Top cyber security M&A vendor deals so far in 2022

The hot cyber security mergers and acquisition (M&A) market continues into 2022 as vendors look to solidify positions and expand offerings.
  • CSO staff (CSO (US))
  • 20 February, 2022 11:30

The number of cyber security mergers and acquisitions (M&A) deals in 2021 set a record pace. The first three quarters of the year saw 151 transactions in the industry, according to 451 Research. That’s up from 94 for the same period in 2020. That trend is likely to continue in 2022.

Many of the 2021 transactions CSO reported were in the identity and cloud security markets, especially toward the end of the year. This trend is likely to continue as these markets consolidate.

In all markets, larger firms are looking to expand their capabilities. Recorded Future’s acquisition of SecurityTrails is an early 2022 example, as it adds attack surface monitoring technology to Recorded Future’s offerings.

Last year saw some companies that are not primarily in the cyber security market buy security firms to better protect their data and customers. In November 2021, global retailer Schwarz Group bought cloud security firm XM Cyber to enhance the security of its digital offerings.

This is likely to continue into 2022, as evidenced by Google Cloud’s acquisition of Siemplify. Google Cloud already offers a suite of security tools to its cloud platform customers. Siemplify enhances gives it enhanced security orchestration, automation and response (SOAR) capabilities.

Below are the deals that CSO has selected as the most significant of the year. (This list is updated periodically as new deals are announced.)

Snyk enters cloud security market with Fugue acquisition

February 17: Developer security vendor Snyk has acquired Fugue and its cloud security and compliance products. The move gives Snyk a foothold in the cloud security market. The company plans to use Fugue's capabilities to extend the Snyk Developer Security Platform. 

“Together, we’ll collectively reimagine what cloud security can and should look like for today’s modern DevSecOps teams, ensuring more secure innovation can flourish worldwide,” said Snyk CEO Peter McKay in a press release. Terms of the deal were not released.

WhiteSource buys two SAST companies

February 15: WhiteSource, a provider of software composition analysis tools, has enhanced its static application security testing (SAST) capabilities with the acquisition of two companies: Xanitizer and DefenseCode. Xanitizer offers SAST detection technologies and DefenseCode offers SAST capabilities with support for multiple languages. Both companies will be folded into WhiteSource. Terms of the deals were not released.

Tenable to acquire Cymptom

February 1: Tenable Holdings has announced its intent to acquire Cymptom, known for its attack path management technology. Once the deal closes during Q1 2020, Tenable plans to integrate Cymptom's agentless platform into its threat and vulnerability data. 

“Risk prioritisation has become a cornerstone of modern cyber security. By correlating software vulnerabilities and misconfigurations with network and access data, Cymptom can immediately identify exploitable attack and breach pathways,” said Nico Popp, Tenable's chief product officer, in a press release

“Following closing of the deal, these compelling analytics will be integrated into Tenable.ep, Tenable’s Exposure Platform, and augment the prioritisation, benchmarking, trending and other capabilities which are part of Lumin and available via Tenable.ep.” Terms of the deal were not disclosed.

Forescout expands healthcare security offerings with CyberMDX buy

February 1: Forescout Technologies, known for its active defence IoT and operational technology (OT) products, has acquired healthcare cyber security vendor CyberMDX. The purchase allows Forescout to expand its internet of medical things (IoMT) capabilities. 

“Cyber security for IoMT, much like cyber security for OT devices, requires specific expertise and technologies. We are pleased to have the CyberMDX team join Forescout as we continue delivering new capabilities on our market-leading platform and grow our R&D centre,” said Forescout CEO Wael Mohamed in a press release. Terms of the deal were not released.

Datto acquires EDR vendor Infocyte

January 20: Datto Holding, which provides cloud-based software and security solutions for managed service providers, has announced its purchase of Infocyte. The company plans to integrate Infocyte's endpoint protection and response (EDR) into its own offerings. 

"The addition of the Infocyte team and technologies augments our capabilities within the critical protect, detect and respond stages outlined in the NIST organisational security framework,” said Tim Weller, CEO of Datto, in a press release. “Infocyte’s offerings are complementary to Datto RMM Ransomware Detection and SaaS Defense application security products in those same NIST stages." Terms of the sale were not released.

Threat intelligence firm Flashpoint buys Risk Based Security

January 12: Flashpoint has announced its acquisition of Risk Based Security (RBS), which offers vulnerability and data breach intelligence services. Flashpoint plans to integrate RBS's knowledge-base and technology into its platform. 

“This acquisition will enable our clients to rapidly detect critical vulnerabilities before they are widely known, and then automate how they prioritise and remediate these issues," said Flashpoint CEO Josh Lefkowitz in a press release

"This is a game changer for security teams and represents a vital step towards achieving Flashpoint’s vision of being the single vendor that enterprises can rely on to mitigate all types of security risks and protect critical assets.” Terms of the sale were not released.

Cerberus Cyber Sentinel acquires True Digital Security

January 5: Cyber security consultancy and managed service provider Cerberus Cyber Sentinel has purchased True Digital Security. That company, which provides cyber security operations and compliance services, will continue to operate as a wholly owned subsidiary of Cerberus. 

“True Digital is an exceptional cultural fit for the Cerberus family of companies. Together we will keep businesses safe as their managed compliance and cyber security, plus culture, provider (MCCP+),” said David Jemmett, CEO and founder of Cerberus Sentinel, in a press release

“This acquisition expands and complements our team of deeply experienced cyber security professionals and executives, bringing our clients best-of-breed technology, proven processes, and people.” Terms of the deal were not disclosed.

Recorded Future buys SecurityTrails

January 5: Security intelligence firm Recorded Future has acquired SecurityTrails, which is known for its attack surface monitoring technology, for $65 million. The company expects to enhance its threat landscape visibility tools by leveraging SecurityTrails technology to provide more insight to customers’ attack surface and shadow infrastructure. 

“By combining Recorded Future’s unsurpassed Intelligence Platform with SecurityTrails’ unrivaled view into an organisation’s attack surface, we make life miserable for the adversary,” said Dr. Christopher Ahlberg, CEO and co-founder, Recorded Future, in a press release.

Corvus Insurance enters UK and other markets with Tarian Underwriting acquisition

January 5: U.S.-based commercial insurance provider has purchased Tarian Underwriting. Based in London, UK, Tarian is a cyber underwriting platform with a presence in the UK, U.S., Canada, Middle East and Australia. 

“By bringing Tarian into the Corvus fold, we are expanding our international footprint into Europe, Africa and Australia with an experienced and proven team of underwriters,” said Corvus founder and CEO Phil Edmundson in a press release. Terms of the deal were not disclosed.

Google Cloud acquires SOAR vendor Siemplify

January 4: Google Cloud announced that it has purchased Siemplify and its SOAR technology. The company plans to add Siemplify’s tools into its Chronicle security suite. 

“We plan to invest in SOAR capabilities with Siemplify’s cloud services as our foundation and the team’s talent leading the way. Our intention is to integrate Siemplify’s capabilities into Chronicle in ways that help enterprises modernise and automate their security operations,” said Sunil Potti, vice president and general manager for Google Cloud Security, in a blog post. Terms of the deal were not released.