2021 is shaping up to be an active year for mergers and acquisitions in the cybersecurity industry. March alone saw more than 40 firms being acquired. The level of activity is driven by growth in sectors such as identity management, zero trust, managed security services, DevSecOps and cloud security.
In many cases, the acquiring company sought to strengthen its position in its market—Okta’s purchase of Auth0, for example. In others, the acquisition was an entry into a new market; Lookout is now a player in the secure access service edge (SASE) market with the acquisition of CipherCloud. Some used the newly acquired company to expand product capabilities, like Palo Alto Networks boosting its Prisma Cloud platform with cloud security technology from Bridgecrew.
Below are the deals that selected as the most significant of the year.
MDR meets EDR as Huntress acquires Recon
Managed detection and response (MDR) vendor Huntress have purchased endpoint detection and response (EDR) technology, called Recon, from start-up Level Effect. Recon merges endpoint protection with network traffic visibility.
Kaseya purchased RocketCyber
Kaseya, which provides security management solutions to managed service providers (MSPs), has acquired RocketCyber, which will continue to operate separately within Kaseya. RocketCyber provides a cloud-agent SOC designed for MSPs.
Proofpoint in agreement to buy DLP vendor InteliSecure
Proofpoint has announced its intent to acquire InteliSecure, a provider of DLP managed services, for $62.5 million. The company will use InteliSecure’s technology to enhance the data protection capabilities of the Proofpoint cloud platform.
CrowdStrike acquired Humio
With Humio, CrowdStrike plans incorporate the company’s cloud log management and observability technology into its cloud endpoint and workload protection solutions. The goal, according to a press release, is to expand CrowdStrike’s XDR capabilities. The value of the deal is expected to be $400 million.
Palo Alto Networks acquired cloud security firm Bridgecrew
Palo Alto Networks has announced its intent to acquire Bridgecrew for $156 million. The company plans to incorporate Bridgecrew’s technology with its Prisma Cloud cloud-native security platform.
Tenable acquired Alsid
Tenable Holdings has announced its intent to buy Alsid for $98 million. The deal would allow Tenable to bring Alsid’s technology and expertise in discovering Active Directory monitoring to its cyber exposure and risk management platform.
SentinelOne buys Scalyr for autonomous XDR
The acquisition of cloud-based data analytics platform provider Scalyr will allow SentinelOne to “ingest, correlate, search, and action data from any source, delivering the industry’s most advanced integrated XDR platform for real time threat mitigation across the enterprise and cloud,” according to a press release. Terms of the sale were not released.
Rapid7 acquires Kubernetes security provider Alcide.IO
Security analytics and automation firm Rapid7 has bought Israeli firm Alcide.IO for $50 million. Alcide’s product provides code-to-production security for Kubernetes deployments.
VMware acquired Mesh7
VMware has finalized its purchase of Mesh7, which will allow VMware to bring “visibility, discovery and better security to APIs. The move gives VMware Mesh7’s contextual API behaviour security solution, which is expected to help VMware deliver on a promise to provide “modern application services using open-source options. Terms of the acquisition were not released.
Alacrinet Consulting Services buys Chamber’s Key
Alacrinet Consulting Services adds security research and penetration testing to its offerings with its purchase of Chamber’s Key. With the acquisition, the company is launching a new division called Alacrinet Security Labs, which will research new Common Vulnerabilities and Exposures (CVEs) and publish results and recommendations. Terms of the acquisition were not released.
Plurilock acquires Aurora Systems Consulting
US-based cybersecurity solutions provider Plurilock has entered into a definitive share purchase agreement to acquire security technology and services company Aurora Systems Consulting. The deal will boost Plurilock presence in the government market. Aurora’s key customers include the US Department of Defense, the US Department of the Treasury, and the US National Aeronautics and Space Administration.
Hornetsecurity acquires Zerospam
Cloud email security provider has acquired Canada-based Zerospam, which provides cloud email protection services to business of all sizes in North America. This comes shortly after Hornetsecurity’s purchase of backup solution provider Altaro in January. Terms of the acquisition were not released.
Kroll acquires Redscan
Kroll, a global provider of governance, risk and transparency services and products, has purchased UK-based Redscan. The company plans to add Redscan’s extended detection and response (XDR) enabled security operations center (SOC) platform to its Kroll Responder capabilities to support a wider array of cloud and on-premises telemetry sources. Redscan is also known for its proprietary cloud native MDR solution, which correlates events and intelligence from leading telemetry sources. Terms of the acquisition were not released.
VENZA buys MSSP CyberTek Engineering
With the acquisition of managed security service provider (MSP) CyberTek Engineering, VENZA expects to enhance its data protection and compliance services for the hospitality industry. Terms of the sale were not disclosed.
MSSP True North Networks acquired
Private equity firm Bluff Point Associates has bought True North Networks, which provides IT solutions, security, and support to registered investment advisors (RIAs). The move bolsters Bluff Point Associates’ portfolio of technology companies that serve the financial services industry. Terms of the acquisition were not released.
RingCentral acquires Kindite
RingCentral has purchased cryptographic technologies provider Kindite. It’s a talent and technology acquisition, as RingCentral will absorb the Kindite team into its own workforce and incorporate Kindite technology into RingCentral’s products. This will allow RingCentral to provide end-to-end encryption over its global communications platform. Terms of the sale were not disclosed.
Copado acquires New Context
DevOps platform provider Copado expands its DevSecOps services with the purchase of New Context, whose customers include GE, Kaiser Permanente, and Royal Dutch Shell. Terms of the acquisition were not released.
Recorded Future announces acquires Gemini Advisory
Enterprise intelligence provider Recorded Future has agreed to acquire Gemini Advisory in a deal worth $52 million. The purchase is expected to accelerate Recorded Future’s growth in the fraud analytics market. Terms of the acquisition were not released.
Sonatype acquires MuseDev
Sonatype, which sells tools for software supply chain management and security, has acquired MuseDev. The company’s main product automatically analyzes each developer pull request to help find security, performance, and reliability flaws. Terms of the acquisition were not released.
Lookout buys CipherCloud
Lookout, a provider of mobile endpoint security solutions, has entered the SASE market with the acquisition of CipherCloud. Product categories that CipherCloud offers include cloud access security broker (CASB), zero-trust network access (ZTNA), and data loss prevention (DLP). The goal of the purchase was to provide an end-to-end platform that secures an organization’s entire data path from endpoint to cloud, Terms of the deal were not disclosed.
SailPoint Technologies acquires ERP Maestro
The acquisition of SaaS governance, risk and compliance (GRC) provider ERP Maestro will add segregation-of-duties (SoD) capabilities to SailPoint’s identity security offering. This deal closely follows Sailpoint’s acquisition of Intello, a SaaS management company that helps organizations discover, manage, and secure SaaS applications, in late February. Terms of the acquisition were not announced.
Fortinet acquires ShieldX
Enterprise security platform provider Fortinet has acquired ShieldX, which provides a platform to secure multi-cloud environments. Terms of the deal were not released.
Sontiq acquires Breach Clarity
Identity security vendor Sontiq has acquired Breach Clarity, known for its AI-based data breach intelligence solutions for the fintech industry. With the deal, Sontiq to add a BreachIQ capability to its IdentityForce, Cyberscout and EZShield products. Terms of the deal were not announced.
McAfee sells its enterprise business, becomes pure-play consumer cybersecurity company
McAfee Corp. has sold its enterprise security business to an investment group led by private equity firm Symphony Technology Group (STG) for $4 billion. STG had earlier acquired RSA from Dell Technologies in February 2020. McAfee’s enterprise business will be rebranded once the deal is finalized.
Okta buys IAM rival Auth0 for $6.5 billion
Okta seeks to solidify its position as an enterprise identity management services provider with its purchase of rival Auth0. The two product lines will continue to operate independently and be developed
KnowBe4 acquires MediaPRO
Security awareness training provider KnowBe4 has acquired MediaPRO, another security and privacy training provider. With the purchase, KnowBe4 intends to offer more privacy and compliance training modules. Terms of the deal were not disclosed.
Private equity firm merge’s identity security firms Thycotic and Centrify
TPG Capital has combined two of its recently acquired companies in the identity security space: Thycotic and Centrify. Thycotic is known for its cloud-first identity security solutions, while Centrify is a player in the privileged access management (PAM) market.
Accenture acquires Openminded
Global professional services company Accenture has entered into an agreement to by Openminded, a cybersecurity services firm that provides advisory, managed security services, and cloud and infrastructure services in Europe.
Thoma Bravo acquires Proofpoint
Cybersecurity and compliance company Proofpoint has agreed to be acquired by Thoma Bravo. It’s the latest in a string of security vendors that the private equity firm has bought, including Wombat, ObserveIT and Meta Networks. “Thoma Bravo is an experienced software investor, providing capital and strategic support to technology organizations, and our partnership will accelerate Proofpoint’s growth and scale at an even faster pace
Rapid7 acquires Velociraptor
Velociraptor’s technology gives security analytics and automation vendor Rapid7 a foothold in the digital forensics and incident response space. The company has pledged to continue to develop Velociraptor’s tools and build its community.
Mastercard buys Ekata
Payment network processor Mastercard has acquired Ekata, known for its machine-learning-based technology to detect “good” from “bad” consumers in real-time during transactions.
Zscaler acquires Trustdome
Zscaler has agreed to acquire Trustdome and its cloud infrastructure entitlement management (CIEM) product. The company plans to integrate Trustdome’s technology into its cloud security posture management (CSPM) platform as part of Zscaler Cloud Protection.
Sumo Logic acquires DFLabs
SIEM and cloud monitoring vendor Sumo Logic adds security orchestration, automation, and response (SOAR) capabilities with its purchase of DFLabs. Sumo Logic will extend its cloud native SIEM solution with DFLabs technology.
Zscaler acquires Smokescreen
Cloud security vendor Zscaler has announced its intent to acquire Smokescreen Technologies and its active defense and deception technology. The company plans to integrate Smokescreen’s technology into its Zscaler Zero Trust Exchange product. With the addition of Smokescreen to our Zero Trust Exchange, our customers will be able to change the economics of cyberattacks by making them far more costly, complex, and difficult for the adversary both before and during their attempted intrusions
Splunk acquires TruSTAR
Splunk has entered into an agreement to buy cloud-native security company TruSTAR. The company plans to integrate capabilities of TruSTAR’s Intelligence Platform into its Data-to-Everything platform.
Cisco acquires Kenna Security
Cisco has announced plans to acquire risk-based vulnerability management firm Kenna Security. Kenna’s machine learning-based technology will be incorporated into Cisco’s SecureX platform.
NCC Group acquires Iron Mountain
Cybersecurity and resilience advisory firm NCC Group has entered into an agreement to acquire Iron Mountain’s intellectual property management (IPM) business for $220 million. NCC will role the IPM unit into its Software Resilience group to create an escrow business.
Forcepoint acquires Cyberinc purchase
Forcepoint has acquired Cyberinc, which provides remote browser isolation (RBI) technology that gives administrator more granular control over users’ web browsing activity. The company plans to integrate Cyberinc RBI technology into its SASE platform.
LiveAction acquires CounterFlow AI
Network performance management firm LiveAction has acquired CounterFlow AI, a network detection and response (NDR) provider. The deal will add encrypted traffic analysis for security incident detection and response to LiveAction’s network performance monitor and diagnostics platform.
Ping Identity buys SecuredTouch
Ping Identity has acquired SecuredTouch, known for its fraud and bot detection and mitigation solutions. Ping will integrate SecuredTouch into its PingOne Cloud Platform. Identity isn’t just about knowing who customers are, it’s about knowing when someone is pretending to be a customer.
Deloitte acquired Terbium Labs
Deloitte has purchased the assets of digital risk protection solution provider Terbium Labs. The company helps organizations detect and remediate data exposure, theft, and misuse. All Terbium solutions and services will be rolled into Deloitte’s Detect & Response suite.
Forcepoint acquired Deep Secure
Forcepoint has entered into an agreement to buy Deep Secure. Once the deal finalizes in August, the company plans to integrate Deep Secure’s Threat Removal Platform into its Cross Domain Solutions portfolio, and its content, disarm and reconstruction (CDR) capabilities into Forcepoint’s SASE architecture.
Private equity firms to buy cloud security vendor ExtraHop
Bain Capital Private Equity and Crosspoint Capital Partners have entered into an agreement to acquire Extrahop, a cloud-native network detection and response solution provider. The deal is valued at $900 million. By combining our exceptional team, market need, and technology with the deep domain expertise and resources of Bain Capital and Crosspoint Capital, ExtraHop can grow faster and accelerate our innovation to help our customers defend their operations from even the most advanced threats