Accenture Buys Cyberattack Simulation Firm FusionX, To Grow Security Practice

Accenture made the first of several expected cybersecurity acquisitions Tuesday, buying a small cybersecurity firm focused on attack simulation, threat modeling and risk advisory services.

Dublin, Ireland-based Accenture, No. 2 on the 2015 CRN Solution Provider 500, said its purchase of Arlington, Va.-based FusionX will allow clients to more effectively manage risk by combining FusionX's expertise in identifying security vulnerabilities with Accenture's suite of security and operations offerings.

"Clients need to test themselves against adversaries that are similar to what they face in the real world," Bill Phelps, global managing director of Accenture Security Services, told CRN.

[Related: 10 Emerging Security Vendors You Need To Know About]

id
unit-1659132512259
type
Sponsored post

FusionX tests the ability of Fortune 500 clients in the financial services and energy verticals to defend against professional-level threats by subjecting end users to continuous, unscheduled simulated attacks and debriefing them on the findings.

Customers can commit to anywhere from one to three years of testing, according to FusionX CEO Matt Devost, with the simulated attacks occurring from once a quarter to once a year. Devost told CRN the regime is much more effective than traditional penetration testing as the simulated attacks are more rigorous and can occur over weekends or during holidays when there's less staff around.

"If you have to fight Mike Tyson, do you want to train with a static punching bag or a live sparring partner?" Devost asked. "It is intended to be somewhat disruptive for the [client's] security team."

Terms of the acquisition, which closed Monday, were not disclosed. All 22 of FusionX's employees are making the move over to Accenture, according to Devost.

FusionX will likely transition over to Accenture branding, Phelps said, though it will continue to operate as an autonomous entity within the consultancy.

Although there is significant overlap between the clients of Accenture and FusionX, Phelps said customers will benefit from having a one-stop shop for both testing and remediation services. FusionX doesn't provide remediation services on its own, Phelps said, meaning its findings had to be communicated to another vendor to obtain fixes.

The deal will also give existing Accenture clients who haven't previously worked with FusionX better insight as to what an advanced attack would be like in a real-life environment, Phelps said.

As for FusionX, Accenture's scale and resources will enable the company to bolster its capabilities and work with more clients, according to Accenture. Phelps said Accenture has "ambitious targets" for head count and revenue growth in the threat-testing space, but declined to provide specifics.

Accenture sees cybersecurity as a key growth area, Phelps said, and believes the company needs a bigger portfolio of sophisticated capabilities in the space. Given the innovation taking place and the tightness of the security labor market, Phelps said, acquisitions present a good opportunity for Accenture to broaden its offerings and reach more prospective customers.

Accenture has been very active in the M&A market ever since September 2013, when it set aside $800 million for strategic acquisitions. The solution provider acquired public sector digital technology provider Agilex Technologies in February for an undisclosed amount and 190-person, Houston-based energy technology firm Structure in January.

PUBLISHED AUG. 4, 2015