Thirty-six cybersecurity-related merger and acquisition (M&A) deals were announced in February 2022.
A SecurityWeek study showed that more than 430 cybersecurity-related mergers and acquisitions were announced in 2021. The number of deals announced in the first two months of 2022 has been roughly the same as last year, which indicates that there could be at least 400 deals this year as well.
Security, cloud delivery and performance company Akamai has entered an agreement to acquire cloud hosting company Linode for $900 million. Akamai said the goal is to provide businesses with a platform to build, run and secure applications. Akamai expects the acquisition of Linode to add roughly $100 million in revenue for FY 2022.
Managed IT and cybersecurity services provider Appalachia Technologies announced the acquisition of Cyber Protection Group (CPG), which specializes in penetration testing and compliance. The acquisition will help expand Appalachia’s cybersecurity capabilities.
IT solutions provider Anexinet Corporation is merging with Veristor Systems, which specializes in data center, security, cloud and data solutions. The goal is to create “one of the largest full-service technology solutions providers.”
Security operations company Arctic Wolf announced buying Tetra Defense in an effort to further enhance its platform’s incident response and recovery capabilities. Tetra Defense will operate as a subsidiary of Arctic Wolf, with the company’s founder and CEO joining Arctic Wolf as SVP and GM of incident response.
Biometric fingerprint authentication solutions provider BIO-key has entered an agreement to acquire Spain-based authentication firm Swivel Secure Europe (SSE) in an effort to expand customer reach in the EMEA region. Following the deal, SSE’s sole stockholder and CEO will be responsible for EMEA operations.
IT solutions provider Black Box announced buying Dragonfly Technologies, which specializes in cybersecurity, enterprise networking and automation. Both companies are based in Australia. Black Box, which reportedly paid A$7.4 million (US$5.3 million) for Dragonfly, said the acquisition will help strengthen its presence in the TransTasman region and further enhance its cybersecurity, enterprise networking, automation and consulting capabilities.
Enterprise security firm Check Point is acquiring Israel-based Spectral, which has created a developer security platform. The deal will help Check Point extend its cloud security solution with a developer-first security platform. Spectral tools will be integrated into Check Point’s Infinity security platform.
Web security and performance company Cloudflare has bought Vectrix, whose platform helps organizations detect security issues across their SaaS applications. The Vectrix team has joined Cloudflare and API-driven CASB functionality will be integrated into the Cloudflare Zero Trust platform, set to launch later this year.
Australian cybersecurity services firm CyberCX has acquired New Zealand-based MSSP Cyber Research NZ. The goal is to boost CyberCX’s MSSP, SOC and consulting capabilities and enable the company to expand in New Zealand and Australia.
Device security firm Forescout Technologies has acquired healthcare cybersecurity firm CyberMDX. Forescout said the acquisition will strengthen its out-of-the-box support for connected device types across IT, IoT, OT, and Internet of Medical Things (IoMT) devices.
Managed security, cyber consulting, and compliance services provider Foresite Cybersecurity has acquired Cyber Lantern, which specializes in providing unified security management to SMBs, local governments and MSPs. Foresite said it adds a “robust risk management product” for SMBs to its offering as a result of the acquisition.
Enterprise security firm Infinite Group, Inc. (IGI) is buying Pratum, which provides information security, risk management and compliance services. IGI said the deal will help it expand its portfolio with SOC, XDR, consulting, and security assessment services. Pratum will operate as a wholly owned subsidiary under the IGI umbrella.
Networking and network security giant Juniper Networks has acquired WiteSand, a company that provides cloud-native zero trust Network Access Control (NAC) solutions. The combination of the two firms’ teams and technology will help Juniper accelerate the delivery of a next-generation NAC solution.
Enterprise password management firm Keeper Security announced the acquisition of Glyptodon, which provides a remote access gateway for access to RDP, SSH, VNC and Kubernetes endpoints. The deal will help expand Keeper’s remote access capabilities. Glyptodon is also the developer of the open source remote desktop access platform Apache Guacamole. Keeper said it will continue to support the open source Apache Guacamole project.
VPN services providers Nord Security and Surfshark have announced their merger. The companies say their combination will result in the “largest internet security and privacy powerhouse,” but both brands will continue to operate independently.
Greece-based security analytics and cyber risk management services firm Obrela Security Industries has acquired Encode, a UK-based firm that specializes in security analytics and response orchestration. Obrela said the deal makes it one of the largest cybersecurity and MDR players in the EMEA region.
Cybersecurity ratings company SecurityScorecard has acquired digital forensics, incident response and cyber resiliency services firm LIFARS in an effort to add forensics and incident response capabilities to its products. The LIFARS team will operate as a new Digital Forensics and Incident Response practice within SecurityScorecard’s Professional Services group.
SSC Security Services Corp is acquiring Avante Logixx for $37 million. Both companies specialize in physical security services and the deal is said to result in the creation of the largest publicly-traded security company in Canada. SSC also provides cyber security services and the deal “will enable significant growth and cross-selling opportunities” for SSC’s cyber security platform and Avante’s tech-enabled monitoring and security platforms.
Risk management company Tenable is buying Israel-based attack path management firm Cymptom. Tenable’s goal is to bring additional context and prioritization capabilities to its platform.
Printing giant Xerox has acquired Canadian IT services provider Powerland in a cash transaction. The acquisition boosts Xerox’s IT services offering in North America, including cybersecurity services.
Open source security company WhiteSource announced acquiring two companies in an effort to expand into the static application security testing (SAST) market: Germany-based Xanitizer and Croatia-based DefenseCode. Xanitizer and DefenseCode have been folded into WhiteSource’s new SAST engineering organization.
Cloudflare has announced plans to purchase email security company Area 1 in a cash and stock deal valued at $162 million. Cloudflare said the deal will enable it to add email protection technology to its cloud network and zero trust security platform. This will be Cloudflare’s largest acquisition to date.
Cyber Capital Partners-owned CyberPoint3 has acquired Point 3 Security and P3F in an effort to improve its training and security testing capabilities and technologies. The company said the deals provide it with a portfolio of four cybersecurity business units whose goal is to help the national security and critical infrastructure communities.
Detection and response solutions provider Darktrace is planning to buy attack surface management company Cybersprint for $53.7 million in cash and stock. Darktrace said Cybersprint’s technology and data complement its own products. Through the acquisition, Darktrace will also gain a second European R&D center, in the Netherlands.
Managed IT and cybersecurity services provider Executech has acquired IT support firm California Computer Options (CCO). CCO will continue to operate independently as a stand-alone brand, but the deal will enable it to provide more robust IT, cybersecurity and cloud tools and services.
Government IT services company Gunnison Consulting Group has announced purchasing government cybersecurity solutions provider Centerpoint to create what it has described as a “powerhouse full scope services provider.”
Ireland-based MSSP, risk management and testing services provider Integrity360 has acquired UK-based MSSP Caretower as part of its pan-European expansion strategy. Caretower will become an Integrity360 company and they expect combined sales to exceed £70 million in 2022.
IT, cloud and cybersecurity solutions provider ProArch announced buying software testing and quality assurance company Enhops, whose services include security testing. ProArch said the acquisition enables it to expand its software testing and quality assurance capabilities.
Cybersecurity and application delivery solutions provider Radware is acquiring Israel-based SecurityDAM, which helps MSSPs establish DDoS protection services. Radware is buying SecurityDAM for $30 million as part of a strategic initiative to accelerate the growth of its cloud security services business.
Risk management solutions provider Riskonnect has acquired UK-based Sword GRC, a company that specializes in project and enterprise risk management. Sword GRC’s project risk management solution will be integrated into Riskonnect’s integrated risk management (IRM) platform.
Developer security company Snyk has acquired Fugue, which specializes in cloud security and compliance. The deal will help Snyk improve its developer security platform and enables it to expand into the cloud security market.
Email and web security company TitanHQ has purchased security awareness training firm Cyber Risk Aware. Both companies are based in Ireland. The deal will enable TitanHQ to expand its offering.
Vodafone New Zealand is acquiring a majority stake in New Zealand-based managed security services provider DEFEND. Vodafone has been working with DEFEND and it has decided to acquire a 60% stake in the company in an effort to bolster its cybersecurity portfolio.
*updated to add Gunnison acquisition