10 biggest cybersecurity M&A deals of 2019

This past year has been a very active one for mergers and acquisitions in the cybersecurity industry as companies seek to expand their offerings. What will the 2020 M&A market be like?

2019 was another big year for mergers and acquisitions (M&A) in the cybersecurity industry. According to Momentum Cyber, more than 150 deals totaling more than $23 billion in value took place this year. Four billion-dollar deals have occurred in the security space this year, the same as in 2018.

Technology M&A advisory firm Hampleton Partners’ latest report shows that 30% of all deals were for security services providers, with identity and access management (22%), network and endpoint security (15%), and anti-malware (11%) rounding out the top four.

Here are the ten largest cybersecurity M&A deals from 2019 and an early look at what to expect in 2020

1. Broadcom buys Symantec's enterprise security business for $10.7 billion

Broadcom, which spent $18.9 billion buying CA Technologies in 2018, this year acquired Symantec's enterprise security business for $10.7 billion — by far the year's largest acquisition in the security market.

Broadcom CEO Hock Tan has said he plans for the company to focus on Global 2000 organizations as small- to medium-sized businesses (SMBs) are less “sticky.” Symantec retained its consumer-facing brands including LifeLock and Norton and has rebranded to NortonLifeLock.

“Broadcom is functioning less as a strategic product provider and more as a financial investor. This isn't a product-synergy move,” explains Henrik Jeberg, director at Hampleton Partners. “Rather, Broadcom sees Symantec's struggles in a growth market as an opportunity to optimize returns on an underperforming asset. Reducing costs and improving sales are only the tactical part of the challenge. Strategically, the Symantec of tomorrow will have to make hard choices to embrace, on the one hand, a future defined by cloud and cloud-native technologies, and internet of things (IoT).”

2. Thales completes its acquisition of Gemalto for $5.4 billion

First announced in late 2017, the acquisition for the digital security provider could only be completed this year after Thales had offloaded hardware security module company nCipher to Entrust. Gemalto will be renamed Digital Identity and Security (DIS) and will be one of Thales’s seven global divisions.

3. Francisco Partners and Evergreen Coast Capital Corporation buy LogMeIn for $4.3 billion

One of many private equity deals in the list, PE firms Francisco Partners and Evergreen announced in late December that they had acquired collaboration software provider LogMeIn for $4.3 billion. Included in the deal was password manager LastPass, which LogMeIn bought for $110 million in 2015.

“We believe our partnership with Francisco Partners and Evergreen will help put us in a position to deliver the operational benefits needed to achieve sustained growth over the long term,” LogMeIn CEO Bill Wagner said in a statement.

Fransisco Partner’s CEO Dipanjan Deb added that the deal ‘builds on the strength of the firm’s infrastructure and security software franchise’ which currently includes Quest, One Identity, BeyondTrust, SonicWall and WatchGuard.

4. Thoma Bravo buys Sophos for $3.9 billion

Following a busy 2018, spending a collective $4.75 billion acquiring Imperva, Barracuda Networks and Veracode, Thoma Bravo slowed its pace in 2019, acquiring UK-based Sophos for $3.9 billion.

“The acquisition will put Sophos — a company that until now primarily targeted the mid-market segment — on the fast lane towards developing next-gen cybersecurity solutions for the enterprise,” says Jeberg.

Sophos itself had been busy in 2019, snapping up San Francisco-based cloud security startup Avid Secure, endpoint security platform DarkBytes, and MDR provider Rook Security.

This, along with Insight Venture Partners buying Recorded Future (more on that below) and Sonatype, continues the recent trend of private investment firms seeing a lot of value — or at least profit potential — in the cybersecurity space. Hampleton Partners reports that nearly 13% of security M&A deals in 2019 were by private equity firms, a higher proportion than any other year this decade.

“Sophos will be the tenth cybersecurity/identity and access management company to join Thoma Bravo’s ranks in the last three years, the beginning of which started with the McAfee acquisition in 2017. In 2018, it acquired Barracuda Networks, a company noted for its network and cloud security prowess, and therefore a direct competitor of Sophos.

5. VMware buys Carbon Black for $2.1 billion

Virtualization giant VMware has been slowly increasing its security product portfolio over the last few years, but with the $2.1 billion acquisition of cloud-based endpoint protection provider Carbon Black, the company has become a full-blown security provider. The company has said Carbon Black will “form the nucleus” of VMware’s security offerings going forward.

“In purchasing the agent-based endpoint security vendor, VMware is looking to expand its visibility across IT systems,” says Jeberg. “That's already a key aspect of security and one that will likely become more important as communication becomes increasingly encrypted and endpoints become increasingly varied.”

VMware also bought Intrinsic, a San Francisco-based security start-up focusing on serverless computing in 2019.

6. OpenText buys Carbonite for $1.42 billion, and Carbonite buys Webroot for $618 million

In February, cloud backup and recovery firm Carbonite acquired endpoint security and threat intelligence provider Webroot for $618.5 million in an effort to unify data protection and cyber security technologies. By November, Canadian information management company OpenText announced it had acquired Carbonite for $1.42 billion to build on its current security portfolio and appeal more to the SMB market.

"This acquisition will further strengthen OpenText as a leader in cloud platforms, complete endpoint security and protection,” said CEO and CTO Mark Barrenechea, “and will open a new route to connect with customers."

“Carbonite ranks among the largest cloud backup vendors, with a focus on the SMB and prosumer markets,” says Jeberg. “This deal should enable OpenText to leverage Carbonite's existing offerings and go-to-market channel, while potentially helping the buyer integrate data backup and endpoint-protection capabilities into its existing security offering.”

7. F5 buys Shape Security for $1 billion

An acquisition announced very late in the year, Seattle-based F5 revealed that it was buying Santa Clara startup Shape Security for $1 billion in cash. Shape provides a number of solutions around application security and fraud prevention.

"Shape’s machine learning and AI-powered capabilities will scale and extend F5’s broad portfolio of application services," said F5 President and CEO, François Locoh-Donou, "and expand our ability to optimize and protect customers’ applications in an increasingly complex multi-cloud world.”

8. Jacobs Engineering Group buys KeyW Corp for $815 million

American technical professional services firm announced in April it was acquiring KeyW, a professional engineering services provider, for $815 million. KeyW’s cyber-services including “offensive cyber operations,” risk assessment, penetration testing, network hardening and training courses. Jacobs said it planned to integrate of KeyW into its aerospace, technology and nuclear business to expand its offerings around intelligence, cyber and counterterrorism

9. Insight Venture Partners buys Recorded Future for $780 million

Continuing the previous year's heavy spending by investment firms in the security space, Insight Venture Partners bought threat intelligence provider Recorded Future for $780 million in May 2019. “Recorded generates information to help customers better understand the external cyber threats they are facing. It’s easy to see where a company like that could have value in today’s world,” explains Hampleton’s Jeberg.

Cybersecurity is one of the key fields of interest for Insight, with Insight partner Teddie Wardi previously saying the company believes “it is possible to build giant companies in this sector.”

Insight Venture Partners has a large portfolio of security companies including ownership or investment in Tenable, OneTrust, Thycotic, Darktrace and SentinalOne. According to Insight, the two companies will “leverage Insight's deep experience and internal consulting arm, Insight Onsite, to further its technical and product vision through a range of growth-oriented activities.

10. Orange buys SecureLink for $577 million

Following AT&T’s acquisition of AlienVault for around $600 million last year, 2019 saw another telco making major moves into the security consulting space with Orange buying Dutch managed security services provider SecureLink for just over half a billion Euros. This, along with the company’s purchase of the UK’s SecureData in February, has made the company a large player in the European security consulting space almost overnight.

“Telecos have been diversifying beyond core ISP business for a while, especially Orange which has had a string of business services acquisitions recently,” explains Jeberg. “I believe there are two interacting major forces in play: First the more commoditized the raw data transport becomes, the more the push for differentiating moves. Second is that cybersecurity will be not only a differentiating factor from a marketing standpoint, it is simply a need for telcos to provide a safe mode of transport.”

Other notable cybersecurity acquisitions

Most of the big security firms made deals in 2019 in what Jeberg describes as “smaller, tuck-in acquisitions” that boost their overall security offerings:

  • Palo Alto bought Demisto for $560 million and PureSec for $410 million.
  • Fortinet bought California-based endpoint security provider enSilo.
  • Trend Micro spent $70 million on Australian cloud security startup Cloud Conformity.
  • McAfee bought container security startup NanoSec.
  • FireEye acquired security instrumentation vendor Verodin.
  • Check Point bought web application and API startup ForceNock.
  • Proofpoint spent close to $400 million in 2019 — $225 million on ObserveIT to extend its data loss prevention offering and $120 million for zero-trust access provider Meta Networks.

In the telecom space, NTT Security, Dimension Data and NTT Communications were folded into a new technology services banner of NTT Ltd. (NTT also bought application security provider WhiteHat Security but plans to keep it as a standalone business.) Comcast announced it acquired Virginia-based BlueVector.

Two private firms bought groups of smaller security companies and rolled their capabilities into new firms. Australian private equity firm BGH Capital launched a new cyber consulting firm called CyberCX after acquiring 12 Australian MSSPs – Alcorn, Assurance, Asterisk, CQR, Diamond, Enosys, Klein&Co., Phriendly Phishing, Sense of Security, Shearwater, TSS and YellIT – and rolling them into one company.

Investment firm Sunstone Partners completed a triple acquisition of Terra Verde Security, TruShield Security Solutions and Sword and Shield Enterprise Security and then combined the three to create a new managed cybersecurity services entity called Avertium. “Avertium will focus its comprehensive expertise on supporting mid-to-large enterprises, making it one of the largest managed cybersecurity services companies focused on this market,” says Jeberg.

HP Inc. bought endpoint security start-up Bromium and has said it plans to combine its virtualization-based security technology into HP's Sure Sense, Sure View and Sure Start products.

Cisco announced it had acquired operational technology (OT) cybersecurity firm Sentryo for an undisclosed amount.

While not an acquisition, Alphabet's security “moonshot” company Chronicle was folded into Google Cloud. While some viewed it as another product failure for the company, Jeberg thinks that the move makes strategic sense for Google Cloud, which he says has been “bulking up its team as of late” most recently by acquiring the data analytics company Looker.

Cyber M&A in 2020

2019 was one of, if not the outright, busiest and most valuable years on record for cybersecurity M&A activity. Hampleton Partners predicts that acquisitions will continue at a high level as incumbents battle to complete the “single pane of glass” promise. Jeberg acknowledges that the rapid consolidation of many startups into existing large companies has its pros and cons for CISOs.

“The move towards suites with broad, if not all-encompassing, functionality makes it easier to acquire and maintain the necessary bits and pieces to secure your environment and manage cyber risk,” says Jeberg. “However, it reintroduces the classic suite vs. best-of-breed discussion. CISOs will be married to one vendor, and it will be more difficult to pick and choose the best-suited individual components to satisfy their particular risk profile.”

The largest deals of 2020 so far have been:

1 2 Page 1
Page 1 of 2
How to choose a SIEM solution: 11 key features and considerations