Top cybersecurity M&A deals for 2021

2021 is shaping up to be an active year for mergers and acquisitions in the cybersecurity industry. March alone saw more than 40 firms being acquired. The level of activity is driven by growth in sectors such as identity management, zero trust, managed security services, DevSecOps and cloud security.

In many cases, the acquiring company sought to strengthen its position in its market—Okta’s purchase of Auth0, for example. In others, the acquisition was an entry into a new market; Lookout is now a player in the secure access service edge (SASE) market with the acquisition of CipherCloud. Some used the newly acquired company to expand product capabilities, like Palo Alto Networks boosting its Prisma Cloud platform with cloud security technology from Bridgecrew.

Below are the deals that CSO has selected as the most significant of the year. (This list is updated periodically as new deals are announced.)

ZeroFox to acquire cybersecurity digital privacy firm IDX, go public

December 20: Cybersecurity SaaS vendor ZeroFox has entered into an agreement with digital privacy protection firm IDX and L&F Acquisition, a special purpose acquisition company (SPAC) for a business publication that will allow ZeroFox to become a publicly traded company. Its estimated market valuation would be $1.4 billion. “…rapid digital transformation has made companies vulnerable to attackers, resulting in the highest breach rate the industry has ever seen,” said James C. Foster, chairman and CEO of ZeroFox, in a press release. “We believe that external cybersecurity must be a top three priority and part of the critical security tech stack for chief information security officers because perimeter firewalls and internal endpoint agents alone are not enough to protect company assets and customers.”

Brillio strengthens its cloud security services with Cedrus Digital acquisition

December 20: Digital technology consulting firm Brillio has acquired Cedrus Digital, a cloud consultancy with cloud security and DevSecOps capabilities. “As companies continue to accelerate and scale their digital ambitions, they increasingly need proven expertise with industry-specific domain experience. Acquiring Cedrus Digital is a tremendous opportunity to deepen Brillio’s on-shore capabilities in cloud native engineering, cognitive process automation, and cloud security,” said Brillio CEO and co-founder Raj Mamodia in a press release. Terms of the deal were not released.

Claroty to acquire healthcare IoT security firm Medigate

December 8: Claroty looks to solidify its presence in what it calls the extended internet of things (XIoT) security market with the planned acquisition of Medigate and its dedicated healthcare IoT scurity platform. “By combining Claroty and Medigate’s deep domain expertise and specialized technologies into a single platform, we will take a giant leap forward on our mission to secure the ever-expanding universe of XIoT for every connected organization,” said Claroty CEO Yaniv Vardi in a press release. “We envision a future where cyber and physical worlds safely connect to support our lives, and with such strong backing from some of the world’s foremost technology investors, we have the resources we need to make this vision a reality.” Terms of the deal were not released.

Retailer Schwarz Group acquires majority stake in cloud security vendor XM Cyber

November 22: Schwarz Group, the fourth-largest retailer worldwide, continues its efforts to establish itself in the cloud computing market with the majority stake acquisition of hybrid cloud security firm XM Cyber. “We are constantly expanding our digital offering for our customers, such as our Lidl online shopping, the kaufland.de marketplace or our Kaufland Card and Lidl Plus loyalty programs. With the solutions from XM Cyber, we offer our customers even more mechanisms to further develop the digital shopping and customer experience holistically,” said Rolf Schumann, CEO of Schwarz Digital, in a press release. Terms of the deal were not released.

GB Group announces intent to acquire Acuant to strengthen identity offerings

November 18: GB Group (GBG) has reached an agreement to purchase Acuant, a provider of identity verification and KYC/AML compliance products, for $736 million. The move is expected to accelerate UK-based GBG’s global rollout of its identity and fraud solutions. “Together we create a global leader in data, document and biometric identity verification services and strengthen our mutual capability to capitalize on the fast-growing identity fraud market,” said GBG CEO Chris Clark in a press release.

Sift acquires Keyless for passwordless authentication

November 17: Digital trust and safety company Sift has acquired Keyless and its passwordless and multi-factor authentication technology. The company plans to sell Keyless products to regulated businesses and online retailers. “Protecting businesses from fraud while reducing customer friction is the foundation of a digital trust and safety strategy,” said Marc Olesen, president and CEO of Sift, in a press release. “Keyless has created a truly innovative product that provides better account security with less friction for users, and meets the qualifications for regional regulations like PSD2.” Terms of the sale were not released.

IBM announces intent to acquire endpoint security vendor ReaQta

November 2: IBM Security has reached an agreement to acquire ReaQta to expand its threat detection and response capabilites. ReaQta’s AI-based endpoint security products automatically identify and manage threats. ” With our expanded capabilities via [IBM’s] QRadar XDR and the planned addition of ReaQta, IBM is helping clients get ahead of attackers with the first XDR solution that reduces vendor lock-in via the use of open standards,” said Mary O’Brien, general manager, IBM Security, in a press release. Terms of the deal were not released.

One Identity acquires OneLogin to further consolidate IAM market

October 4: Identity security provider One Identity has acquired identity access management (IAM) vendor OneLogin for an undisclosed sum. The company plans to combine OneLogin’s technology with its Unified Identity Security Platform to provide enhanced IAM, privileged access management (PAM), identity governance and administration, and Active Directory management and security. “With the proliferation of human and machine identities, the race to the cloud and the rise of remote working, identity is quickly becoming the new edge – and protecting identity in an end-to-end manner has never been more important,” said Bhagwat Swaroop, president and general manager of One Identity, in a press release.

Akamai announces plans to acquire Guardicore

September 29: Akamai has signed an agreement to acquire micro-segmentation solution provider Guardicore for approximately $600 million. The company plans to integrate Guardicore’s technology into its zero trust security portfolio. “Given the recent surge in ransomware attacks and increasingly stringent compliance regulations, investing in technologies to reduce the spread of malware has become mission critical,” said Tom Leighton, CEO and co-founder, Akamai Technologies, in a press release. “By adding Guardicore’s leading micro-segmentation products to Akamai’s comprehensive portfolio of Zero Trust solutions, we believe Akamai will be able to provide the most effective way to combat ransomware on the market today.”

TransUnion signs agreement to Acquire Neustar

September 13: TransUnion has announced its intent to acquire identity resolution company Neustar for $3.1 billion. The company expects the deal to expand its digital identity capabilities in digital marketing and identity fraud areas. “As digital commerce continues to grow globally, TransUnion’s powerful digital identity assets, enhanced by Neustar’s distinctive data and digital resolution capabilities, will enable safer and more personalized online experiences for consumers and businesses,” said Chris Cartwright, president and CEO of TransUnion, in a press release.

FireMon acquires cloud security firm DisruptOps

September 8: Network security policy management vendor FireMon’s acquisition of DisruptOps adds cloud security operations capabilities to its solutions. FireMon expects to bring to its customers the ability to monitor and respond to security risks across the public cloud infrastructure. “Bringing DisruptOps and FireMon together adds transformational cloud security automation capabilities to FireMon’s leading security management platform – together we will deliver the security operations platform of the future,” said FireMon CEO Jody Brazil in a press release. Terms of the deal were not disclosed.

LogPoint announces intent to acquire SecBI for its SOAR and XDR capabilities

September 1: LogPoint has entered into an agreement to acquire SecBI, known for its automated threat detection and response capabilities. The company plans to integrate SecBI’s SOAR and EDR platform into its own solutions. “This integration will allow customers to quickly launch automated notifications and security remediations using our full-native SOAR capabilities,” said LogPoint CE Jesper Zerlang in a press release. The acquisition is expected to be complete in Q3 2021; terms were not disclosed.

OwnBackup adds Salesforce security and governance with RevCult acquisition

August 31: Cloud data protection firm OwnBackup has acquired RevCult, a provider of SaaS security posture management (SSPM) solutions for Salesforce. “Although we’ve equipped customers to be more resilient with proactive data backup, monitoring, compare and restore capabilities, many of the problems we help them recover from are preventable through the addition of proactive SSPM,” said Sam Gutmann, CEO of OwnBackup, in a press release. Terms of the deal were not disclosed.

XYPRO Technology acquires Workload Aware Security for SAP HANA from HPE

August 31: XYPRO Technology has added the Workload Aware Security (WASL) product from Hewlett-Packard Enterprise, bringing security and compliance monitoring capabilities for Linux and SAP HANA environments into its security portfolio. HPE will continue to sell and distribute WASL. XYPRO will support existing WASL deployments and renewals, and continue to develop the platform. Terms of the sale were not disclosed.

Check Point Software adds cloud email protection with Avanan acquisition

August 30: Enterprise security provider Check Point Software Technologies has acquired cloud email security company Avanan. In addition to Avanan’s cloud email security technology, the deal is expected to extend Check Point’s security capabilities to collaboration suites such as Teams and Slack. “More and more businesses are moving to cloud email platforms, and with email becoming a major channel to launch devastating cyberattacks, this acquisition represents a huge potential as organizations are looking for a new approach to email and collaboration suite security,” said Dr. Dorit Dor, Check Point’s chief product officer, in a press release. Terms of the acquisition were not disclosed.

HackerU boosts SaaS cybersecurity education offerings with Cybint acquisition

August 4: Educational cybersecurity firm HackerU has bought Cybint for its SaaS-based education platform. The acquisition increases HackerU’s geographic reach and broadens its offerings across all security career points. The company will also rebrand as ThriveDX. “We are proud to welcome the amazing Cybint team and their incredible portfolio of experience to the HackerU, now ThriveDX, family,” said Dan Vigdor, co-founder and executive chairman of HackerU, in a press release. “The combination of our two companies’ positions the new ThriveDX group as the category leader worldwide and solidifies our ability to reskill and upskill individuals at any stage of their professional life.” Terms of the sale were not disclosed.

Feedzai buys biometric platform Revelock for secure cashless commerce

August 4: Cloud risk management platform provider Feedzai has acquired the Revelock biometric platform. The combined products will create what Feedzai claims is the world’s largest AI-based financial risk management platform. “Our goal has always been to make digital commerce safe for everyone. Adding Revelock to our clients’ arsenal changes the paradigm from securing transactions in real-time – something we were already doing – to effectively preventing crime before it happens,” said Nuno Sebastiao, CEO of Feedzai, in a press release. Terms of the sale were not released.

Ivanti to acquire IIoT platform from WIIO Group

August 4: Ivanti has signed a letter of intent to acquire WIIO Group’s IIoT platform to integrate with its Wavelink supply chain software. The IIoT platform is expected to give Wavelink customers a full view of their IIoT devices and the ability to better identify and remediate security issues. “There is growing demand by enterprises across all verticals to ensure that their supply chain operations are at peak efficiency,” said Brandon Black, vice president and general manager of Ivanti Wavelink, in a press release. “We look forward to integrating our technologies and helping our customers further automate and secure their supply chain operations, while improving end user experiences and enhancing productivity.” Terms of the acquisition were not released.

Ivanti acquires vulnerability management firm RiskSense

August 2: Ivanti’s acquisition of RiskSense allows the company to merge its own automated IT asset management and security platform with RiskSense’s vulnerability management and prioritization technology. The combination, Ivanti claims, will “drive the next evolution of patch management. “I’m committed to the global fight against ransomware. And I truly believe that the combination of risk-based vulnerability prioritization and automated patch intelligence can help organizations reduce their exposure and make a major impact in global cyberspace,” said Srinivas Mukkamala in a press release. Terms of the sale were not released.

Deloitte buys aeCyberSolutions to boost ICS offerings

August 3: Deloitte Risk & Financial Advisory has acquired industrial cybersecurity firm aeCyberSolutions from aeSolutions for an undisclosed fee. With the purchase, Deloitte gains frameworks, methodologies, and tools aimed at security industrial control systems and operational technology. “Cyberattacks on industrial controls systems for critical infrastructure are increasingly sophisticated and far-reaching, making cyber resilience and regulatory compliance more important than ever,” said Wendy Frank, Deloitte Risk & Financial Advisory Cyber 5G and IoT leader and principal, Deloitte & Touche LLP, in a press release. “As industrial organizations digitally transform to adopt more emerging technologies like 5G, the Internet of Things, machine learning and artificial intelligence, our acquisition of the aeCyberSolutions business helps us to offer leading-edge ICS/OT technologies and related advisory services.”

Microsoft acquires CIEM provider CloudKnox Security

July 21: Microsoft has enhanced its cloud security offerings with the acquisition of CloudKnox Security, a cloud infrastructure entitlement management (CIEM) provider. This is Microsoft’s second security acquisition this month (see below). With CloudKnox’s technology, Microsoft will be able to offer more visibility into privileged access, allowing for better enforcement of least-privilege principles. “The acquisition of CloudKnox further enables Microsoft Azure Active Directory customers with granular visibility, continuous monitoring and automated remediation for hybrid and multi-cloud permissions. We are committed to providing our customers with unified privileged access management, identity governance and entitlement management,” said Joy Chik, corporate vice president Microsoft Identity, in a blog post. Transaction terms were not released.

Rapid7 buys threat intelligence and remediation firm IntSights Cyber Intelligence

July 19: Rapid7’s has acquired IntSights Cyber Intelligence with the intent of combining IntSights’ external threat intelligence capabilities with its own threat intelligence technology for customer environments. “Both IntSights and Rapid7 have a shared belief that organizations will succeed only when they have a unified view of internal and external threats, complete with contextualized intelligence and automated threat mitigation which will allow security teams to focus on the most critical threats,” said Corey Thomas, Rapid7 chairman and CEO, in a press release. “We look forward to working with IntSights to make this vision a reality for our customers.” Rapid7 will pay about $335 million for IntSights.

OPSWAT acquires assets of OT, ICS security firm Bayshore Networks

July 19: Critical infrastructure protection company OPSWAT has completed an asset purchase of Bayshore Networks, known for its active industrial cybersecurity solutions. OPSWAT will integrate Bayshore’s products and personnel into its own platform and teams. “This acquisition furthers our commitment to provide organizations worldwide with the most comprehensive critical infrastructure protection solutions available today,” said Benny Czarny, OPSWAT founder and CEO, in a press release. Terms of the acquisition were not released.

Microsoft in agreement to acquire RiskIQ

July 12: Microsoft announced its intent to acquire global threat intelligence and attack service management firm RiskIQ. The company expects RiskIQ to enhance its security capabilities for digital transformation and hybrid work. “The combination of RiskIQ’s attack surface management and threat intelligence empowers security teams to assemble, graph, and identify connections between their digital attack surface and attacker infrastructure and activities to help provide increased protection and faster response,” said Eric Doerr, Microsoft vice president of cloud security, in a blog post. Terms of the deal were not disclosed.

Sophos adds Linux server and cloud container security with Capsule8 buy

July 7: Sophos has expanded its detection and response solutions with the acquisition of Capsule 8, which is known for its runtime visibility, detection and response for Linux production servers and containers. “Comprehensive server protection is a crucial component of any effective cybersecurity strategy that organizations of all sizes are increasingly focused on, especially as more workloads move to the cloud,” said Dan Schiappa, chief product officer at Sophos, in a press release. “With Capsule8, Sophos is delivering advanced, differentiated solutions to protect server environments, and expanding its position as a leading global cybersecurity provider.” Terms of the sale were not released.

Ping Identity buys SecuredTouch for its identity fraud capabilities

June 21: Ping Identity has acquired SecuredTouch, known for its fraud and bot detection and mitigation solutions. Ping will integrate SecuredTouch into its PingOne Cloud Platform. “Identity isn’t just about knowing who customers are, it’s about knowing when someone is pretending to be a customer. As companies undergo massive digital transformation initiatives, the need for seamless, frictionless, and secure identity solutions to confidently understand both those situations is imperative,” said Andre Durand, founder and CEO of Ping Identity, in a press release. “The acquisition of SecuredTouch accelerates our vision for cloud delivered intelligent identity solutions that combat malicious behavior such as bots, emulators, and account takeover.”

Deloitte expands threat intelligence offerings with Terbium Labs acquisition

June 15: Deloitte has purchased the assets of digital risk protection solution provider Terbium Labs. The company helps organizations detect and remediate data exposure, theft and misuse. All Terbium solutions and services will be rolled into Deloitte’s Detect & Response suite. “Adding Terbium Labs’ business to our portfolio will offer our clients one more way to continuously monitor for — and, when appropriate, minimize the impact of — data exposed on the open, deep, or dark web,” said Kieran Norton, Deloitte Risk & Financial Advisory’s infrastructure solution leader and principal, Deloitte & Touche LLP, in a press release.

Forcepoint to acquire UK-based Deep Secure

June 15: Forcepoint has entered into an agreement to buy Deep Secure. Once the deal finalizes in August, the company plans to integrate Deep Secure’s Threat Removal Platform into its Cross Domain Solutions portfolio, and its content, disarm and reconstruction (CDR) capabilities into Forcepoint’s SASE architecture. “The addition of Deep Secure’s innovative Threat Removal Platform and hardware security to our Forcepoint Cross Domain Solutions portfolio further extends the depth of our defense-grade capabilities to governments and critical infrastructure organizations around the world, who continue to be under siege from nation-state and other attackers looking for financial gain or to ultimately disrupt societies and economies at scale,” said Forcepoint President of Global Governments and Critical Infrastructure Sean Berg in a press release.

Private equity firms to buy cloud security vendor ExtraHop

June 8: Bain Capital Private Equity and Crosspoint Capital Partners have entered into an agreement to acquire Extrahop, a cloud-native network detection and response solution provider. The deal is valued at $900 million. “By combining our exceptional team, market need, and technology with the deep domain expertise and resources of Bain Capital and Crosspoint Capital, ExtraHop has the opportunity to grow faster and accelerate our innovation to help our customers defend their operations from even the most advanced threats,” said ExtraHop CEO Arif Kareem in a press release.

Sumo Logic finalizes acquisition of SOAR provider DFLabs

May 25: SIEM and cloud monitoring vendor Sumo Logic adds security orchestration, automation and response (SOAR) capabilities with its purchase of DFLabs. Sumo Logic will extend its cloud-native SIEM solution with DFLabs technology. “Customers are looking for a new approach to help them overcome the pain and complexity around an increasingly perimeter-less world,” said Greg Martin, vice president and general manager of Sumo Logic Security Business Unit, in a press release. “The DFLabs team are experts in helping customers navigate this new world. By aligning our cybersecurity expertise, customer validated and leading security portfolios, we believe we will be able to address the critical challenges our customers face as they navigate this changing threat landscape.” Terms of the deal were not announced.

Zscaler to enhance zero trust capabilities with Smokescreen acquisition

May 25: Cloud security vendor Zscaler has announced its intent to acquire Smokescreen Technologies and its active defense and deception technology. The company plans to integrate Smokescreen’s technology into its Zscaler Zero Trust Exchange product. With the addition of Smokescreen to our Zero Trust Exchange, our customers will be able to change the economics of cyberattacks by making them far more costly, complex and difficult for the adversary both before and during their attempted intrusions,” said Jay Chaudhry, CEO, chairman and founder of Zscaler, in a press release.

Splunk to acquire TruSTAR to boost security analytics

May 18: Splunk has entered into an agreement to buy cloud-native security company TruSTAR. The company plans to integrate capabilities of TruSTAR’s Intelligence Platform into its Data-to-Everything platform. “In today’s data age, integrated and automated intelligence is critical to accelerate detection, streamline response and increase cyber resilience. TruSTAR’s cloud-native solution centralizes threat data from a wide array of sources so it can be seamlessly integrated into security analytics and SOAR workflows to provide more autonomous, higher efficacy security operations,” said Sendur Sellakumar, senior vice president, cloud and chief product officer, Splunk, in a press release. Terms of the acquisition were not announced.

Cisco announces intent to buy Kenna Security

May 14: Cisco has announces plans to acquire risk-based vulnerabitility managemement firm Kenna Security. Kenna’s machine learning-based technology will be incorporated into Cisco’s SecureX platform. “Hybrid work is here to stay, and the increasing complexity of cybersecurity is our customers’ biggest challenge. We must radically simplify security to stay ahead of the evolving threat landscape,” said Jeetu Patel, senior vice president and general manager, Cisco Security and Collaboration, in a press release. “Our goal is to unify all critical control points into a single platform. With the addition of Kenna Security, we will fundamentally strengthen our platform experience by giving customers the ability to prioritize vulnerabilities based on a robust risk methodology that is tuned to their unique needs.” Terms of the acquisition were not disclosed.

NCC Group to acquire Iron Mountain’s intellectual property management business

May 13: Cybersecurity and resilience advisory firm NCC Group has entered into an agreement to acquire Iron Mountain’s intellectual property management (IPM) business for $220 million. NCC will role the IPM unit into its Software Resilience group to create an escrow business. “The IPM business shares many similarities with our own Software Resilience business, including a commitment to providing exemplary service for clients. There are tremendous opportunities to grow the combined business by offering IPM’s blue-chip clients the choice of new services and support,” said NCC Group CEO Adam Palser in a press release.

Forcepoint adds remote browser isolation technology with Cyberinc purchase

May 6: Forcepoint has acquired Cyberinc, which provides remote browser isolation (RBI) technology that gives administrator more granular control over users’ web browsing activity. The company plans to integrate Cyberinc’s RBI technology into its SASE platform. “The acquisition of Cyberinc’s Smart Isolation capabilities is the first of many investments Forcepoint will make to enhance user productivity, lower operational burdens and eliminate traditional monolithic products through a best-in-class SASE cloud service,” said Forcepoint CEO Manny Rivelo in a press release. Term of the acquisition were not disclosed.

LiveAction buys network detection and response vendor CounterFlow AI

May 4: Network performance management firm LiveAction has acquired CounterFlow AI, a network detection and response (NDR) provider. The deal will add encrypted traffic analysis for security incident detection and response to LiveAction’s network performance monitor and diagnostics platform. “NetOps and SecOps teams are facing advanced security threats hiding within the rising tide of encrypted traffic, and losing an inordinate amount of time coordinating to triage alerts and potential incidents,” said Stephen Stuut, CEO of LiveAction, in a press release. “Businesses today need end-to-end visibility for both network performance and security management, which is why CounterFlow AI’s cutting-edge NDR capabilities are such a perfect match for our platform.” Terms of the deal were not disclosed.

Accenture to acquire French cybersecurity services provider Openminded

April 29: Global professional services company Accenture has entered into an agreement to by Openminded, a cybersecurity services firm that provides advisory, managed security services, and cloud and infrastructure services in Europe. “The alliance of our talent and capabilities perfectly leverages our expertise and would allow us to deliver on a global scale,” said Openminded founder and CEO Herve Rousseau in a press release. Terms of the sale were not released.

Private equity firm Thoma Bravo to buy Proofpoint

April 26: Cybersecurity and compliance company Proofpoint has agreed to be acquired by Thoma Bravo. It’s the latest in a string of security vendors that the private equity firm has bought, including Wombat, ObserveIT and Meta Networks. “Thoma Bravo is an experienced software investor, providing capital and strategic support to technology organizations, and our partnership will accelerate Proofpoint’s growth and scale at an even faster pace,” said Proofpoint Chairmand and CEO Gary Steele in a press release. Thoma Bravo will take Proofpoint private once the $12.3 billion deal is finalized. 

Rapid7 acquires open-source community Velociraptor

April 21: Velociraptor’s technology gives security analytics and automation vendor Rapid7 a foothold in the digital forensics and incident response space. The company has pledged to continue to develop Velociraptor’s tools and build its community. “We strongly believe that partnership with the open-source community is one of the most important ways to move the security industry forward and make the digital world a safer place for everyone,” said Rapid7 Senior Vice President of Detection and Response Richard Perkett in a press release. “We look forward to bringing our expertise in growing and nurturing open-source communities to Velociraptor, while also enhancing our monitoring, digital forensics, and incident response capabilities for customers.” Terms of the deal were not disclose.

Mastercard buys Ekata for digital identity verification

April 17: Payment network processor Mastercard has acquired Ekata, known for its machine-learning-based technology to detect “good” from “bad” consumers in real-time during transactions. “The shift to a more digital world requires real solutions to secure every transaction and instill trust in every interaction,” said Ajay Bhalla, president of cyber and intelligence solutions at Mastercard, in a press release. “With the addition of Ekata, we will advance our identity capabilities and create a safer, seamless way for consumers to prove who they say they are in the new digital economy.” Mastercard will pay $850 million for Ekata. 

Zscaler to acquire CIEM vendor Trustdome

April 15: Zscaler has agreed to acquire Trustdome and its cloud infrastructure entitlement management (CIEM) product. The company plans to integrate Trustdome’s technology into its cloud security posture management (CSPM) platform as part of Zscaler Cloud Protection. “The addition of Trustdome’s team and innovations in CIEM will strengthen our Cloud Protection portfolio by enforcing least privilege principles across multi-cloud environments while giving DevOps the freedom to innovate,” said Jay Chaudhry, CEO, chairman and founder of Zscaler, in a press release. “I am very excited to welcome the Trustdome team to the Zscaler family, and look forward to growing Zscaler’s R&D presence in Israel.”

VMware completes acquisition of API security firm Mesh7

March 31: VMware has finalized its purchase of Mesh7, which will allow VMware to bring “visibility, discovery and better security to APIs,” according to a blog post. The move gives VMware Mesh7’s contextual API behavior security solution, which is expected to help VMware deliver on a promise to provide “modern application services” using open-source options. Terms of the acquisition were not released.

Alacrinet Consulting Services buys Chamber’s Key

March 31: Alacrinet Consulting Services adds security research and penetration testing to its offerings with its purchase of Chamber’s Key. With the acquisition, the company is launching a new division called Alacrinet Security Labs, which will research new Common Vulnerabilities and Exposures (CVEs) and publish results and recommendations. “As we grow the team, we’re also looking to implement a training course to certify the skill level and experience of our penetration testers. In conjunction with their technical certifications, our training course will provide penetration testers with best practices and processes that connect their testing with the business goals and security solutions,” Mike Pena, CEO of Chamber’s Key and now VP of penetration testing at Alacrinet, said in a press release. Terms of the acquisition were not released.

Plurilock announces intent to acquire Aurora Systems Consulting

March 29: US-based cybersecurity solutions provider Plurilock has entered into a definitive share purchase agreement to acquire security technology and services company Aurora Systems Consulting. The deal will boost Plurilock’s presence in the government market. Aurora’s key customers include the US Department of Defense, the US Department of the Treasury, and the US National Aeronautics and Space Administration. “By incorporating Plurilock’s cutting-edge technology platform into our product offering, our clients will receive a more robust and comprehensive identity authentication solution, which has been adapted to provide safe and secure remote work access to employees working from home,” said Aurora founder and President Philip de Souza in a press release. Aurora will function as a wholly owned subsidiary once the acquisition is complete.

Hornetsecurity beefs up email security offerings with acquisition of Zerospam

March 25: Cloud email security provider has acquired Canada-based Zerospam, which provides cloud email protection services to business of all sizes in North America. This comes shortly after Hornetsecurity’s purchase of backup solution provider Altaro in January. Hornetsecurity CEO Daniel Hoffman said they will continue to develop Zerospam’s offerings. “We shall be investing heavily in the Zerospam partner community and providing them with an expanded range of new products so that they can boost their customers’ security and compliance beyond their current offerings,” he said in a press release. Terms of the acquisition were not released.

Kroll acquires UK cybersecurity services provider Redscan

March 25: Kroll, a global provider of governance, risk and transparency services and products, has purchased UK-based Redscan. The company plans to add Redscan’s extended detection and response (XDR) enabled security operations center (SOC) platform to its Kroll Responder capabilities to support a wider array of cloud and on-premise telemetry sources. Redscan is also known for its proprietary cloud-native MDR solution, which correlates events and intelligence from leading telemetry sources. Terms of the acquisition were not released. 

VENZA buys MSSP CyberTek Engineering

March 25: With the acquisition of managed security service provider (MSP) CyberTek Engineering, VENZA expects to enhance its data protection and compliance services for the hospitality industry. “By acquiring CyberTek, we create a force-multiplier effect in addressing some of the biggest struggles for hoteliers today: staying ahead of technological change while ensuring compliance and protecting their business and guest data against vulnerabilities and threats,” said VENZA Chairman and CEO Jeff Venza in a press release. CyberTek MSSP will become a solely owned subsidiary of VENZE. Terms of the sale were not disclosed.

MSSP True North Networks acquired by private equity firm

March 23: Private equity firm Bluff Point Associates has bought True North Networks, which provides IT solutions, security and support to registered investment advisors (RIAs). The move bolsters Bluff Point Associates’ portfolio of technology companies that serve the financial services industry. “We believe there’s a considerable demand for secure and flexible cloud-based solutions providers that understand how to serve RIAs and the regulatory framework they operate in, and we’re committed to helping True North capitalize on this opportunity,” Kevin Fahey, Bluff Point Associates managing director, said in a press release. Terms of the acquisition were not released.

RingCentral acquires Kindite to deliver end-to-end encryption

March 22: RingCentral has purchased cryptographic technologies provider Kindite. It’s a talent and technology acquisition, as RingCentral will absorb the Kindite team into its own workforce and incorporate Kindite technology into RingCentral’s products. This will allow RingCentral to provide end-to-end encryption over its global communications platform. Terms of the sale were not disclosed.

DevOps to DevSecOps—Copado acquires New Context

March 17: DevOps platform provider Copado expands its DevSecOps services with the purchase of New Context, whose customers include GE, Kaiser Permanente, and Royal Dutch Shell. “By combining Copado DevOps and value stream technology with New Context’s breadth and knowledge of DevSecOps, enterprises can more efficiently navigate through multi-cloud digital transformations with less risk and more successful outcomes,” said Copado CEO Ted Elliott in a press release.  Terms of the acquisition were not released.

Recorded Future announces intent to acquire fraud analytics vendor Gemini Advisory

March 16: Enterprise intelligence provider Recorded Future has agreed to acquire Gemini Advisory in a deal worth $52 million. The purchase is expected to accelerate Recorded Future’s growth in the fraud analytics market. ““In a short time, Gemini Advisory has become a leader in the fraud space with unique offerings in both payment card intelligence and merchant fraud intelligence. …joining forces with Gemini Advisory expands the value we deliver for customers across enterprise security and fraud,” said Dr. Christopher Ahlberg, CEO and co-founder, Recorded Future, in a press release.

Sonatype boosts code-analysis capabilities with purchase of MuseDev

March 16: Sonatype, which sells tools for software supply chain management and security, has acquired MuseDev. The company’s main product automatically analyzes each developer pull request to help find security, performance and reliability flaws. “…with the acquisition of MuseDev, we are further expanding our platform to help customers automatically control the quality of code their developers write,” said Wayne Jackson, CEO of Sonatype, in a press release. “Coupled with our recently launched Nexus Container and Infrastructure as Code solutions, we are now delivering a developer-friendly and full-spectrum software supply chain management platform….” Terms of the acquisition were not released.

Lookout buys SASE company CipherCloud

March 15: Lookout, a provider of mobile endpoint security solutions, has entered the SASE market with the acquisition of CipherCloud. Product categories that CipherCloud offers include cloud access security broker (CASB), zero-trust network access (ZTNA), and data loss prevention (DLP). The goal of the purchase was to provide an “end-to-end platform that secures an organization’s entire data path from endpoint to cloud,” according to a Lookout press release. Terms of the deal were not disclosed.

SailPoint Technologies announced intent to acquire ERP Maestro

March 12: Once finalized, the acquisition of SaaS governance, risk and compliance (GRC) provider ERP Maestro will add segregation-of-duties (SoD) capabilities to SailPoint’s identity security offering. This deal closely follows Sailpoint’s acquisition of Intello, a SaaS management company that helps organizations discover, manage, and secure SaaS applications, in late February. The company said that the addition of ERP Maestro will provide an “integrated approach for effective identity security controls and SoD oversight now required to spot and stop risks posed by potential insider SoD conflicts.” Terms of the acquisition were not announced.

Fortinet quietly buys ShieldX

March 10: Enterprise security platform provider Fortinet has acquired ShieldX, which provides a platform to secure multi-cloud environments. The deal was not immediately announced, but it was confirmed in a ShieldX blog post. “ShieldX extends perimeter security and campus segmentation with east-west lateral movement prevention. Along with Fortinet, ShieldX enables customers to get an end-to-end view of end-users, workstations, and OT devices from the individual endpoint to the data center….,” according to the blog post. Terms of the deal were not released.

Sontiq buys fintech breach intelligence vendor Breach Clarity

March 9: Identity security vendor Sontiq has acquired Breach Clarity, known for its AI-based data breach intelligence solutions for the fintech industry. With the deal, Sontiq to add a BreachIQ capability to its IdentityForce, Cyberscout and EZShield products. Terms of the deal were not announced.

McAfee sells its enterprise business, becomes pure-play consumer cybersecurity company

March 8: McAfee Corp. has sold its enterprise security business to an investment group led by private equity firm Symphony Technology Group (STG) for $4 billion. STG had earlier acquired RSA from Dell Technologies in February 2020. “This transaction will allow McAfee to singularly focus on our consumer business and to accelerate our strategy to be a leader in personal security for consumers,” said McAfee CEO Peter Leav in a press release. McAfee’s enterprise business will be rebranded once the deal is finalized.

Okta buys IAM rival Auth0 for $6.5 billion

March 3: Okta seeks to solidify its position as an enterprise identity management services provider with its purchase of rival Auth0. The two product lines will continue to operate independently and be developed. “I’ve shared my vision for a future in which organizations only rely on a few primary clouds: an infrastructure cloud, a collaboration cloud, a CRM cloud — and we’re on a mission to establish identity as one of the primary clouds,” said Okta CEO Todd McKinnon in a blog post. “Okta and Auth0 share the same vision for the identity market, and we know that we will achieve it faster together.” The sale is yet to be finalized.

KnowBe4 adds privacy and compliance training with MediaPRO buy

March 3: Security awareness training provider KnowBe4 has acquired MediaPRO, another security and privacy training provider. With the purchase, KnowBe4 intends to offer more privacy and compliance training modules, according to a press release. Terms of the deal were not disclosed.

Private equity firm merges identity security firms Thycotic and Centrify

March 2: TPG Capital has combined two of its recently acquired companies in the identity security space: Thycotic and Centrify. Thycotic is known for its cloud-first identity security solutions, while Centrify is a player in the privileged access management (PAM) market. “Combining these two synergistic platforms allows us to offer customers an expanded range of products to address their increasingly complex security requirements,” said James Legg, who will become president of the merged firms, in a press release. Legg previously was CEO of Thycotic.

Kaseya boosts its MSP offerings with purchase of RocketCyber

February 23: Kaseya, which provides security management solutions to managed service providers (MSPs), has acquired RocketCyber, which will continue to operate separately within Kaseya. RocketCyber provides a cloud-agent SOC designed for MSPs. “The addition of RocketCyber makes Kaseya IT Complete the only integrated platform in the market to deliver managed SOC, automated internal threat detection, credential monitoring, anti-phishing and more for a truly comprehensive, end-to-end cybersecurity suite that tackles all of today’s modern-day threats,” said Fred Voccola, CEO, Kaseya, in a press release.

Proofpoint in agreement to buy DLP vendor InteliSecure

February 22: Proofpoint has announced its intent to acquire InteliSecure, a provider of DLP managed services, for $62.5 million. The company will use InteliSecure’s technology to enhance the data protection capabilities of the Proofpoint cloud platform. “We’ve seen exceptional customer demand for information protection managed services as organizations are continuing to work in a cloud-first, remote-oriented world,” said Gary Steele, Proofpoint CEO, in a press release. 

CrowdStrike announces intent to acquire Humio

February 18: With Humio, CrowdStrike plans incorporate the company’s cloud log management and observability technology into its cloud endpoint and workload protection solutions. The goal, according to a press release, is to expand CrowdStrike’s XDR capabilities. “The combination of real-time analytics and smart filtering built into CrowdStrike’s proprietary Threat Graph and Humio’s blazing-fast log management and index-free data ingestion dramatically accelerates our XDR capabilities beyond anything the market has seen to date,” said CrowdStrike CEO George Kurtz in a press release. The value of the deal is expected to be $400 million.

Palo Alto Networks to acquire cloud security firm Bridgecrew

February 16: Palo Alto Networks has announced its intent to acquire Bridgecrew for $156 million. The company plans to incorporate Bridgecrew’s technology with its Prisma Cloud cloud-native security platform. “We are thrilled to welcome Bridgecrew and their widely adopted and trusted developer security platform to Palo Alto Networks. When combined, Prisma Cloud customers will benefit from having security embedded in the very foundation of their cloud infrastructure,” said Palo Alto Networks CEO and chairman Nikesh Arora in a press release.

Tenable to acquire Alsid for its Active Directory know-how

February 10: Tenable Holdings has announced its intent to buy Alsid for $98 million. The deal would allow Tenable to bring Alsid’s technology and expertise in discovering Active Directory monitoring to its cyber exposure and risk management platform. “Tightly controlling the privileges of accounts in Active Directory is as foundational to reducing risk to the business as the basic blocking and tackling of deploying security updates. … attackers go after the Active Directory infrastructure to increase access and establish persistence,” said Amit Yoran, chairman and CEO, Tenable, in a press release.

SentinelOne buys Scalyr for autonomous XDR

February 9: The acquisition of cloud-based data analytics platform provider Scalyr will allow SentinelOne to “ingest, correlate, search, and action data from any source, delivering the industry’s most advanced integrated XDR platform for realtime threat mitigation across the enterprise and cloud,” according to a press release. Terms of the sale were not released.

Rapid7 acquires Kubernetes security provider Alcide.IO

February 1: Security analytics and automation firm Rapid7 has bought Israeli firm Alcide.IO for $50 million. Alcide’s product provides code-to-production security for Kubernetes deployments. “In order to take full advantage of the speed and innovation Kubernetes can unlock for an organization, security needs to be tightly integrated without getting in the way,” said Brian Johnson, senior vice president of cloud security at Rapid7, in a press release. “With Alcide, we can enable organizations to continuously secure and protect their growing Kubernetes deployments while giving developers the freedom to rapidly develop and deliver applications.”

MDR meets EDR as Huntress acquires technology from Level Effect   

January 12: Managed detection and response (MDR) vendor Huntress has purchased endpoint detection and response (EDR) technology, called Recon, from startup Level Effect. Recon merges endpoint protection with network traffic visibility. “Our core telemetry today focuses primarily on persistence-enabled attacks. By integrating Recon, our platform will respond to malicious network sessions, event logs and non-persistent threats, allowing us to support broader cybersecurity use cases and defend additional attack surfaces,” said Huntress CEO Kyle Hanslovan in a press release.