Next-Generation Technologies & Secure Development , Security Operations
Cybersecurity M&A Update: Five Firms Make Moves
Ivanti, Sophos, Deloitte, Cerberus Sentinel and Feedzai Announce DealsCybersecurity acquisitions continue at an intense pace, with five companies announcing deals in the last three days.
See Also: Revealing the Threat Landscape: 2024 Elastic Global Threat Report
On Monday, IT management and service software company Ivanti reported it had acquired the risk-based vulnerability management company RiskSense.
Three deals were announced on Tuesday.
Sophos has acquired Bellevue, Washington-based DevSecOps security firm Refactr; Deloitte Risk & Financial Advisory has purchased aeCyberSolutions from Greenville, South Carolina-based Applied Engineering Solutions; and Cerberus Sentinel closed a deal to acquire Cranbury, New Jersey-based managed security services provider VelocIT.
On Wednesday, the cloud-based financial risk management firm Feedzai reported it had acquired the behavioral biometric platform Revelock.
Financial terms of the five acquisitions were not disclosed.
Ivanti and RiskSense
Ivanti says it acquired Albuquerque, New Mexico-based RiskSense with the intent of using that firm's vulnerability management and prioritization technology to help shrink customer's attack surfaces through better patch management and enable them to take steps to stop attacks.
RiskSense's staff will join Ivanti's workforce, an Ivanti spokespersons says.
Mitchell Schneider, principal research analyst at Gartner, says, "The opportunity that Ivanti and RiskSense have taken advantage of is to enrich the threat topology with insight from both the threat and the endpoint management perspective to improve visibility into an organization's threat context."
Sophos' Action
Sophos' acquisition of Refactr was completed with the intention of optimizing Refactr's DevSecOps automation platform to add security orchestration automation and response, or SOAR, capabilities to Sophos' managed threat response and extended detection and response solutions, the company says.
"As we've seen in recent supply chain incidents, attackers are increasingly targeting software development pipelines, and defenders need the ability to shift further left of attackers. The industry needs SOAR to mature into more capable and generalizable DevSecOps solutions," says Joe Levy, chief technology officer at Sophos.
“With this acquisition, Sophos continues to build on its adaptive cybersecurity ecosystem platform that combines software, hardware and services from their own stable with an open technology alliance program for third-party integrations,” says Paul Webber, a senior research director with Gartner.
This deal comes on the heels of Sophos' July 23 purchase of Braintrace.
Deloitte's Buying Spree
Deloitte Risk & Financial Advisory's acquisition of aeCyberSolutions from Greenville, South Carolina-based Applied Engineering Solutions is intended to bolster Deloitte's cybersecurity offerings for industrial control systems and operational technology security, the company says.
This acquisition marks the fifth deal announced by Deloitte Risk & Financial Advisory this year. In addition, Deloitte Consulting acquired the systems engineering and cybersecurity firm Sentek Consulting on July 23.
Cerberus Sentinel and VelocIT
Cerberus Sentinel said that VelocIT will become a wholly owned subsidiary, continuing its focus on providing integrated risk managed services.
VelocIT President Darek Hahn and COO Glenn Kupsch will take on executive positions with Cerberus Sentinel.
Feedzai Adds Revelock
Feedzai portrays its purchase of Revelock as a first step toward building a financial intelligence network.
The company seeks to tie Feedzai's Risk Ledger, which consists of 150 billion data points that are aggregated from previous financial transactions, to Revelock's biometric intelligence that's gathered from users, devices and sessions connecting to a system. It will use these two technologies to help determine if a transaction is fraudulent.