Next-Generation Technologies & Secure Development , Security Operations

Cybersecurity M&A Update: Five Firms Make Moves

Ivanti, Sophos, Deloitte, Cerberus Sentinel and Feedzai Announce Deals
Cybersecurity M&A Update: Five Firms Make Moves

Cybersecurity acquisitions continue at an intense pace, with five companies announcing deals in the last three days.

See Also: Cybersecurity workforce development: A Public/Private Partnership that enhances cybersecurity while giving hands-on SOC experience to students

On Monday, IT management and service software company Ivanti reported it had acquired the risk-based vulnerability management company RiskSense.

Three deals were announced on Tuesday.

Sophos has acquired Bellevue, Washington-based DevSecOps security firm Refactr; Deloitte Risk & Financial Advisory has purchased aeCyberSolutions from Greenville, South Carolina-based Applied Engineering Solutions; and Cerberus Sentinel closed a deal to acquire Cranbury, New Jersey-based managed security services provider VelocIT.

On Wednesday, the cloud-based financial risk management firm Feedzai reported it had acquired the behavioral biometric platform Revelock.

Financial terms of the five acquisitions were not disclosed.

Ivanti and RiskSense

Ivanti says it acquired Albuquerque, New Mexico-based RiskSense with the intent of using that firm's vulnerability management and prioritization technology to help shrink customer's attack surfaces through better patch management and enable them to take steps to stop attacks.

RiskSense's staff will join Ivanti's workforce, an Ivanti spokespersons says.

Mitchell Schneider, principal research analyst at Gartner, says, "The opportunity that Ivanti and RiskSense have taken advantage of is to enrich the threat topology with insight from both the threat and the endpoint management perspective to improve visibility into an organization's threat context."

Sophos' Action

Sophos' acquisition of Refactr was completed with the intention of optimizing Refactr's DevSecOps automation platform to add security orchestration automation and response, or SOAR, capabilities to Sophos' managed threat response and extended detection and response solutions, the company says.

"As we've seen in recent supply chain incidents, attackers are increasingly targeting software development pipelines, and defenders need the ability to shift further left of attackers. The industry needs SOAR to mature into more capable and generalizable DevSecOps solutions," says Joe Levy, chief technology officer at Sophos.

“With this acquisition, Sophos continues to build on its adaptive cybersecurity ecosystem platform that combines software, hardware and services from their own stable with an open technology alliance program for third-party integrations,” says Paul Webber, a senior research director with Gartner.

This deal comes on the heels of Sophos' July 23 purchase of Braintrace.

Deloitte's Buying Spree

Deloitte Risk & Financial Advisory's acquisition of aeCyberSolutions from Greenville, South Carolina-based Applied Engineering Solutions is intended to bolster Deloitte's cybersecurity offerings for industrial control systems and operational technology security, the company says.

This acquisition marks the fifth deal announced by Deloitte Risk & Financial Advisory this year. In addition, Deloitte Consulting acquired the systems engineering and cybersecurity firm Sentek Consulting on July 23.

Cerberus Sentinel and VelocIT

Cerberus Sentinel said that VelocIT will become a wholly owned subsidiary, continuing its focus on providing integrated risk managed services.

VelocIT President Darek Hahn and COO Glenn Kupsch will take on executive positions with Cerberus Sentinel.

Feedzai Adds Revelock

Feedzai portrays its purchase of Revelock as a first step toward building a financial intelligence network.

The company seeks to tie Feedzai's Risk Ledger, which consists of 150 billion data points that are aggregated from previous financial transactions, to Revelock's biometric intelligence that's gathered from users, devices and sessions connecting to a system. It will use these two technologies to help determine if a transaction is fraudulent.


About the Author

Doug Olenick

Doug Olenick

Former News Editor, ISMG

Olenick has covered the cybersecurity and computer technology sectors for more than 25 years. Prior to his stint as ISMG as news editor, Olenick was online editor for SC Media, where he covered every aspect of the cybersecurity industry and managed the brand's online presence. Earlier, he worked at TWICE - This Week in Consumer Electronics - for 15 years. He also has contributed to Forbes.com, TheStreet and Mainstreet.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.