Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

6/15/2019
08:00 AM
Kelly Sheridan
Kelly Sheridan
Slideshows
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

10 Notable Security Acquisitions of 2019 (So Far)

In a year when security companies have been snapped up left and right, these deals stand out from the chaos.
Previous
1 of 12
Next

(Image: Itchaznong - stock.adobe.com)

(Image: Itchaznong stock.adobe.com)

Anyone watching the cybersecurity market has likely noticed a wave of acquisitions making headlines. The M&A activity that remained constant last year has only increased in 2019.

"It's like something's in the water right now," says Hank Thomas, CEO at Strategic Cyber Ventures (SCV), where experts had anticipated growth in the cybersecurity market. "We predicted the ability of the market to do this, and we thought it might be this year."  

Cybersecurity Ventures reports more than $7 billion in cybersecurity deals during the first quarter of 2019 alone, and the market certainly hasn't quieted since them. The industry is in a time when large companies are sitting on lots of cash and pondering their security capabilities.

Of course, some technologies are hotter than others. Cloud computing and application security are two notable types ripe for acquisition this year, for example. Service-focused businesses are looking to acquire "as-a-service" companies and wrap their services into their platforms, explains Jeff Pollard, Forrester vice president and principal analyst for security and risk professionals.

He calls this "a bit of an unconventional acquisition scenario, where services companies acquire intellectual properties they can build services around." An example of this can be seen in NTT Security's acquisition of WhiteHat Security, a deal confirmed in March. This acquisition also reflects a trend of companies investing in application security, which Pollard also has noticed.

"Applications generate revenue," he says. The applications companies are building, and the software they're making, go into products and services. "It's not that every company is a software company — it's that every company is making money with software now." Application security goes to the forefront of their priorities because this is technology they use to protect revenue-generating applications, websites, mobile apps, and other products, Pollard continues.

The cloud is a hot target for traditional and legacy vendors, which are still slow to embrace the cloud and adopt native cloud functionality. Vendors struggle to offer the same experience in the cloud as they do on-premises, a challenge that has led to increased activity in cloud-focused M&A, he adds.

These trends are evident in the cybersecurity acquisitions to take place so far this year. Here, we highlight 10 deals that stood out and discuss where the industry is headed. Any transactions you're not seeing? Feel free to share your thoughts in the Comments section, below.

 

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Previous
1 of 12
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
ksreiter
86%
14%
ksreiter,
User Rank: Strategist
6/17/2019 | 10:44:09 AM
Maybe focus on readership over ad revenue?
I'm not going to click through 12 pages to read a list of 10 things.  At some point, you should focus on ways to retain your readership numbers by not making them grumpy, instead of focusing on ad revenue.

I'll just read the information somewhere else that gets that - or just use Google if I really can't live without knowing what's on the list.
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
Preventing PTSD and Burnout for Cybersecurity Professionals
Craig Hinkley, CEO, WhiteHat Security,  9/16/2019
NetCAT Vulnerability Is Out of the Bag
Dark Reading Staff 9/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16413
PUBLISHED: 2019-09-19
An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems.
CVE-2019-3738
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.
CVE-2019-3739
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.
CVE-2019-3740
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.
CVE-2019-3756
PUBLISHED: 2019-09-18
RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to low-privileged RSA Archer users' UI under certain error conditions.