Google grabbed headlines last week when it announced it will pay $5.4 billion to buy cyber firm Mandiant. While the size of the deal alone is impressive, it may also be a harbinger for a record-setting year of M&A in the space.
Less than three months into the year, some noteworthy deals aside from the Mandiant/Google acquisition have already been announced both by companies in cyber and outside the space, including:
- Google bought New York-based security orchestration, automation and response (SOAR) provider Siemplify for $500 million in January.
- Minnesota-based HelpSystems bought both Portland, Oregon-based compliance management startup Tripwire for $350 million in February, and Houston-based cloud security company Alert Logic for an undisclosed amount last week.
- San Francisco-based Plaid acquired Walnut, California-based identity verification and compliance platform Cognito for $250 million last week.
- SentinelOne acquired Fremont-based identity detection and response company Attivo Networks for $616.5 million just this week.
Search less. Close more.
Grow your revenue with all-in-one prospecting solutions powered by the leader in private-company data.
Other companies, including Darktrace, ForeScout and Cloudflare, all announced deals early in the year. In total, more than two dozen deals have been announced thus far in 2022. While only a handful of announced deals disclosed terms, those that did were worth nearly $7.4 billion, easily on pace to beat the $13.7 billion for deals with announced terms in 2021—which was a record year in terms of volume with 134 deals.
Google makes a move
While the Google/Mandiant proposed marriage made big headlines because of what it could mean for cloud security, last year had an even larger deal in the greater cyber ecosystem when Okta paid $6.5 billion in a stock deal for Bellevue, Washington-based Auth0.
However, that was a very different space—identification and authentication—and did not involve one of the largest tech giants in the world in its cloud battle with Microsoft and Amazon.
“Google is a late comer to the enterprise (space) in general,” said Ofer Schreiber, partner and head of the Israel office for cyber venture firm YL Ventures. “This is the cloud vendor’s war.”
Those involved in the cybersecurity sector agree the Mandiant deal—Google’s second-largest acquisition ever—and the Siemplify buy are both aimed at taking on AWS and Microsoft for cloud supremacy. Perhaps more specifically, it is to take on Microsoft—which had been a rumored suitor for Mandiant earlier this year—and the security it has built around its Azure cloud offering.
Through the years, Microsoft has prioritized security—particularly around the Azure cloud—both through internal development and through dealmaking, picking up cybersecurity startups such as Adallom, CyberX, Aorato and Hexadite.
“Microsoft has a better standing in the enterprise” market, Schreiber said.
With the acquisition of Mandiant, which can help automate incident response, Google strengthened its cloud security offering to potential customers. Schreiber said he believes the next buzzword in the industry could be “XDR”—or extended detection and response—which collects and correlates data across multiple security layers such as cloud workloads, servers and endpoints.
“Security really is a data issue,” he said. “You need data for sophisticated attackers.”
Taking its cloud offering more to large enterprises was something Google had in mind back in 2019 when it named Thomas Kurian CEO of Google Cloud after his time at Oracle, said Alberto Yépez, co-founder and managing director at Forgepoint Capital, which specializes in cybersecurity and infrastructure software investments. Yépez sold his last cyber company to Oracle while Kurian was there, and Kevin Mandia—Mandiant’s founder—serves on Forgepoint’s advisory council.
Yépez said he can see both the Mandiant and Siemplify deals working in unison for Google Cloud—as Siemplify’s orchestration aspect acts as a middleware layer and helps with integration.
Yépez, whose portfolio company Area 1 Security was acquired by Cloudflare just last month, does not necessarily expect the dealmaking to cease any time soon. Along with large players like those mentioned above continuing to buy select point solution specialists with strong IP, Yépez said he also believes the current uncertainty in the market will play a role.
“I think this is a prime time for exits,” said Yépez, who also was an early investor in Attivo. “Companies may have to raise money at lower valuations … these overfunded companies will have to make a choice.”
Companies will look at targets in cybersecurity to expand their total addressable market, Yépez said. Acquisition targets that can do that and have high intellectual property can still see 20x trailing revenue, said Yépez, adding that potential acquirers consistently reach out to his portfolio investments.
However, Schreiber said due to the sheer amount of capital poured into the space through the last few years, valuations remain high and he is seeing a bit of slowing in dealmaking.
While deals in the range of $150 million to $400 million used to be seen in cyber, it now has become small deals for very young companies or big home run swings by tech giants.
“You are seeing a lot of companies get bought early,” he said. “There just are not a lot of exits for a few hundreds of millions of dollars.”
Illustration: Dom Guzman
Stay up to date with recent funding rounds, acquisitions, and more with the