A leg up on the competition
Companies placed big bets on securing applications and unmanaged IoT devices as well as risk and compliance in the first half of 2020, with eight of the period's 10 biggest acquisitions focused around these technology areas.
Private equity goliaths, technology titans and pure-play security mainstays collectively spent more than US$8.5 billion on the year's most significant deals, scooping up nearly 6,700 employees from an assortment of legacy firms and late-stage startups. Two of the acquired entities were founded in the 1980s, five were founded in the 2000s, and three were established in the 2010s.
Five of the acquired companies are based in Silicon Valley, two are based elsewhere in the Western U.S., two are based in the Northeastern U.S., and one is based in Israel.
Four of the acquisitions were consummated by private equity firms, three were carried out by businesses with a technology arm, two were executed by technology providers, and one was completed by a platform security vendor.
Purchase price information was obtained from company press releases or U.S. Securities and Exchange Commission filings or from third-party reports like Momentum Cyber or Reuters.
Here’s a look at the biggest 10 cybersecurity acquisitions impacting the channel so far in 2020.
10. Accenture acquires Symantec Cyber Security Services
Purchase Price: US$200 million (Momentum Cyber)
Accenture in April purchased Symantec’s Cyber Security Services business from Broadcom.
The Dublin, Ireland-based company said the acquisition also included Symantec’s global threat monitoring and analysis capabilities through a network of six operation centers located in the U.S., the U.K., India, Australia, Singapore and Japan. The Cyber Security Services business has more than 300 employees globally.
The focal point of the deal is Symantec’s managed security services business, which delivers a steady stream of technical and cyber adversary threat intelligence through a customisable portal. The transaction came just six months after Broadcom closed its US$10.7 billion acquisition of Symantec’s Enterprise Security business, which included the Cyber Security Services assets.
9. Digital.ai acquires Arxan Technologies
Purchase Price: US$225 million (Momentum Cyber)
Arxan Technologies in April was acquired and brought together with CollabNet, VersionOne and XebiaLabs to form Digital.ai. The TPG Capital-backed company looks to create the industry’s first intelligent value stream platform by combining agile planning, application security and software delivery.
Digital.ai looks to help the world’s largest enterprises create operational efficiencies across development, IT operations and security and deliver high-quality, secure digital experiences their customers can trust. San Francisco-based Arxan’s existing shareholder, TA Associates, sold its stake in the company as part of the combination.
Arxan’s addition to the new Digital.ai platform provides a unique set of capabilities that offer “Security by Design,” with application security at the planning level ensuring organizations are compliant from the start. And the company’s continuous app protection and real-time threat data feedback capabilities can reduce unnecessary churn or delays toward the end of the development life cycle, Digital.ai said.
8. LexisNexis risk solutions acquires ID analytics
Purchase Price: US$375 million (SEC filing)
LexisNexis Risk Solutions in January purchased ID Analytics from NortonLifeLock to enhance its credit and fraud risk assessment capabilities for enterprises.
The Atlanta-based risk management business said its proposed acquisition of San Diego-based ID Analytics will help with the delivery of risk insight through a combination of proprietary data, patented analytics, and near-real-time cross-industry consumer identity behavior.
ID Analytics has become part of the LexisNexis Risk Solutions Business Services group, which uses data, technology, linking and analytics to deliver actionable insight that enables businesses to better analyze and assess risk. More than 450 companies in the US rely on ID Analytics to make risk-based decisions to improve customer experience, enhance revenue, reduce fraud and drive cost savings.
7. Palo Alto Networks acquires CloudGenix
Purchase Price: US$402.7 million (SEC filing)
Palo Alto Networks in April purchased CloudGenix to accelerate the on-boarding of remote branches and retail stores into the company’s secure access service edge (SASE) platform.
The platform security giant said its acquisition of CloudGenix will address network and security transformation requirements and accelerate the shift from SD-WAN to SASE. The proposed deal will extend the breadth of the Palo Alto Networks’ Prisma Access SASE platform, which delivers cloud security across the globe for all users.
CloudGenix said its cloud-delivered autonomous WANs have revolutionized branch offices. The company gives enterprises cloud-scale economics for the branch office with the freedom to use any WAN, cloud or best-of-breed infrastructure service, according to the company.
6. LexisNexis Risk Solutions acquires Emailage
Purchase Price: US$480 million (Reuters)
LexisNexis Risk Solutions in March purchased Emailage to help organizations reduce online fraud by building multidimensional profiles associated with customer email address to render predictive risk scores.
The Atlanta-based risk management business said its acquisition of Chandler, Ariz.-based Emailage’s fraud prevention tools assess fraud risks by utilizing email address metadata, a differentiated global contributory network and machine-learning algorithms. The company operates in the fraud and identity sector where customer needs are in constant flux due to the expansion of digital commerce.
Now part of the Business Services group of LexisNexis Risk Solutions, Emailage will enhance the LexisNexis Digital Identity Network with its best-in-class email intelligence and contributory networks. LexisNexis Risk Solutions said it already had an established commercial partnership with Emailage to offer email risk assessment to customers around the world.
5. Moody’s acquires RDC
Purchase Price: US$700 million (press release)
Moody’s in February purchased RDC (Regulatory DataCorp), a provider of anti-money-laundering and know-your-customer data and due diligence services.
The New York-based financial services giant said its acquisition of King of Prussia, Pa.-based RDC will help companies assess counterparties through a lens of more than 60 risk types by examining more than 120,000 global sources, including adverse media coverage, politically exposed persons, government sanctions and regulatory watchlists. RDC had been owned by private equity firm Vista Equity Partners.
Moody’s said RDC’s platform incorporates industry-leading artificial intelligence for compliance screening to help process customer requests at greater speeds and accuracy while reducing false positives. The deal has extended RDC’s presence to a broader group of financial institutions, corporations, insurance companies and government agencies served by Moody’s Analytics.
4. Insight Partners acquires Armis
Purchase Price: US$1.1 billion (Press Release)
Insight Partners in February purchased Armis to strengthen its market position in unmanaged device security.
The fast-growing IoT security startup, with offices in Israel and Palo Alto, Calif, has continued to operate independently and is being managed by its existing executive team, including co-founder and CEO Yevgeny Dibrov as well as co-founder and CTO Nadir Izrael. Dibrov in January praised Insight for the depth of its domain enterprise as well as its understanding of the enterprise IoT device challenges Armis is looking to solve.
Armis lets organizations safely embrace unmanaged and IoT devices throughout their business, and is used by global organizations such as Allergan, Mondelez, Oracle and Sysco Foods as well as 25 percent of the Fortune 50. This is the largest acquisition of a privately held Israeli cybersecurity firm to date, and is expected to strengthen Armis’ position with its device behavior tracking and incident response platform.
3. Hellman & Friedman acquires Checkmarx
Purchase Price: US$1.15 billion (press release)
Checkmarx was purchased in April by private equity firm Hellman & Friedman (H&F) in the largest acquisition of an application security company to date.
The Israel-based vendor said the proposed acquisition will bolster Checkmarx’s already outstanding growth at a time when software security is critical for modern enterprises. More than 40 of the Fortune 1000 have turned to Checkmarx to mitigate risk, secure code and embed security into the software development life cycle, according to the company.
Checkmarx had grown its head count at the time of the acquisition to more than 700 people, up 28 percent from 534 employees a year ago and 73 percent from 395 employees two years ago. The company had been owned by Insight Partners since receiving an US$84 million investment from the firm in June 2015. Insight planned to retain a significant minority stake in Checkmarx following the sale to H&F.
2. Advent International to acquire Forescout
Purchase Price: US$1.9 billion (Press Release)
Forescout in February agreed to be purchased by private equity firm Advent International less than two and a half years after going public. The deal is expected to provide the San Jose, Calif.-based IoT security vendor with the flexibility needed to continue investing in the development and deployment of leading-edge cybersecurity products and tools that serve the evolving needs of enterprise customers.
But Advent told Forescout on May 15 that it would not be closing the deal as scheduled, and Forescout said the two sides were having discussions regarding timing to close and the terms of the transaction. Then on May 20, Forescout sued Advent for allegedly violating the terms of their acquisition agreement, arguing that that all closing conditions are satisfied and that Advent is obligated to close the transaction.
Advent said its analysis found that Forescout has experienced a material adverse effect to its business, financial condition and operational results, and believes the vendor will lack the ability to meet its financial obligations as they become due based on its expected post-closing financial condition. A trial in the Delaware Court of Chancery has been set for the week of July 20.
1. Symphony Technology Group to acquire RSA Security
Purchase Price: US$2.08 billion (SEC filing)
Dell Technologies in February agreed to sell RSA Security to private equity firm Symphony Technology Group (STG) less than four years after acquiring the encryption pioneer.
The technology giant said the sale of Bedford, Mass.-based RSA will allow Dell to simplify its security strategy to focus on securing and protecting data at the edge, in the core and in cloud environments. The transaction includes RSA’s four product lines as well as the RSA Conference, and is expected to close by the end of October.
Dell said it sought a buyer that was enthusiastic about RSA’s mission, committed to its customer and partner base, and interested in maximizing RSA’s talent, experience and growth potential. Dell said it ultimately determined that Palo Alto, Calif.-based STG would be the right custodian to achieve those goals.