The number of cybersecurity mergers and acquisitions deals in 2021 set a record pace. The first three quarters of the year saw 151 transactions in the industry, according to 451 Research. That’s up from 94 for the same period in 2020. That trend is likely to continue in 2022.
Many of the 2021 transactions CSO reported were in the identity and cloud security markets, especially toward the end of the year. This trend is likely to continue as these markets consolidate.
In all markets, larger firms are looking to expand their capabilities. Recorded Future’s acquisition of SecurityTrails is an early 2022 example, as it adds attack surface monitoring technology to Recorded Future’s offerings.
Last year saw some companies that are not primarily in the cybersecurity market buy security firms to better protect their data and customers. In November 2021, global retailer Schwarz Group bought cloud security firm XM Cyber to enhance the security of its digital offerings. This is likely to continue into 2022, as evidenced by Google Cloud’s acquisition of Siemplify. Google Cloud already offers a suite of security tools to its cloud platform customers. Siemplify enhances gives it enhanced security orchestration, automation and response (SOAR) capabilities.
Below are the deals that CSO has selected as the most significant of the year. (This list is updated periodically as new deals are announced.)
IBM Security announces plan to buy Randori
June 6: IBM Security has announced its intent to acquire attack surface management (ASM) vendor Randori. When completed, the acquisition is expected to enhance IBM Security’s hybrid cloud strategy and AI-powered product and service portfolio. The company plans to integrate Randori’s ASM software into its QRadar extended detection and response product. “We started Randori to ensure every organization has access to the attacker’s perspective,” said Brian Hazzard, Randori co-founder and CEO, in a press release. “… By joining forces with IBM, we can greatly accelerate this vision and strategy – leveraging IBM’s deep expertise in AI, threat intelligence, offensive security and global reach.” Terms of the deal were not disclosed.
Forescout to acquire threat detection and response firm Cysiv
June 6: Security automation vendor Forescout has signed an agreement to acquire Cysiv. The company plans to use Cysiv’s cloud-based threat detection engine to automatically analyze asset and network communications data that Forescout’s platform collects. “Upon close, the acquisition will help our customers leverage actionable threat intelligence from comprehensive data collected by Forescout and analyzed by Cysiv,” said Wael Mohamed, CEO of Forescout, in a press release. “We will receive far more than just great technology in this acquisition. The Cysiv team is exceptional, and our two organizations are highly complementary.” Terms of the deal were not disclosed.