Cybersecurity Acquisitions in Massachusetts

Palo Alto Networks has completed its acquisition of CyberArk, integrating CyberArk's identity security platform into Palo Alto's broader security ecosystem. Under the deal, CyberArk shareholders will receive $45 in cash and 2.2005 shares of Palo Alto Networks common stock per CyberArk share; the acquisition is intended to make identity security a core pillar across human, machine, and AI/agent identities.

FGS Global launched a new AI Advisory practice and acquired Memetica, a specialist threat intelligence consultancy founded in 2019 by Ben Decker. The purchase integrates Memetica’s AI-driven threat detection and dark‑web monitoring capabilities into FGS’s global AI and Innovation group to strengthen early‑warning, tipping‑point analysis and reputational defense offerings.

McAfee has completed the acquisition of MineOS's consumer privacy division. MineOS will divest its consumer product to focus fully on enterprise privacy, risk management, and AI governance, reinvesting proceeds to accelerate its enterprise platform development.

MTX Group Inc., a global technology consulting firm, has acquired VerifyID.ai, an AI-powered digital identity verification platform focused on the public sector. The acquisition expands MTX's AI and cybersecurity capabilities and enables integration of VerifyID.ai's biometric, anti-spoofing, and decentralized identity technology into MTX's government-facing services.

UltraViolet Cyber acquired Black Duck's Application Security Testing (AST) services business, integrating penetration testing, red teaming, threat modeling, cloud/container risk assessments, and secure development consulting into its unified security operations portfolio. Achieve Partners served as the equity sponsor for the transaction; Black Duck will retain its core software and SaaS offerings while its professional and managed AST services join UltraViolet to expand capability for commercial and federal clients.

Knexus, a Vienna, Virginia–based provider of AI solutions to the U.S. federal government, has acquired S4, a Bedford, Massachusetts provider of enterprise IT, cybersecurity, and intelligence analysis services. The deal combines Knexus' AI capabilities with S4's cybersecurity and IT delivery to expand end-to-end AI-enabled solutions and improve mission-focused support for federal customers.

Fortra has acquired Lookout's Cloud Security business, including its Security Service Edge (SSE) solution offering CASB, ZTNA and SWG capabilities. The deal expands Fortra's cloud and data security portfolio—adding DSPM and broader cloud security functionality to complement its existing DLP and data discovery offerings.

PartnerOne has acquired NetWitness from RSA. NetWitness, a provider of scalable threat detection and response platforms, will operate as an independent company within PartnerOne's enterprise software portfolio and receive investment to expand its technology and capabilities for large enterprise and government customers.

SailPoint Technologies has acquired Imprivata's Identity Governance and Administration (IGA) business and entered a strategic go-to-market partnership with Imprivata, effective December 13, 2024. SailPoint will integrate Imprivata's IGA with its Identity Security Cloud, support customers who remain on Imprivata's IGA platform through 2027, and promote Imprivata as its exclusive enterprise access management partner in healthcare while Imprivata focuses on access management, mobile, and privileged access solutions.

iStorage Group, a UK-based leader in hardware-encrypted data storage, has acquired Kanguru Solutions, a U.S. maker of high-security encrypted drives, duplication systems, and remote management software. The acquisition expands iStorage's product portfolio and accelerates its geographic reach across the Americas while strengthening offerings for government, healthcare, energy and financial customers.

Mastercard has agreed to acquire threat intelligence firm Recorded Future from Insight Partners for $2.65 billion. The acquisition will expand Mastercard's cybersecurity and fraud-prevention capabilities by adding Recorded Future's AI-powered threat intelligence platform and customer base across government and enterprise markets; the deal is expected to close by Q1 2025 subject to regulatory review.

360 Advanced, a tech-enabled cybersecurity and compliance firm based in St. Petersburg, Florida, has acquired Aberrant, an information security management platform designed for Managed Service Providers. The deal expands 360 Advanced's tech capabilities to underpin its managed security services and accelerate automation and GRC integrations.

Bureau Veritas has signed an agreement to acquire Security Innovation Inc., a US-based software security consulting firm headquartered in Boston. The deal adds ~95 specialists and EUR 21 million of 2023 revenue to Bureau Veritas' cybersecurity capabilities and establishes a new cybersecurity hub in the US; closing is expected in Q3 2024.

Rapid7, Inc. has signed a definitive agreement to acquire Noetic Cyber, a cyber asset attack surface management (CAASM) provider. The acquisition adds Noetic's CAASM capabilities to Rapid7's security operations platform to give customers more comprehensive internal and external asset visibility and improved prioritization of exposures.

Cloudflare, Inc. has acquired BastionZero, a Zero Trust infrastructure access platform, to integrate BastionZero’s passwordless, just-in-time access controls into Cloudflare One. The deal expands Cloudflare’s SASE capabilities to provide Zero Trust access for servers, Kubernetes clusters, and databases, improving security, compliance, and remote developer productivity.

Clearlake Capital and Francisco Partners agreed to acquire Synopsys' Software Integrity Group in a transaction valued at up to $2.1 billion, creating a newly independent application security company to be branded Black Duck. The deal — a carve-out divestiture by Synopsys — is expected to close in H2 2024 (announcement) and was completed October 1, 2024, enabling the business to operate as a standalone leader in application security testing.

Apax Digital Fund II (the Apax Digital Funds) has made a strategic growth investment in IANS Research to accelerate product development, expand the company’s value proposition and scale go-to-market efforts. IANS, a practitioner-led research and advisory platform serving Chief Information Security Officers (CISOs), will add Apax Digital partners to its board; financial terms were not disclosed and the deal is expected to close in Q2 2024.

Commvault has acquired Appranix, a cloud cyber-resilience provider whose Cloud Resilience Copilot automates discovery, configuration backup and rebuilds of cloud applications. The acquisition adds automated rebuild capabilities to Commvault's cyber resilience platform to reduce recovery time and improve post-attack application restoration across multi-cloud environments.

SHI International has acquired Moot, Inc., a cybersecurity company that provides an orchestration-as-a-service platform to automate security workflows and optimize customers' existing security tools. The acquisition will fold Moot into SHI's Stratascale cybersecurity unit to expand orchestration, identity and device security capabilities.

Application security platform Cycode has acquired Bearer, a SAST startup that also provides API discovery and data-leak protection, to integrate Bearer’s AI-powered static analysis and remediation capabilities into its Application Security Posture Management (ASPM) platform. Financial terms were not disclosed; Cycode will migrate Bearer customers onto its platform over time and use Bearer’s engine and AI assistant to deepen scanning, precision, and remediation workflows.

1Password has acquired Kolide, a provider of device health and contextual access management, and will integrate Kolide's team and technology to strengthen 1Password's Zero Trust and device security capabilities. The acquisition adds contextual access management and self-remediation device workflows to 1Password's identity security platform, helping customers ensure only trusted users on trusted devices can access applications.

WatchGuard Technologies acquired CyGlass Technology Services to integrate CyGlass’s cloud-native, AI/ML-based network detection and response technology into the WatchGuard Unified Security Platform. The acquisition is intended to add Network Detection and Response (NDR) and accelerate Open XDR capabilities for WatchGuard’s partners and customers, particularly MSPs and mid-sized enterprises.

GreenPages Technology Solutions, a Portsmouth, New Hampshire–based cybersecurity, cloud, and managed services provider, acquired Arcas Risk Management, a Massachusetts-based cybersecurity, risk advisory, and compliance consulting firm. The transaction (completed Feb. 1, 2023) expands GreenPages' cybersecurity capabilities—adding incident response, risk assessments, cybersecurity programs, and security operations—and is an add-on to GreenPages' PE-backed platform.

Global consulting firm J.S. Held has acquired TBG Security, a cybersecurity consultancy specializing in offensive and defensive cyber consulting, penetration testing, and incident response. The acquisition expands J.S. Held’s cyber security and investigations capabilities and adds TBG’s specialized team to its Global Investigations Practice in North America.

IBM announced plans to acquire Randori, a Waltham, Massachusetts-based attack surface management and offensive security provider. IBM will integrate Randori's ASM and continuous automated red teaming capabilities into IBM Security (including QRadar XDR and X-Force) to strengthen its hybrid cloud and AI-powered cybersecurity offerings; financial terms were not disclosed.

TA Associates has signed a definitive agreement to make a significant growth investment in Veracode, valuing the application security company at $2.5 billion. Current majority investor Thoma Bravo will retain a minority stake; the deal is expected to close in Q2 2022 and will fund Veracode's product expansion, strategic M&A, and global growth initiatives.

SilverSky has acquired Burlington, Massachusetts-based Cygilant, adding the target's Belfast-based SOC and Ph.D.-level cybersecurity and data-research talent. The deal expands SilverSky's geographic footprint into the UK/Europe and strengthens its managed detection and response (MDR) capabilities.

F5 has completed the acquisition of Threat Stack to integrate cloud-native workload protection into its application and API security portfolio. The deal adds Threat Stack’s cloud security capabilities and technical talent to strengthen F5’s visibility and threat detection across application infrastructure and workloads.

Marlin Equity Partners completed a majority-control growth recapitalization of ProcessUnity, a provider of third-party risk management and governance, risk and compliance (GRC) SaaS. Long Ridge Equity Partners, the prior majority shareholder, retains a significant minority stake; Marlin will support ProcessUnity's product innovation, customer expansion and scaling of operations.

Clearlake Capital completed a strategic equity investment in RSA Security LLC, becoming an equal partner with Symphony Technology Group while Ontario Teachers' remains a significant minority shareholder. The investment provides growth capital to accelerate RSA's product innovation and inorganic growth across its cybersecurity, GRC, identity, and fraud-prevention offerings.

Imperva has entered into an agreement to acquire jSonar, a provider of modern database and data-security software, to expand Imperva’s data security capabilities across on‑premises, cloud and DBaaS environments. The deal will combine jSonar’s analytics and SOAR capabilities with Imperva’s application and data security product lines; jSonar CTO Ron Bennatan will join Imperva to lead the combined Data Security business.

NICE Actimize has entered into a definitive agreement to acquire Guardian Analytics, a provider of AI cloud-based fraud and anti-money laundering solutions. The acquisition will combine NICE Actimize's financial crime and compliance platform with Guardian Analytics' behavioral analytics and machine-learning capabilities to expand cloud-native AML and fraud offerings across financial institutions of all sizes.

Zscaler, Inc. acquired Edgewise Networks to extend its zero-trust cloud security platform with Edgewise's application-to-application microsegmentation technology. The acquisition broadens Zscaler's capabilities for securing east-west traffic in public clouds and data centers; terms were not disclosed.

Nominet has acquired US-based cyber security company CyGlass and announced a separate £4m programme to upgrade its registry security and customer-facing systems. The acquisition brings CyGlass’ cloud-based Network Defence as a Service (NDaaS) capability into Nominet’s cyber portfolio, supporting expanded threat detection offerings for SMEs, enterprises and critical infrastructure clients.

A consortium led by Symphony Technology Group (STG) with Ontario Teachers' Pension Plan and AlpInvest Partners has acquired RSA from Dell Technologies in an all-cash transaction valued at about $2.075 billion. The deal transfers RSA — a provider of integrated risk management, identity and access management, threat detection, and fraud prevention solutions — to the investors so it can operate as an independent company and accelerate product and SaaS-focused growth.

TELEO Capital Management has acquired the Automated System Management (ASM) product platform and related products known as Industrial Defender from Capgemini America. The deal transfers the Industrial Defender cybersecurity and compliance product platform to TELEO, which plans to operate it as an independent platform and invest in product innovation and global expansion.

Proofpoint, Inc. completed its acquisition of ObserveIT, an insider threat management and endpoint monitoring platform, in November 2019. The deal brings ObserveIT's endpoint agent technology and data risk analytics into Proofpoint's people-centric security portfolio to extend data loss prevention (DLP) and insider-threat capabilities to endpoints.

Aqua Security acquired CloudSploit to expand its cloud-native security platform into Cloud Security Posture Management (CSPM) and deepen VM security capabilities. The acquisition adds CloudSploit’s SaaS-based cloud configuration monitoring and open-source heritage to Aqua’s container, serverless and cloud workload protection offerings.

VMware completed its acquisition of Carbon Black in an all-cash transaction valued at $2.1 billion (at $26 per share). Carbon Black will form the nucleus of a new VMware Security Business Unit to expand VMware’s cloud-native security and endpoint protection capabilities.

Thoma Bravo has completed the acquisition of Veracode from Broadcom in an all-cash transaction valued at $950 million. Veracode is a Burlington, Massachusetts–based provider of application security testing delivered via a SaaS platform; Thoma Bravo intends to invest in the company's product innovation and growth to extend its leadership in application security.

EZShield, a portfolio company of The Wicks Group, has acquired IdentityForce, a leading identity theft protection provider for consumers, businesses and government agencies. The add-on expands EZShield's identity protection ecosystem—adding IdentityForce's monitoring, mobile app and restoration capabilities—and positions the combined business for further organic growth and additional acquisitions in the identity/cybersecurity space.

Arxan Technologies has acquired Apperian, a Boston-based mobile application management (MAM) and security platform, to expand Arxan's mobile and IoT application protection and management capabilities. Apperian will operate as a subsidiary led by Mark Lorion, enabling Arxan to offer an integrated solution for enterprise app protection, distribution and management across unmanaged devices and BYOD scenarios.

IBM Security completed the acquisition of Resilient Systems Inc., a provider of incident response software and orchestration technology, integrating the company into IBM Security to expand its incident response capabilities. Financial terms were not disclosed; Resilient's Incident Response Platform (IRP) will be used to help customers automate and coordinate responses to cyber incidents globally.

Rapid7, Inc. acquired RevelOps, Inc. d/b/a Logentries for an aggregate purchase price of approximately $68 million, consisting of about $36 million in cash and $32 million in Rapid7 equity. The acquisition adds Logentries' cloud-based machine data search, log management, and forensics capabilities to Rapid7's security data and analytics platform to improve incident detection, investigation, and compliance offerings.

General Dynamics has executed a definitive agreement to acquire Fidelis Security Systems to enhance its cyber security solutions and incident response capabilities. The cash value was not disclosed; Fidelis employs approximately 70 people at locations in Waltham, Massachusetts and Bethesda, Maryland and will become part of General Dynamics Advanced Information Systems.

NitroSecurity secured $6 million in Series B financing and acquired the security business of LogMatrix to expand its customer and technology portfolio. The company will integrate LogMatrix's risk-based assessment and correlation technologies into its NitroView SIEM product family and use the funding to grow its presence in federal, healthcare and critical infrastructure markets.

Arbor Networks has signed a definitive agreement to acquire Ellacoya Networks, a provider of carrier-class deep packet inspection (DPI) and broadband service optimization solutions. The acquisition is intended to expand Arbor's capability across the service delivery infrastructure by combining Arbor's flow-based security and service control with Ellacoya's DPI technology to improve network visibility, traffic management and enable new revenue-generating IP services.

Altiris Inc. will acquire Newton, Massachusetts–based Pedestal Software for $65 million in cash and will assume Pedestal options. The acquisition expands Altiris's security and vulnerability-management capabilities, is expected to close by the end of the month and add roughly $17–18 million in revenue in fiscal 2005 as Altiris integrates Pedestal into its channels.