Menu
Cyber security is hot... here's the top M&A deals so far in 2021

Cyber security is hot... here's the top M&A deals so far in 2021

The cyber security market is hot, and vendors are buying competitors to solidify their position or acquiring other firms to expand their offerings.

Credit: Dreamstime

2021 is shaping up to be an active year for mergers and acquisitions in the cyber security industry. March alone saw more than 40 firms being acquired. The level of activity is driven by growth in sectors such as identity management, zero trust, managed security services, DevSecOps and cloud security.

In many cases, the acquiring company sought to strengthen its position in its market -- Okta’s purchase of Auth0, for example. In others, the acquisition was an entry into a new market; Lookout is now a player in the secure access service edge (SASE) market with the acquisition of CipherCloud.

Some used the newly acquired company to expand product capabilities, like Palo Alto Networks boosting its Prisma Cloud platform with cloud security technology from Bridgecrew.

Below are the deals that CSO has selected as the most significant of the year. This list is updated periodically as new deals are announced.

FireMon acquires cloud security firm DisruptOps

September 8: Network security policy management vendor FireMon's acquisition of DisruptOps adds cloud security operations capabilities to its solutions. FireMon expects to bring to its customers the ability to monitor and respond to security risks across the public cloud infrastructure.

"Bringing DisruptOps and FireMon together adds transformational cloud security automation capabilities to FireMon’s leading security management platform -- together we will deliver the security operations platform of the future," said FireMon CEO Jody Brazil in a press release. Terms of the deal were not disclosed.

LogPoint announces intent to acquire SecBI for its SOAR and XDR capabilities

September 1: LogPoint has entered into an agreement to acquire SecBI, known for its automated threat detection and response capabilities. The company plans to integrate SecBI's SOAR and EDR platform into its own solutions.

“This integration will allow customers to quickly launch automated notifications and security remediations using our full-native SOAR capabilities," said LogPoint CE Jesper Zerlang in a press release. The acquisition is expected to be complete in Q3 2021; terms were not disclosed.

OwnBackup adds Salesforce security and governance with RevCult acquisition

August 31: Cloud data protection firm OwnBackup has acquired RevCult, a provider of SaaS security posture management (SSPM) solutions for Salesforce. “Although we’ve equipped customers to be more resilient with proactive data back-up, monitoring, compare and restore capabilities, many of the problems we help them recover from are preventable through the addition of proactive SSPM,” said Sam Gutmann, CEO of OwnBackup, in a press release. Terms of the deal were not disclosed.

XYPRO Technology acquires Workload Aware Security for SAP HANA from HPE

August 31: XYPRO Technology has added the Workload Aware Security (WASL) product from Hewlett-Packard Enterprise, bringing security and compliance monitoring capabilities for Linux and SAP HANA environments into its security portfolio. HPE will continue to sell and distribute WASL. XYPRO will support existing WASL deployments and renewals, and continue to develop the platform. Terms of the sale were not disclosed.

Check Point Software adds cloud email protection with Avanan acquisition

August 30: Enterprise security provider Check Point Software Technologies has acquired cloud email security company Avanan. In addition to Avanan's cloud email security technology, the deal is expected to extend Check Point's security capabilities to collaboration suites such as Teams and Slack.

“More and more businesses are moving to cloud email platforms, and with email becoming a major channel to launch devastating cyber attacks, this acquisition represents a huge potential as organisations are looking for a new approach to email and collaboration suite security,” said Dr. Dorit Dor, Check Point’s chief product officer, in a press release. Terms of the acquisition were not disclosed.

HackerU boosts SaaS cyber security education offerings with Cybint acquisition

August 4: Educational cyber security firm HackerU has bought Cybint for its SaaS-based education platform. The acquisition increases HackerU's geographic reach and broadens its offerings across all security career points. The company will also rebrand as ThriveDX.

"We are proud to welcome the amazing Cybint team and their incredible portfolio of experience to the HackerU, now ThriveDX, family,” said Dan Vigdor, co-founder and executive chairman of HackerU, in a press release. “The combination of our two companies’ positions the new ThriveDX group as the category leader worldwide and solidifies our ability to reskill and upskill individuals at any stage of their professional life.” Terms of the sale were not disclosed.

Feedzai buys biometric platform Revelock for secure cashless commerce

August 4: Cloud risk management platform provider Feedzai has acquired the Revelock biometric platform. The combined products will create what Feedzai claims is the world's largest AI-based financial risk management platform.

Our goal has always been to make digital commerce safe for everyone. Adding Revelock to our clients’ arsenal changes the paradigm from securing transactions in real-time - something we were already doing - to effectively preventing crime before it happens,” said Nuno Sebastiao, CEO of Feedzai, in a press release. Terms of the sale were not released.

Ivanti to acquire IIoT platform from WIIO Group

August 4: Ivanti has signed a letter of intent to acquire WIIO Group's IIoT platform to integrate with its Wavelink supply chain software. The IIoT platform is expected to give Wavelink customers a full view of their IIoT devices and the ability to better identify and remediate security issues.

“There is growing demand by enterprises across all verticals to ensure that their supply chain operations are at peak efficiency,” said Brandon Black, vice president and general manager of Ivanti Wavelink, in a press release. “We look forward to integrating our technologies and helping our customers further automate and secure their supply chain operations, while improving end user experiences and enhancing productivity." Terms of the acquisition were not released.

Ivanti acquires vulnerability management firm RiskSense

August 2: Ivanti's acquisition of RiskSense allows the company to merge its own automated IT asset management and security platform with RiskSense's vulnerability management and prioritisation technology. The combination, Ivanti claims, will "drive the next evolution of patch management.

"I’m committed to the global fight against ransomware. And I truly believe that the combination of risk-based vulnerability prioritisation and automated patch intelligence can help organisations reduce their exposure and make a major impact in global cyber space," said Srinivas Mukkamala in a press release. Terms of the sale were not released.

Deloitte buys aeCyberSolutions to boost ICS offerings

August 3: Deloitte Risk & Financial Advisory has acquired industrial cyber security firm aeCyberSolutions from aeSolutions for an undisclosed fee. With the purchase, Deloitte gains frameworks, methodologies, and tools aimed at security industrial control systems and operational technology.

"Cyber attacks on industrial controls systems for critical infrastructure are increasingly sophisticated and far-reaching, making cyber resilience and regulatory compliance more important than ever,” said Wendy Frank, Deloitte Risk & Financial Advisory Cyber 5G and IoT leader and principal, Deloitte & Touche LLP, in a press release.

“As industrial organisations digitally transform to adopt more emerging technologies like 5G, the Internet of Things, machine learning and artificial intelligence, our acquisition of the aeCyberSolutions business helps us to offer leading-edge ICS/OT technologies and related advisory services.”

Microsoft acquires CIEM provider CloudKnox Security

July 21: Microsoft has enhanced its cloud security offerings with the acquisition of CloudKnox Security, a cloud infrastructure entitlement management (CIEM) provider. This is Microsoft's second security acquisition this month (see below). With CloudKnox's technology, Microsoft will be able to offer more visibility into privileged access, allowing for better enforcement of least-privilege principles.

"The acquisition of CloudKnox further enables Microsoft Azure Active Directory customers with granular visibility, continuous monitoring and automated remediation for hybrid and multi-cloud permissions. We are committed to providing our customers with unified privileged access management, identity governance and entitlement management," said Joy Chik, corporate vice president Microsoft Identity, in a blog post. Transaction terms were not released.

Rapid7 buys threat intelligence and remediation firm IntSights Cyber Intelligence

July 19: Rapid7's has acquired IntSights Cyber Intelligence with the intent of combining IntSights' external threat intelligence capabilities with its own threat intelligence technology for customer environments.

“Both IntSights and Rapid7 have a shared belief that organisations will succeed only when they have a unified view of internal and external threats, complete with contextualised intelligence and automated threat mitigation which will allow security teams to focus on the most critical threats," said Corey Thomas, Rapid7 chairman and CEO, in a press release. "We look forward to working with IntSights to make this vision a reality for our customers.” Rapid7 will pay about $335 million for IntSights.

OPSWAT acquires assets of OT, ICS security firm Bayshore Networks

July 19: Critical infrastructure protection company OPSWAT has completed an asset purchase of Bayshore Networks, known for its active industrial cyber security solutions. OPSWAT will integrate Bayshore's products and personnel into its own platform and teams.

“This acquisition furthers our commitment to provide organisations worldwide with the most comprehensive critical infrastructure protection solutions available today,” said Benny Czarny, OPSWAT founder and CEO, in a press release. Terms of the acquisition were not released.

Microsoft in agreement to acquire RiskIQ

July 12: Microsoft announced its intent to acquire global threat intelligence and attack service management firm RiskIQ. The company expects RiskIQ to enhance its security capabilities for digital transformation and hybrid work.

"The combination of RiskIQ’s attack surface management and threat intelligence empowers security teams to assemble, graph, and identify connections between their digital attack surface and attacker infrastructure and activities to help provide increased protection and faster response," said Eric Doerr, Microsoft vice president of cloud security, in a blog post. Terms of the deal were not disclosed.

Sophos adds Linux server and cloud container security with Capsule8 buy

July 7: Sophos has expanded its detection and response solutions with the acquisition of Capsule 8, which is known for its runtime visibility, detection and response for Linux production servers and containers.

“Comprehensive server protection is a crucial component of any effective cyber security strategy that organisations of all sizes are increasingly focused on, especially as more workloads move to the cloud," said Dan Schiappa, chief product officer at Sophos, in a press release. "With Capsule8, Sophos is delivering advanced, differentiated solutions to protect server environments, and expanding its position as a leading global cyber security provider.” Terms of the sale were not released.

Ping Identity buys SecuredTouch for its identity fraud capabilities

June 21: Ping Identity has acquired SecuredTouch, known for its fraud and bot detection and mitigation solutions. Ping will integrate SecuredTouch into its PingOne Cloud Platform.

"Identity isn’t just about knowing who customers are, it’s about knowing when someone is pretending to be a customer. As companies undergo massive digital transformation initiatives, the need for seamless, frictionless, and secure identity solutions to confidently understand both those situations is imperative,” said Andre Durand, founder and CEO of Ping Identity, in a press release.

“The acquisition of SecuredTouch accelerates our vision for cloud delivered intelligent identity solutions that combat malicious behavior such as bots, emulators, and account takeover.”

Deloitte expands threat intelligence offerings with Terbium Labs acquisition

June 15: Deloitte has purchased the assets of digital risk protection solution provider Terbium Labs. The company helps organisations detect and remediate data exposure, theft and misuse. All Terbium solutions and services will be rolled into Deloitte's Detect & Response suite.

“Adding Terbium Labs’ business to our portfolio will offer our clients one more way to continuously monitor for -- and, when appropriate, minimise the impact of -- data exposed on the open, deep, or dark web,” said Kieran Norton, Deloitte Risk & Financial Advisory's infrastructure solution leader and principal, Deloitte & Touche LLP, in a press release.

Forcepoint to acquire UK-based Deep Secure

June 15: Forcepoint has entered into an agreement to buy Deep Secure. Once the deal finalises in August, the company plans to integrate Deep Secure's Threat Removal Platform into its Cross Domain Solutions portfolio, and its content, disarm and reconstruction (CDR) capabilities into Forcepoint's SASE architecture.

Read more on the next page...


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags M&Acyber security

Show Comments