As mergers and acquisitions continued to shape the security industry throughout 2019, these deals were most significant.
Cybersecurity Acquisitions- This year has been a significant one for mergers and acquisitions in cybersecurity. A strong pattern of M&A activity in the first half of 2019 continued into the second as large companies sought to create more sophisticated platforms, and smaller businesses continued consolidation.
“The bottom line is we’re on pace for record growth in 2019 and definitely a bigger year than 2018,” says Hank Thomas, CEO at Strategic Cyber Ventures, who notes the industry is on pace to reach $17 billion in total for M&A activity for 2019.
While the stream of M&A activity remained fairly constant from the first half of 2019 into the second, the past six months brought a few overall larger deals, notes Jeff Pollard, Forrester vice president and principal analyst for security and risk professionals. Deals involving Broadcom, Sophos, and VMware, underscored another trend of enterprise players investing in security.
The first half of 2019 was marked with acquisitions by companies expanding their portfolios, Pollard explains. We saw Carbonite aiming to become more of a software provider with Webroot, and Palo Alto Networks expanding its offerings with Demisto, Twistlock, and Puresec, he notes.
January through June “was more focused on companies trying to flesh out what they have now,” he continues. Toward the second half of 2019, smaller companies began partnering with other smaller companies to become medium-size businesses, as opposed to large firms trying to get bigger. As big organizations continue to buy more midsized companies, it creates an opportunity for some of the smaller players to get together and create a larger company.
“If you’re small and looking at smaller, but together you’re midsize, that’s now an attractive target for you,” Pollard explains.
Another key M&A driver is a lack of sophistication in today’s security platforms, Thomas points out. Many of the point tools companies rely on are “very much just features,” he says. CISO are looking to consolidate their data feeds and dashboards; to do security orchestration, automation, and response. The problem is, they don’t have a sufficiently advanced platform.
“I think we’ll continue to see consolidation occur because there’s a demand for that,” he adds.
Here, security experts share the most noteworthy M&A deals from July through December and what these acquisitions mean for this changing industry. See anything they missed? Please feel free to share your thoughts in the Comments section.
VMware Buys Carbon Black
VMware offered $2.1 billion to buy endpoint security vendor Carbon Black in August. The deal is considered by many security experts to be among the most significant this year.
“VMware is so focused on the cloud that I think it’s natural for them to want to bring on a security [company] to accelerate people’s journey to the cloud,” says Thomas.
At a time when organizations are grappling with too many security tools and not enough people to handle them, many are seeking new ways to maximize efficiency in their existing products.
“All these things are creating sort of an inflection point in the security market,” says Nick Lantuh, president and CEO at Fidelis Cybersecurity. “There’s a desire to have more visibility from a holistic standpoint,” and work with security vendors that are more strategic in their platform. The trend is moving away from buying several “best of breed” point products and toward investing in fewer, more comprehensive security tools.