grabbed headlines last week when it announced it will pay $5.4 billion to buy cyber firm . While the size of the deal alone is impressive, it may also be a harbinger for a record-setting year of M&A in the space.
Less than three months into the year, some noteworthy deals aside from the Mandiant/Google acquisition have already been announced both by companies in cyber and outside the space, including:
- Google bought New York-based security orchestration, automation and response (SOAR) provider for $500 million in January.
- Minnesota-based bought both Portland, Oregon-based compliance management startup for $350 million in February, and Houston-based cloud security company for an undisclosed amount last week.
- San Francisco-based acquired Walnut, California-based identity verification and compliance platform for $250 million last week.
- acquired Fremont-based identity detection and response company for $616.5 million just this week.
Search less. Close more.
Grow your revenue with all-in-one prospecting solutions powered by the leader in private-company data.
Other companies, including , and , all announced deals early in the year. In total, more than two dozen deals have been announced thus far in 2022. While only a handful of announced deals disclosed terms, those that did were worth nearly $7.4 billion, easily on pace to beat the $13.7 billion for deals with announced terms in 2021—which was a record year in terms of volume with 134 deals.
Google makes a move
While the Google/Mandiant proposed marriage made big headlines because of what it could mean for cloud security, last year had an even larger deal in the greater cyber ecosystem when paid $6.5 billion in a stock deal for Bellevue, Washington-based .
However, that was a very different space—identification and authentication—and did not involve one of the largest tech giants in the world in its cloud battle with and .
“Google is a late comer to the enterprise (space) in general,” said , partner and head of the Israel office for cyber venture firm . “This is the cloud vendor’s war.”
Those involved in the cybersecurity sector agree the Mandiant deal—Google’s second-largest acquisition ever—and the Siemplify buy are both aimed at taking on and Microsoft for cloud supremacy. Perhaps more specifically, it is to take on Microsoft—which had been a —and the security it has built around its Azure cloud offering.
Through the years, Microsoft has prioritized security—particularly around the Azure cloud—both through internal development and through dealmaking, picking up cybersecurity startups such as , , and .
“Microsoft has a better standing in the enterprise” market, Schreiber said.
With the acquisition of Mandiant, which can help automate incident response, Google strengthened its cloud security offering to potential customers. Schreiber said he believes the next buzzword in the industry could be “XDR”—or extended detection and response—which collects and correlates data across multiple security layers such as cloud workloads, servers and endpoints.
“Security really is a data issue,” he said. “You need data for sophisticated attackers.”
Taking its cloud offering more to large enterprises was something Google had in mind back in 2019 when it named CEO of after his time at , said , co-founder and managing director at , which specializes in cybersecurity and infrastructure software investments. Yépez sold his last cyber company to Oracle while Kurian was there, and Kevin Mandia—Mandiant’s founder—serves on Forgepoint’s advisory council.
Yépez said he can see both the Mandiant and Siemplify deals working in unison for Google Cloud—as Siemplify’s orchestration aspect acts as a middleware layer and helps with integration.
What’s next
YĂ©pez, whose portfolio company was acquired by Cloudflare just last month, does not necessarily expect the dealmaking to cease any time soon. Along with large players like those mentioned above continuing to buy select point solution specialists with strong IP, YĂ©pez said he also believes the current uncertainty in the market will play a role.
“I think this is a prime time for exits,” said Yépez, who also was an early investor in Attivo. “Companies may have to raise money at lower valuations … these overfunded companies will have to make a choice.”
Companies will look at targets in cybersecurity to expand their total addressable market, Yépez said. Acquisition targets that can do that and have high intellectual property can still see 20x trailing revenue, said Yépez, adding that potential acquirers consistently reach out to his portfolio investments.
However, Schreiber said due to the sheer amount of capital poured into the space through the last few years, valuations remain high and he is seeing a bit of slowing in dealmaking.
While deals in the range of $150 million to $400 million used to be seen in cyber, it now has become small deals for very young companies or big home run swings by tech giants.
“You are seeing a lot of companies get bought early,” he said. “There just are not a lot of exits for a few hundreds of millions of dollars.”
Illustration:
Stay up to date with recent funding rounds, acquisitions, and more with the Crunchbase Daily.
![Illustration of a guy watering plants with a blocked hose - Global [Dom Guzman]](/wp-content/uploads/quarterly-global-3-300x168.jpg)
67.1K Followers