Top cybersecurity M&A deals for 2022

The hot cybersecurity mergers and acquisition market continues into 2022 as vendors look to solidify their positions and expand their offerings.

big data merger and acquisition big business smb
Thinkstock

The number of cybersecurity mergers and acquisitions deals in 2021 set a record pace. The first three quarters of the year saw 151 transactions in the industry, according to 451 Research. That’s up from 94 for the same period in 2020. That trend is likely to continue in 2022.

Many of the 2021 transactions CSO reported were in the identity and cloud security markets, especially toward the end of the year. This trend is likely to continue as these markets consolidate.

In all markets, larger firms are looking to expand their capabilities. Recorded Future’s acquisition of SecurityTrails is an early 2022 example, as it adds attack surface monitoring technology to Recorded Future’s offerings.

Last year saw some companies that are not primarily in the cybersecurity market buy security firms to better protect their data and customers. In November 2021, global retailer Schwarz Group bought cloud security firm XM Cyber to enhance the security of its digital offerings. This is likely to continue into 2022, as evidenced by Google Cloud’s acquisition of Siemplify. Google Cloud already offers a suite of security tools to its cloud platform customers. Siemplify enhances gives it enhanced security orchestration, automation and response (SOAR) capabilities.

Below are the deals that CSO has selected as the most significant of the year. (This list is updated periodically as new deals are announced.)

Threat intelligence firm Flashpoint buys Risk Based Security

January 12: Flashpoint has announced its acquisition of Risk Based Security (RBS), which offers vulnerability and data breach intelligence services. Flashpoint plans to integrate RBS's knowledgebase and technology into its platform. “This acquisition will enable our clients to rapidly detect critical vulnerabilities before they are widely known, and then automate how they prioritize and remediate these issues," said Flashpoint CEO Josh Lefkowitz in a press release. "This is a game changer for security teams and represents a vital step towards achieving Flashpoint’s vision of being the single vendor that enterprises can rely on to mitigate all types of security risks and protect critical assets.” Terms of the sale were not released.

Cerberus Cyber Sentinel acquires True Digital Security

January 5: Cybersecurity consultancy and managed service provider Cerberus Cyber Sentinel has purchased True Digital Security. That company, which provides cybersecurity operations and compliance services, will continue to operate as a wholly owned subsidiary of Cerberus. “True Digital is an exceptional cultural fit for the Cerberus family of companies. Together we will keep businesses safe as their managed compliance and cybersecurity, plus culture, provider (MCCP+),” said David Jemmett, CEO and founder of Cerberus Sentinel, in a press release. “This acquisition expands and complements our team of deeply experienced cybersecurity professionals and executives, bringing our clients best-of-breed technology, proven processes, and people.” Terms of the deal were not disclosed.

Recorded Future buys SecurityTrails

January 5: Security intelligence firm Recorded Future has acquired SecurityTrails, which is known for its attack surface monitoring technology, for $65 million. The company expects to enhance its threat landscape visibility tools by leveraging SecurityTrails technology to provide more insight to customers’ attack surface and shadow infrastructure. “By combining Recorded Future’s unsurpassed Intelligence Platform with SecurityTrails’ unrivaled view into an organization’s attack surface, we make life miserable for the adversary,” said Dr. Christopher Ahlberg, CEO and co-founder, Recorded Future, in a press release.

Corvus Insurance enters UK and other markets with Tarian Underwriting acquisition

January 5: U.S.-based commercial insurance provider has purchased Tarian Underwriting. Based in London, UK, Tarian is a cyber underwriting platform with a presence in the UK, U.S., Canada, Middle East and Australia. “By bringing Tarian into the Corvus fold, we are expanding our international footprint into Europe, Africa and Australia with an experienced and proven team of underwriters,” said Corvus founder and CEO Phil Edmundson in a press release. Terms of the deal were not disclosed.

Google Cloud acquires SOAR vendor Siemplify

January 4: Google Cloud announced that it has purchased Siemplify and its SOAR technology. The company plans to add Siemplify’s tools into its Chronicle security suite. “We plan to invest in SOAR capabilities with Siemplify’s cloud services as our foundation and the team’s talent leading the way. Our intention is to integrate Siemplify’s capabilities into Chronicle in ways that help enterprises modernize and automate their security operations,” said Sunil Potti, vice president and general manager for Google Cloud Security, in a blog post. Terms of the deal were not released.

Copyright © 2022 IDG Communications, Inc.

Microsoft's very bad year for security: A timeline