The 10 Biggest Cybersecurity Acquisitions Of 2021 (So Far)
Private equity goliaths, SPACs, and pure-play security mainstays spent nearly $31 billion on the year‘s top cybersecurity acquisitions, placing big bets on securing networks and endpoints as well as managing employee and customer access.
Knowledge Is Power
Companies placed big bets on securing networks and endpoints and managing employee and customer access in the first half of 2021, with seven of the period‘s 10 biggest acquisitions focused around these technology areas.
Private equity goliaths, special purpose acquisition companies (SPACs) and pure-play security mainstays collectively agreed to spend nearly $31 billion on the year‘s most significant deals, scooping up nearly 12,500 employees from an assortment of legacy firms and late-stage startups.
One of the acquired entities was founded in the 1980s, one was founded in the 1990s, four were established in the 2000s, three set up shop in the 2010s, and one was formed in the 2020s. Four of the acquired companies are based in Silicon Valley, three are based in the Washington D.C. area, two are headquartered in Seattle, and one is in South Florida.
Six of the acquisitions were consummated by private equity firms, three were carried out by SPACs, and one was completed by a pure-play security vendor. Purchase price information was obtained from company press releases or from third-party reports like Momentum Cyber or PE Hub. Here’s a look at the biggest 10 cybersecurity acquisitions impacting the channel so far in 2021.
For more of the biggest startups, products and news stories of 2021 so far, click here.
T-9. TPG Capital Acquires Centrify
Purchase Price: $900 Million (Momentum Cyber)
Centrify got its third owner and fourth top executive in less than three years after the company was purchased by private equity firm TPG Capital and selected Art Gilliland as CEO. TPG’s buy of Centrify from Thoma Bravo came just two-and-a-half years after Thoma Bravo acquired a controlling stake in the firm from venture capital firms Mayfield, Accel Partners, Jackson Square Ventures, and Index Ventures.
The company in January tapped Gilliland, the former head of Symantec Enterprise and CEO of Skyport Systems, to be its next leader. The move came just seven months after Centrify brought in top CollabNet executive Flint Brenton to serve as its president and CEO.
“As a result of many accelerating IT trends – including faster digital transformation, accelerated cloud adoption, and agile DevOps practices – enterprises need to manage and protect more privileged accounts than ever before,” TPG’s Tim Millikin said. “We believe PAM is one of the most important and strategic sub-sectors of security software, and Centrify is a clear market leader in this space.”
T-9. Bain Capital, Crosspoint Capital Acquires ExtraHop
Purchase Price: $900 Million (Press Release)
Private equity firms Bain Capital and Crosspoint Capital agreed in June to purchase network detection and response vendor ExtraHop. The Seattle-based company said the acquisition, which closed July 22, should help ExtraHop extend the power of its platform to consolidate adjacent markets like intrusion detection, network forensics, and IoT security.
With the private equity backing, ExtraHop expects to add more channel sales managers and channel sales engineers internationally, as well as additional national and regional sales managers domestically. ExtraHop CEO Arif Kareem, CTO Jesse Rothstein, and Chief Customer Officer Raja Mukerji will continue in their respective roles, with Rothstein and Mukerji remaining significant investors in the company.
ExtraHop is the third largest player in the network detection and response (NDR) market, with $91.2 million of revenue and 42.6 percent year over year growth, according to a 2019 IDC market share report. Only Darktrace and Cisco Systems have larger NDR practices, while ExtraHop’s NDR business is larger than competitors like Vectra, Symantec, LookingGlass and Exabeam, IDC found.
8. Newtown Lane Marketing To Acquire Appgate
Purchase Price: $1 Billion (Press Release)
Secure access vendor Appgate agreed in February to go public just a year after its formation by getting acquired by shell company Newtown Lane Marketing. Coral Gables, Fla.-based Appgate said becoming a publicly traded company will provide quick access to significant financial resources to accelerate growth, scale and go-to-market strategies.
Appgate was spun out from data center vendor Cyxtera in January 2020 and expects to generate revenues of $40 million this year with a compound annual growth rate (CAGR) of 50 percent over the next half-decade. As part of the Newtown Lane Marketing acquisition, a leading alternative investment manager is also investing $100 million in Appgate.
The company has more than 360 employees and serves over 650 businesses, including Fifth Third Bank, Norwegian Cruise Lines, Secureworks, Rackspace and Weight Watchers. In the federal government space, Appgate said it supports the U.S. Department of Defense and U.S. Department of Homeland Security.
T-6. LGL Systems Acquisition Corp. To Acquire IronNet Cybersecurity
Purchase Price: $1.2 Billion (Press Release)
Network detection and response vendor IronNet Cybersecurity plans to go public on the New York Stock Exchange by being acquired by LGL Systems Acquisition Corp. The deal was announced in March and will allow IronNet to accelerate its growth trajectory and capitalize on strong demand for new and more effective ways to defend against growing cyber threats.
IronNet’s IronDefense provides behavior-based and AI-driven analytics at the network level to detect anomalous activity at individual enterprises and prioritize the highest threats in a company’s network. IronDome shares the IronDefense findings from an individual company within the group of related entities (portfolio companies, supply chains, industries, or nations) for correlation and further analysis.
“Current methods of cyber information sharing, analysis, and collective action are simply too manual and too slow to be effective,” Robert LaPenta, Co- CEO of LGL Systems Acquisition Corp., said in a statement. “We believe this merger will make a real difference in helping IronNet protect our fellow citizens from accelerating aggression by an invisible enemy intent on hurting our well-being.”
T-6. Symphony Technology Group To Acquire FireEye’s Products Business
Purchase Price: $1.2 Billion (Press Release)
FireEye agreed in June sell its fledgling products business to Symphony Technology Group (STG), undoing the 2014 acquisition that brought FireEye’s products and Mandiant’s services together. In addition to purchasing the company’s network, email, endpoint and cloud security portfolio, private equity firm STG also bought the FireEye name.
In addition to the company’s point products, STG will also acquire Milpitas, Calif.-based FireEye’s security management and orchestration platform. The company said its high-growth threat intelligence and incident response services divisions will continue to operate as a publicly traded business under the Mandiant Solutions banner.
After the deal closes, FireEye and Mandiant will continue to share technology, telemetry, threat intelligence, and expertise through a reseller and market cooperation agreement, a transition services agreement, and a strategic collaboration agreement. FireEye’s products business will also benefit from better channel relationships with MSSP providers based on alliances with complementary vendors.
T-4. Tailwind Acquisition Corp. To Acquire QOMPLX
Purchase Price: $1.4 Billion (Press Release)
Risk analytics platform QOMPLX agreed in March to become a public company on the New York Stock Exchange via an acquisition by special purpose acquisition company (SPAC) Tailwind Acquisition Corp. The company also announced plans to purchase cyber intelligence and analytics solutions provider Sentar and insurance modeling and actuarial platform Tyche.
QOMPLX’s cloud-native platform rapidly ingests, transforms, and contextualizes large, complex, and disparate data sources in order to help organizations better quantify, model, and predict risk in areas including cybersecurity, insurance, and finance. The company’s pro forma 2021 revenue is expected to be $141 million, up from $96 million in 2020. QOMPLX has 95 enterprise and government customers.
“Reaching public markets via our partnership with Tailwind expedites QOMPLX’s ability to reach more customers globally and supports our continued development of the core technology platform for mission critical customer applications,” Jason Crabtree, co-founder & CEO of QOMPLX, said in a statement.
T-4. TPG Capital Acquires Thycotic
Purchase Price: $1.4 Billion (PE Hub)
TPG Capital in April purchased privileged access management (PAM) vendor Thycotic from Insight Partners and combined it with recently acquired competitor Centrify. The joint company is for now being called ThycoticCentrify, and is led by former Symantec Enterprise Head and Skyport Systems CEO Art Gilliland, who in January was announced as Centrify’s next CEO.
James Legg, who led Thycotic since July 2015, is serving as president of the combined business. Thycotic has been the fastest-growing company in the PAM market, growing at 40 percent year over year. The company generated $120 million in revenue - $100 million of which is recurring on an annual basis - and is nearly breakeven on earnings before interest, taxation, depreciation and amortization, PE Hub said.
Thycotic empowers more than 12,500 organizations across the world to manage privileged access and has a history of deployment speed and leadership in the cloud. Meanwhile, Centrify has strong identity bridging capabilities and a history of operating in highly complex environments, and counts the world’s largest financial institutions, intelligence agencies, and critical infrastructure firms among its customers.
3. Symphony Technology Group To Acquire McAfee’s Enterprise Business
Purchase Price: $4 Billion (Press Release)
Private equity firm Symphony Technology Group agreed in March to buy McAfee’s enterprise business, turning the legendary cybersecurity firm into a pure-play consumer business. The San Jose, Calif.-based platform security giant is following in the footsteps of top rival Symantec, which sold its enterprise business to Broadcom in 2019 for $10.7 billion and continues to operate its consumer business.
McAfee’s enterprise business will be rebranded while its consumer business continues to be publicly traded under the McAfee name. The split was announced less than five months after McAfee completed a $740 million initial public offering that valued the cybersecurity giant at $9.5 billion.
The company’s enterprise business has struggled in recent years as its faces off against high-powered competitors like CrowdStrike and SentinelOne. Net revenue for the fiscal year ended Dec. 26, 2020, inched ahead to $1.35 billion, up just 1.2 percent from $1.33 billion a year earlier. And the division’s operating loss increased to $180 million, up 19.2 percent from $151 million a year earlier.
2. Okta Acquires Auth0
Purchase Price: $6.5 Billion (Press Release)
Okta in May bought rising customer identity and access management (CIAM) star Auth0 to address a broader set of identity use cases regardless of audience or user. The San Francisco-based identity provider said Bellevue, Wash.-based Auth0 will operate as an independent business unit inside Okta, with both platforms integrated together over time.
The monster deal will give organizations greater choice in selecting the best identity tool for their unique needs, according to the company. The company said the deal will accelerate its growth in the $55 billion identity market. Okta and Auth0’s identity platforms are robust enough to serve the world’s largest organizations and flexible enough to address a variety of identity use cases, the company said.
“Combining Auth0’s developer-centric identity solution with the Okta Identity Cloud will drive tremendous value for both current and future customers,” Okta CEO Todd McKinnon said in a statement. “Okta’s and Auth0’s shared vision for the identity market … will accelerate our innovation, opening up new ways for our customers to leverage identity to meet their business needs.”
1. Thoma Bravo To Acquire Proofpoint
Purchase Price: $12.3 Billion (Press Release)
Private equity giant Thoma Bravo agreed in April to purchase email security powerhouse Proofpoint in the biggest cybersecurity acquisition of all time. The Sunnyvale, Calif.-based company said the proposed acquisition will give Proofpoint the flexibility and resources needed to continue providing an effective cybersecurity and compliance offering.
Proofpoint also expects to benefit from Thoma Bravo’s operating capabilities, capital support and deep sector experience. Proofpoint has made waves in the channel this year, bringing on ex-Bitdefender and Fortinet partner leader Joe Sykora to serve as the company’s first global channel chief. The company has also expanded aggressively in recent years beyond email security and into adjacent fields via acquisition.
“We believe that as a private company, we can be even more agile with greater flexibility to continue investing in innovation, building on our leadership position and staying ahead of threat actors,” Proofpoint Chairman and CEO Gary Steele said in a statement. “Thoma Bravo is an experienced software investor, providing capital and strategic support to technology organizations.”