A standard business decision that is made by technology vendors is whether it is better to buy or to build new capabilities that will help to grow the business. In 2018 so far, an increasing number of vendors have decided to buy rather than build, when it comes to cyber-security capabilities.
In the first three weeks of January 2018 alone there were at least six cyber-security vendor acquisitions. There will undoubtedly be many more in the weeks and months ahead as 2018 will likely be a year in which the cyber-security market consolidates somewhat.
Year-after-year, new cyber-security vendors emerge and in recent years there has been a dramatic growth in venture-capital that has poured into the market. At some point, investors want and need to see a return on their investments (ROI) and it is that need that will partially help to drive cyber-security acquisitions in 2018.
Looking at the cyber-security acquisitions announced so far in 2018, provides some insight into the trends that are likely to continue to fuel the market for acquisition for some time to come.
One of the first acquisitions of 2018 was announced on Jan. 3 with Barracuda Networks announcing the acquisition of privately-held PhishLine. Barracuda Networks itself is in the process of being acquired by private-equity firm Thoma Bravo in a $1.6 billion deal announced in November 2017. With PhishLine, Barracuda is aiming to improving its email protection capabilities to help mitigate the risks of phishing. This isn’t the first time Barracuda has acquired a company to expand its phishing security technologies either. In March 2016, Barracuda acquired security startup Sookasa to Barracuda, with the technology from that acquisition now enabling the Barracuda Sentinel service that was announced in June 2017.
While some acquisitions are about new technologies, there are also acquisitions that are largely about talent and adding much needed human resources. On Jan 4. global consulting firm KPMG acquired Cyberinc’s global identity and access management (IAM) business unit. The acquisition brings in new talent to KPMG to help further support global customers with their IAM efforts.
On Jan. 8, Cyxtera Technologies announced the acquisition of security startup Immunity, which provides penetration testing and exploit development services. Cyxtera itself was officially formed in May 2017 by a consortium that includes BC Partners and Medina Capital, which first announced the deal to create the company in November 2016. Cyxtera includes multiple security firms including Cryptzone, Catbird, Easy Solutions and Brainspace as well as the owning a large data center business that was acquired from CenturyLink.
WatchGuard Technologies announced on Jan. 16 that it has acquired Percipient Networks to help improve DNS security. Percipient Networks flagship product Strongram to provide a DNS service that helps to block phishing and malware attacks. On Jan. 16 Allot Communications announced that it is acquiring privately-help connect home security vendors Netonomy to help improve its Internet of Things (IoT) cyber-security offerings. Finally, Quest Software’s One Identity business unit announced on Jan. 18 that it acquired privately-held privileged access management vendors Balabit.
That’s a whole lot of activity for a three-week period. In none of the acquisitions listed above, were any financial terms publicly revealed and in all cases the technologies add new features to the acquiring company’s existing cyber-security portfolio.
There are always new cyber-security startups that emerge with new technologies and often the question that is asked is whether or not the company is just building a feature as opposed to a product. On the other hand, many established vendors aim to build technology platforms with a suite of inter-related services and capabilities.
After a company has been in business for a few years, investors want and need to know that their investment will yield a return. Existing vendors need to grow fast in an increasingly competitive space with new security challenges constantly appearing, add to that new U.S tax laws and the right conditions now exist to likely make 2018 a year of acquisitions and consolidation in the cyber-security industry.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.