543
PUBLISHED: 2020-02-19
An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is rel...