The Top 10 Security M&A Deals Of 2019 (So Far)

Technology titans, private equity goliaths, and pure-play security mainstays spent more than $3.6 billion on the year's most significant deals, placing major bets to gain expertise around the cloud, endpoint, and security operations and intelligence.


Securing The Future

Companies placed big bets on the cloud, endpoint, and security operations and intelligence in the first half of 2019, with six of the period's 10 top M&A deals focused around these technology areas.

Technology titans, private equity goliaths, and pure-play security mainstays collectively spent more than $3.6 billion on the year's most significant deals, scooping up some 2,550 employees from an assortment of legacy firms and early- and late-stage startups. One of the acquired companies was founded in the 1990s, five were founded in the 2000s, and four were established in the 2010s.

Three of the acquired companies are based in Silicon Valley, three are based elsewhere in the Western United States, three are based in the Southeast, and one is based in the Northeast.

Sponsored post

Four of the acquisitions were consummated by platform security vendors, three were carried out by technology providers focused predominantly outside security, two were carried out by more narrowly focused security players, and one was executed by a private equity firm. Here's a look back at the 10 top security M&A deals impacting the channel so far in 2019.

10. Akamai Acquires Janrain

Purchase Price: $123.6 Million (SEC Filing)

Akamai Technologies in January purchased Janrain to improve the security around customers' apps, websites and APIs by integrating customer identity access management capabilities.

The Cambridge, Mass.-based technology vendor said its proposed acquisition of Portland, Ore.-based Janrain would result in increased accuracy in mitigating identity fraud. Akamai clients were expected to immediately see security benefits around bot management and threat intelligence, which is critical since nearly 40 percent of users employ the same or very similar passwords across online accounts.

Combining Akamai's bot manager and Janrain's capabilities will allow customers to make better decisions about which users should be allowed to access registration and login pages based on reputation built on past online behavior, the company said. The integrated technology will also safeguard against malicious activity including fraudulent account creation and credential compromise.

9. Symantec Acquires Luminate Security

Purchase Price: $139 Million (SEC Filing)

Symantec in February purchased Luminate Security to better protect users around workloads and applications regardless of where they're deployed or what infrastructure they're accessed through.

The Mountain View, Calif.-based platform security vendor said its acquisition of Palo Alto, Calif.-based cybersecurity startup Luminate Security will make it possible to deliver private secure application access, granting user connections only to the specific applications and resources for which they are authorized.

The Luminate platform provides employees with a consistent, cloud-native experience around any corporate application regardless of where it's hosted, the device being used, or where the worker is located. All user activities are examined against company policies, triggering automatic actions to ensure security is being enforced and to prevent unauthorized access.

8. Elastic Acquires Endgame

Purchase Price: $234 Million (SEC Filing)

Open-source search technology company Elastic agreed in June to purchase next-generation endpoint protection company Endgame to bring a comprehensive security offering to market.

The Mountain View, Calif.-based company said combining Arlington, Va.-based Endgame's endpoint protection, detection and response expertise with Elastic's security information and event management (SIEM) capabilities will help organizations extend threat hunting to the endpoint. The deal is expected to close in the fourth quarter of 2019 and is subject to a shareholder vote.

Endgame already embeds Elastic's flagship Elasticsearch product as its main data store for alerts and investigation workflows, said Elastic Founder and CEO Shay Banon. The endpoint agents from Endgame fit nicely into the paradigm of agents shipping data, Banon said, and provide protection against modern attacker techniques.

7. FireEye Acquires Verodin

Purchase Price: $254.4 Million (SEC Filing)

FireEye in May acquired cybersecurity startup Verodin to help find security effectiveness gaps stemming from equipment misconfiguration, evolving attacker tactics, or changes in the IT environment.

The Milpitas, Calif.-based platform security vendor said its acquisition of McLean, Va.-based Verodin will help measure and test security environments against known and newly-discovered threats to identify risks in security controls before a breach occurs.

The purchase of Verodin will make it easier for FireEye customers to reliably and consistently quantify cyber risk in a way that's understandable to both frontline technicians as well as the board room, said FireEye CEO Kevin Mandia said. Verodin will be integrated with FireEye Helix's security orchestration capabilities to help customers prioritize and automate continuous improvement of security controls.

6. Zix Acquires AppRiver

Purchase Price: $276.4 Million (SEC Filing)

Dallas-based Zix in February purchased Gulf Breeze, Fla.-based email security provider AppRiver as part of a massive push into the channel, increasing its number of partners by 10-fold with the stroke of a pen.

The deal is expected to create a secure email juggernaut in the SMB market with annual recurring revenue of $180 million and “game-changing application delivery for MSPs,” Zix CEO David Wagner told CRN. The deal has increased Zix's channel ecosystem from 400 partners to 4,000 partners.

“We’re the first ones to bring together a platform for cloud email delivery that extends beyond just Microsoft to a broader security and compliance suite,” Wagner said at the time. “The ability to acquire AppRiver, to more than double the size of the company and to position ourselves really strongly with MSP partners.

5. NTT Security Acquires WhiteHat Security

Purchase Price: $315 Million (Momentum Cyber)

NTT Security in March purchased WhiteHat Security to better support customers on the digital transformation journey with application security and DevSecOps capabilities.

The Tokyo-based company said its acquisition of San Jose, Calif.-based WhiteHat will bring WhiteHat's application security platform and NTT Security's consulting and managed security services together under a single roof, providing partners and customers with a more complete offering.

WhiteHat had undertaken a three-year transformation journey and had begun a strategic financial review of its options, said CEO Craig Hinkley. WhiteHat wanted to become part of a company that saw application security and DevSecOps as key to securing a customer's business, Hinkley said, and was looking for an owner with the experience and financial capabilities to lead it through its next stage.

4. Palo Alto Networks Acquires Twistlock

Purchase Price: $410 Million (SEC Filing)

Palo Alto Networks in May agreed to strengthen its position in the cloud by purchasing rising container security star Twistlock to better secure modern applications throughout their entire lifecycle.

Company CEO Nikesh Arora said Portland, Ore.-based Twistlock is "by far the leader" in the container security market, and since clients still want to use best-in-breed technology, the company decided it was important to buy Twistlock and integrate it into their cloud security platform. The company wants to integrate Twistlock very quickly so that it can offer customers a full public cloud security suite, he said.

The Santa Clara, Calif.-based platform security vendor is driving consolidation in the cloud security space, Arora said, by making it so that customers no longer have to buy piece products for containers, private cloud, public cloud, on-premise, SaaS or serverless security.

3. Palo Alto Networks Acquires Demisto

Purchase Price: $474.2 Million (SEC Filing)

Palo Alto Networks in March purchased analytics and automation vendor Demisto to bolster threat prevention and response to security teams.

The Santa Clara, Calif.-based platform security giant said the deal will drive better use of AI and machine learning to further automate security operations. The automated playbooks from Cupertino, Calif.-based Demisto have helped reduce alerts that require human review by up to 95 percent, Palo Alto Networks said, allowing security teams to focus on more complex matters.

From a sales standpoint, the company said Demisto plans to continue executing against the company's aggressive growth plans with the aim of leveraging Palo Alto Networks' distribution network to achieve its ambitious goals. On the technical side, Demisto plans to work closely with the Palo Alto Networks team to strengthen its existing integration with Palo Alto Networks’ Application Framework.

2. Carbonite Acquires Webroot

Purchase Price: $622 Million (SEC Filing)

Carbonite in March purchased Webroot to create a company that can deliver both backup and recovery as well as cloud-based cybersecurity on the endpoint.

The Boston-based data protection provider said that it and Bloomfield, Colo.-based Webroot share a go-to-market focus and complementary ecosystem of channel partners. At the same time, Carbonite said that Webroot's leading MSP partners and remote monitoring and management (RMM) relationships provide the company with a new channel for increased scale and market expansion.

With the evolution of threats like ransomware, Carbonite President and CEO Mohamad Ali said customers and partners are increasingly seeking a more comprehensive offering that's both powerful and easy to use. The combined customer base will benefit from an easy-to-use, cloud-based, integrated offering, which includes unique ransomware prevention and recovery capabilities.

1. Insight Partners Acquires Recorded Future

Purchase Price: $780 Million (Press Release)

Minority owner Insight Partners agreed in May to purchase a controlling stake in Recorded Future to accelerate the threat intelligence vendor's technical and product vision.

The Somerville, Mass.-based company said it's uniquely positioned to capitalize on opportunities in adjacent markets such as security operations, vulnerability management, and third-party risk. Recorded Future said it plans to leverage New York-based Insight's deep experience and internal consulting arm, Insight Onsite, to accelerate the next phase of the company's global growth and expansion.

Recorded Future Co-Founder and CEO Christopher Ahlberg said the company has been working with Insight Managing Director Mike Triplett and his team for a number of years, and has benefitted from the company's sage advice, industry knowledge, and relationships. Getting bought by Insight was the logical next step for Recorded Future given the opportunities in front of the company, according to Ahlberg.