Dinner is served: the feeding frenzy of cyber mergers and acquisitions shows the thirst for confidence

Dinner is served: the feeding frenzy of cyber mergers and acquisitions shows the thirst for confidence

Make no mistake, it was all about the cloud.

Mandiant’s $5.4 billion prize was a bargaining chip for Alphabet, Google’s parent company, with a market value of $1.7 trillion. The acquisition of one of America’s leading cybersecurity companies was a cloud game in a race that Google was losing.

Google’s 10% share of the cloud infrastructure services market is lower than Microsoft Azure’s 21% and is dwarfed by Amazon Web Services’ 33%, according to Synergy Research Group.

The triumvirate is raking in growing sums from the $178 billion market to store and protect corporate data around the world.

Security is only part of the sales pitch.

“Let’s face it, Google is in kind of a death race with AWS and Azure in terms of cloud supremacy, isn’t it,” said Garrett Bekker, principal research analyst at S&P Global’s 451 Research. “To some extent, security is a tool that helps them achieve this more than an end in itself.”

Google’s engulfment of Mandiant is the latest in an industry feeding frenzy. There were more than 200 M&A deals last year, with total disclosed valuations exceeding $55 billion. Over the past five years, there have been more than 1,000 cybersecurity M&A deals, according to data from CB Insights.

This week recorded a Acquisition of $616.5 millionwith SentinelOne’s plans to add Attivo Networks’ identity security to its XDR suite.

Data from CB Insights

Naomi Eide / Cyber ​​Security Dive

In addition, private equity investors injected nearly $27 billion — about $41 million on average — into 823 companies last year, more than double the investment from the previous year.

What is curious is who has the appetite and why.

Of the top 25 M&A deals with disclosed valuations over the past five years, 13 were from private equity and one from venture capital, according to data from CB Insights. The most expensive: a private equity group Purchase of McAfee for $14 billion and Thomas Bravo $12.3 billion deal for Proofpoint.

Top 10 cybersecurity M&A deals, 2017-2022
Company Acquirer Price Year
McAfee Permira, Crosspoint Capital Partners, Advent International, GIC, CPP Investments, Abu Dhabi Investment Authority $14 billion 2022
point of proof Thomas Bravo $12.3 billion 2021
Atalla hardware security module Micro focus $8.8 billion 2017
Avast NortonLifeLock $8.6 billion 2021
Auth0 Okta $6.5 billion 2021
Mimecast allow $5.8 billion 2021
quest software Clearlake Capital Group $5.4 billion 2021
Beggar google $5.4 billion 2022
Gemalto Thales Group $5.4 billion 2019
Last pass Francisco Partners, Evergreen Coast Capital $4.3 billion 2019

SOURCE: CB Insights

But 11 of the acquisitions were shrewd deals from companies buying more innovative and nimble security companies to beef up their toolkits. from Cisco $2.35 billion the purchase of Duo Security in 2018, is a perfect example.

There are more than 4,000 cybersecurity companies today, quadruple the number from five years ago when Bekker of 451 started counting.

“There’s an argument to be made that there are just too many security vendors,” Bekker said. “To a certain extent, it’s a kind of natural culling.”

Mandiant was ripe for the acquisition. The threat intelligence and incident response firm takes center stage in the most high-profile threats — it’s the firm that uncovered the SolarWinds hack in 2020. It’s a boutique firm and the demand is so high that Mandiant has to turn away customers. It saves its resources for the most sensitive cases, like the Colonial Pipeline ransomware attack last year.

After it sold its FireEye product division last fall, it increased its focus on incident response, but analysts questioned how much money Mandiant would have to invest in R&D to compete with larger competitors. Mandiant and Google declined to comment beyond what has already been shared publicly.

The merger with Google eliminates this concern. Fueled by Google’s prowess in analytics, data and artificial intelligence, Mandiant’s information automation potential would be a boon to the average business trying to close its security gaps.

“What people want to buy is trust,” said Peter Firstbrook, VP analyst at Gartner.

“You can’t just sell products anymore. It’s not enough to sell software,” he said. “You have to sell with the people who can do the job because most buyers don’t even have time to test anything, let alone operationalize and sustain it.”

Recent data from Panaseer shows that organizations manage an average of 76 separate security tools, up from 64 tools in 2019, according to a survey of 1,200 senior security managers.

Mandiant and Google would provide a happy marriage, capitalizing on security vendors’ operational knowledge and understanding of key threat signals. That, combined with Google’s experience in data and cloud, is a big opportunity, he said.

But brain drain is one of the main risks of any acquisition, as key personnel flee or are poached.

“A consolidated cloud infrastructure to achieve economies of scale on IT infrastructure,” Firstbrook said. “Mandiant consolidates the gray matter needed to manage this or secure it in a central location for economies of scale.”

The deal is expected to close later this year. Cybersecurity Dive will follow the integration and race for cloud supremacy.