A standard business decision made by many technology vendors is whether it is better to buy or to build new capabilities that will help to grow the business. In 2018 so far, an increasing number of vendors have decided to buy rather than build, when it comes to cyber-security technology.
In the first three weeks of January 2018 alone there were at least six cyber-security vendor acquisitions. There will undoubtedly be many more in the weeks and months ahead as 2018 will likely be a year in which the cyber-security market consolidates somewhat.
Year-after-year, new cyber-security startups emerge and in recent years there has been a dramatic growth in venture-capital that has poured into the market. At some point, investors need to see a return on their investments and that need will be a significant driver cyber-security acquisitions in 2018.
Looking at the cyber-security acquisitions announced so far in 2018, provides some insight into the trends that are likely to continue to fuel the market for acquisition for some time to come.
One of the first acquisitions of 2018 was Barracuda Networks Jan. 3 announcement that it was acquiring privately-held PhishLine. Barracuda Networks itself is in the process of being acquired by private-equity firm Thoma Bravo in a $1.6 billion deal announced in November 2017. With PhishLine, Barracuda is aiming to improve its email protection capabilities to help mitigate the risks of phishing. This isn't the first time Barracuda has acquired a company to expand its phishing security technologies either. In March 2016, Barracuda acquired security startup Sookasa. The technology from that acquisition now enables the Barracuda Sentinel service that was announced in June 2017.
While some acquisitions are about new technologies, there are also acquisitions that are largely about talent and adding much needed human resources. On Jan 4. global consulting firm KPMG acquired Cyberinc's global identity and access management (IAM) business unit. The acquisition brings in new talent to KPMG to help further support global customers with their IAM efforts.
On Jan. 8, Cyxtera Technologies announced the acquisition of security startup Immunity, which provides penetration testing and exploit development services. Cyxtera itself was officially formed in May 2017 by a consortium that includes BC Partners and Medina Capital, which first announced the deal to create the company in November 2016. Cyxtera includes multiple security firms including Cryptzone, Catbird, Easy Solutions and Brainspace as well as the owning a large data center business that was acquired from CenturyLink.
WatchGuard Technologies announced on Jan. 16 that it has acquired Percipient Networks to help improve DNS security. Percipient Networks flagship product Strongram provides a DNS service that helps block phishing and malware attacks. On Jan. 16 Allot Communications announced that it is acquiring privately-held home network security vendors Netonomy to improve its Internet of Things (IoT) cyber-security offerings. Finally, Quest Software's One Identity business unit announced on Jan. 18 that it acquired privately-held privileged access management vendor Balabit.
That's a lot of activity for a three-week period. In none of the acquisitions listed above, were any financial terms publicly revealed and in all cases the technologies add new features to the acquiring company's existing cyber-security portfolio.
There are always new cyber-security startups that emerge with new technologies and often the question that is asked is whether or not the company is just building a feature as opposed to a product. On the other hand, many established vendors aim to build technology platforms with a suite of inter-related services and capabilities.
After a company has been in business for a few years, investors want to know that their investment will yield a return. Existing vendors need to grow fast in an increasingly competitive space where new security challenges constantly appear. Furthermore new U.S tax laws and other favorable business conditions exist now that will likely make 2018 a year of acquisitions and consolidation in the cyber-security industry.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.