The six biggest vendor cybersecurity acquisitions of all time, and why they were made
CRN runs through the top six cybersecurity acquisitions from vendors, following the news that NortonLifeLock is acquiring Avast
NortonLifeLock's $8.6bn acquisition of Avast, which was announced last week, goes down in history as one of the biggest cybersecurity acquisitions ever.
But it is just the latest of many $1bn plus cybersecurity acquisitions from vendors in recent years.
As the number of cyber-attacks has continued to grow, so has the cybersecurity industry. Companies are reaching $1bn valuations quicker than they ever have before as businesses invest heavily in making sure their operations are secure.
Intel's blockbuster acquisition of McAfee announced back in 2010 set the tone for what would be a busy decade when it came to vendors acquiring cybersecurity firms. And while some have proved to be successful, others have not reaped the rewards that the acquiring company had originally intended.
Private equity firms have also played a huge role in the cybersecurity industry in recent years, with Thoma Bravo acquiring Proofpoint for a whopping $12.3bn back in April.
But excluding private equity cybersecurity purchases, these six mega acquisitions rank as CRN's biggest when it comes to value and overall importance…
Broadcom acquires Symantec Enterprise
When?
Completed in November 2019
How much?
$10.7bn
Why?
Chip maker Broadcom bought the enterprise division of Symantec after failing to complete a deal for the entire company, with the intention of fulfilling its goal of expanding its "infrastructure software footprint", according to Broadcom's CEO Hock Tan.
With the acquisition, the company was able to add a portfolio of cybersecurity solutions to its offering, with Tan claiming at the time that he expected it to add over $2bn of "sustainable run rate revenues" to Broadcom's existing business.
It received a mixed reaction at the time. Atherton Technology analyst Jeb Su wrote in Forbes after the acquisition was announced that he "did not see the technology synergies between Broadcom's semiconductor activities and its new enterprise software infrastructure business".
Just a few months after the acquisition was finalised, Broadcom opted to sell Symantec's cyber security services business to Accenture for an undisclosed sum, with Tan reportedly keen to focus more on its endpoint, web and data loss protection products.
NortonLifeLock acquires Avast
When?
Announced in August 2021
How much?
$8.6bn
Why?
A deal for NortonLifeLock to buy out LSE listed Avast for $8.6bn was announced last week and will create a "world-leading consumer cyber safety business" according to the former's CEO Vincent Pilette.
NortonLifeLock was formerly branded as Symantec's consumer business but changed its name when the enterprise business was purchased by Broadcom, and Pilette added that the acquisition would accelerate the "shared vision" of both NortonLifeLock and Avast to "provide holistic cyber protection for consumers around the globe".
The increased number of capabilities Avast brings to the business and the ability to access a "larger global user base" would help achieve that, he said.
In the biggest vendor cybersecurity acquisition since Broadcom bought Symantec Enterprise, NortonLifeLock has laid out its aims of being the global leader when it comes to cybersecurity for consumers.
The size of the deal no doubt comes with risk but acquiring a significant competitor while expanding its range of services and customers makes the deal completely understandable.
Intel acquires McAfee
When?
Finalised in March 2011
How much?
$7.7bn
Why?
Intel paid a whopping $7.7bn for McAfee back in 2010 with the intention of bringing tight links between its chips and McAfee's security, as the former set its sights on accelerating the move towards smartphones and other electronics connected to the internet.
It signalled a move into the cybersecurity market from the chip making vendor, with its former CEO and president Paul Otellini claiming at the time that security would become a "third pillar of what people demand from computing experiences" alongside "energy efficient performance and connectivity".
At the time, the news was not received too well. After the deal was first announced in August 2010, Intel's shares dipped by about 3.5 per cent as investors reacted to the news.
And the move did not exactly pan out as Intel had hoped. The firm sold the majority control of what became known as Intel Security to TPG Capital and Thoma Bravo back in 2017 while retaining a 49 per cent stake, allowing McAfee to revert to its old branding and pursue a more focused cybersecurity strategy separate of Intel's chip and hardware business.
Ultimately, its goals for the acquisition were not achieved.
Okta acquires Auth0
When?
Completed in May 2021
How much?
$6.5bn
Why?
The acquisition of Auth0 earlier this year saw Okta acquire a similar identity management business to provide an "enhanced depth and breadth of identity solutions".
Okta claimed that the combination of the two would "solve every identity use case" and would provide a "single, unified identity platform" for customers, making use of the "combined expertise" both businesses possess.
Clearly there are obvious similarities between the two companies, given that they both focus on the same key core area of providing identity management software, and by making this acquisition Okta has effectively bolstered its existing capabilities with a wider offering for application developers specifically.
And given Auth0 was one of the primary alternatives that customers considered to Okta, the latter has taken a huge step towards establishing itself as the go-to business when it comes to identity services.
Cisco acquires Duo Security
When?
Completed in October 2018
How much?
$2.35bn
Why?
Cisco's acquisition of authentication and endpoint security platform provider Duo Security in 2018 would "enable Cisco's customers to easily and securely connect users to any application on any networked device", the vendor said at the time.
The move signalled Cisco's focus on security as a priority moving forward, using Duo's two-factor authentication as a means of keeping its customers safe while expanding its security division in the process to better take on the competition.
Paying such a hefty price for a security company showed just how intent Cisco is in developing into this sector, with CEO Chuck Robbins saying at the time that security was the "number one concern" for its customers.
And while French multinational company Thales' acquisition of Gemalto is a bigger non-private equity deal in valuation than Cisco's purchase of Duo Security, the latter had a bigger impact on the IT industry as a whole given such a big player in the market committed so heavily to investing in cybersecurity.
VMware acquires Carbon Black
When?
Completed in October 2019
How much?
$2.1bn
Why?
The acquisition of Carbon Black, which provides endpoint security software through the cloud, saw VMWare launch a brand new "security business unit" to be led by Carbon Black's CEO Patrick Morley.
It was a significant expansion for VMWare, which spent over $2bn in the deal and pointed to the increased spending on cybersecurity and high-profile cyber attacks as a reason for the acquisition as, like Cisco, it sought to expand into the cybersecurity sector.
Carbon Black uses data to track habits among cyber hackers to learn how to stop them, with VMWare claiming at the time that the deal would accelerate its "intrinsic security strategy across the most important security control points".
Essentially, it provided the software company with a huge avenue for growth into an industry that, moving forward, is pivotal for the big vendors to be involved in.