The number of cybersecurity mergers and acquisitions deals in 2021 set a record pace. The first three quarters of the year saw 151 transactions in the industry, according to 451 Research. That’s up from 94 for the same period in 2020. That trend is likely to continue in 2022.
Many of the 2021 transactions CSO reported were in the identity and cloud security markets, especially toward the end of the year. This trend is likely to continue as these markets consolidate.
In all markets, larger firms are looking to expand their capabilities. Recorded Future’s acquisition of SecurityTrails is an early 2022 example, as it adds attack surface monitoring technology to Recorded Future’s offerings.
Last year saw some companies that are not primarily in the cybersecurity market buy security firms to better protect their data and customers. In November 2021, global retailer Schwarz Group bought cloud security firm XM Cyber to enhance the security of its digital offerings. This is likely to continue into 2022, as evidenced by Google Cloud’s acquisition of Siemplify. Google Cloud already offers a suite of security tools to its cloud platform customers. Siemplify enhances gives it enhanced security orchestration, automation and response (SOAR) capabilities.
Below are the deals that CSO has selected as the most significant of the year. (This list is updated periodically as new deals are announced.)
The Purple Guys acquire managed service provider Golden Tech
October 18: Managed It services provider The Purple Guys has acquired Golden Tech. The deal allows the company to expand its IT and cybersecurity services within the Chicago and Indiana regions. “We are thrilled to announce this highly strategic acquisition of Golden Tech, which is complementary to our existing offerings and supports our broader growth strategy,” said Kevin Cook, CEO of The Purple Guys, in a press release. “Shawn and Steve Massa built an outstanding company with an impressive track record of growth, a loyal client base and a tenured team with deep experience supporting the SMB community. We are very excited to partner with the Golden Tech team. We look forward to building on the company’s historical success and driving continued growth in the broader Northwest Indiana and Chicagoland markets.” Terms of the deal were not disclosed.
Red Sift acquires attack surface management provider Hardenize
October 13: Red Sift has announced its acquisition of Hardenize. The company plans to integrate Hardenize’s attack surface management (ASM) capabilities into its digital resilience solution. said Rahul Powar, CEO of Red Sift. “By acquiring Hardenize, an innovator in ASM, we extend our leading security products beyond protecting email; enabling enterprise customers to see their full attack surface, solve the issues at hand, and secure their valuable assets in an ever-evolving threat continuum,” said Rahul Powar, CEO of Red Sift, in a press release. Terms of the deal were not disclosed.
Thoma Bravo to buy ForgeRock and take the company private
October 11: Software investment firm Thoma Bravo has entered into an agreement to acquire global digital identity firm ForgeRock for $2.3 billion USD, one of the largest M&A transactions in the cybersecurity space this year. “The transaction offers a unique opportunity to create value for all of our stakeholders and is a clear validation of our team’s outstanding work and the start of an exciting new chapter for ForgeRock, our customers, and our partner ecosystem,” said ForgeRock CEO Fran Rosch in a press release. “We are confident that Thoma Bravo’s resources and insights will help us continue to drive innovation in our platform and deliver even more value for customers.”
Jamf to buy mobile detection and response vendor ZecOps
September 26: Apple enterprise management firm Jamf has signed an agreement to acquire ZecOps, Inc. Once completed, the deal will enhance the security capabilities of Jamf’s platform. “We believe ZecOps has built a differentiated solution that meets a very important need for many organizations – the ability to thoroughly detect and investigate threats that target mobile users so they can confidently use these powerful devices for work,” said Dean Hager, CEO, Jamf, in a press release. “This capability further propels our goal of continuing to bridge the gap between what Apple provides and the enterprise requires.” Terms of the deal were not disclosed.
CrowdStrike announces intent to acquire Reposify
September 20: CrowdStrike Holdings has agreed to purchase Reposify, Ltd., and its external attack surface management platform (EASM). The company expects to include the EASM technology into its Threat Intelligence product suite. “Fortifying security posture and reducing enterprise risk are top priorities for organizations. Traditional risk models take an inside-out approach, which doesn’t always account for how a threat actor may view the external attack surface. Reposify’s technology delivers an outside-in perspective of an organization’s global external risk, providing deep visibility into what connected devices are vulnerable and most likely to be targeted,” said George Kurtz, co-founder and CEO of CrowdStrike, in a press release.Terms of the deal were not disclosed.
SandboxAQ acquires encryption analysis firm Cryptosense
September 13: SandboxAQ has purchased Cryptosense, which the company expects to accelerate its deployment of its post-quantum cryptography solutions. SandboxAQ its product will provide a single 360-degree view of how encryption is used throughout the enterprise. “Rapid advances in quantum computing and AI challenge the effectiveness and performance of existing cryptography-based cybersecurity solutions. The combined leadership, talent, and expertise that SandboxAQ and Cryptosense bring to the marketplace accelerates the deployment of more effective cryptography solutions to protect the world against the security threats of today and tomorrow,” said Jack D. Hidary, CEO of SandboxAQ, in a press release. Terms of the deal were not released.
