Mergers and Acquisitions, Identity, Privileged access management

Identity Security Deal: CyberArk Buys Venafi from Thoma Bravo

Credit: Adobe Stock Images

CyberArk is building it identity security business with Tuesday’s announcement that it plans to acquire Venafi, a machine identity company owned by a private equity firm Thoma Bravo.

This is technology M&A deal number 135 that ChannelE2E and MSSP Alert have covered so far in 2024. See more than 2,000 technology M&A deals for 2024, 2023, 2022, 2021, and 2020 listed here.

The deal establishes a unified platform for end-to-end machine identity security at enterprise scale, according to the companies. Additionally, the combination of Venafi’s certificate lifecycle management, private Public Key Infrastructure (PKI), IoT identity management and cryptographic code signing with CyberArk’s secrets management capabilities will enable organizations to protect against misuse and compromise of machine identities.

CyberArk said it can now offer options for machine identity security all in one solution, which can be deployed as SaaS or hybrid and will enable faster risk mitigation for organizations of all sizes looking to secure modern cloud environments.

“By combining forces with Venafi, we are expanding our abilities to secure machine identities in a cloud-first, GenAI, post-quantum world,” CyberArk CEO Matt Cohen said in a prepared statement. “Our integrated technologies, capabilities and expertise will address the needs of global enterprises and empower chief information security officers to defend against increasingly sophisticated attacks that leverage human and machine identities as part of the attack chain.”

Details About the Deal

CyberArk, headquartered in Newton, Massachusetts, has approximately 3,400 employees located in six continents, with offices located in the U.S, Israel, U.K., Singapore, Australia, France, Germany, Italy, Japan, Netherlands and Turkey. Venafi, headquartered in Salt Lake City, Utah, has about 430 employees dispersed over five continents

CyberArk intends to acquire Venafi for approximately $1.54 billion in a combination of cash and CyberArk shares — approximately $1 billion in cash and approximately $540 million in shares). The boards of directors of both CyberArk and Venafi have each approved the transaction, according to a prepared statement.

The transaction is expected to close in the second half of 2024, subject to required regulatory approvals, clearances and other customary closing conditions. Other details include:

  • Venafi is expected to add approximately $150 million annual recurring revenue.
  • Venafi brings a strong business model with 95% in recurring revenue, including SaaS and Term Based License Revenue.
  • The transaction is expected to be accretive to margins immediately, with significant revenue synergies through cross-sell, up-sell and geographic expansion.
  • Venafi brings complementary capabilities to protect machine identities and expands the Total Addressable Market (TAM) from $50 billion to $60 billion.

CyberArk MSP Console Boosts Identity Security

In April, MSSP Alert reported on the launch of the CyberArk MSP Console, a new tool that enables MSSPs and MSPs to view and monitor customers using the CyberArk Identity Security Platform.

The console is designed to help security service providers deliver identity-based managed services “rapidly and efficiently," the company said. Emphasizing “high autonomy, low costs and low complexity,” CyberArk says the console drives more revenue by ensuring the security and compliance of their clients’ identities and how they are managed.

In May, CyberArk released a new global research report that shows how siloed approaches to securing human and machine identities are driving identity-based attacks across enterprises and their ecosystems. The CyberArk 2024 Identity Security Threat Landscape Report provides unique perspectives on how AI boosts cyber defenses as well as attacker capabilities increases the pace at which identities are created in new and complex environments and highlights the scale of identity-related breaches affecting organizations.

Jim Masters

Jim Masters is Managing Editor of MSSP Alert, and holds a B.A. degree in Journalism from Northern Illinois University. His career has spanned governmental and investigative reporting for daily newspapers in the Northwest Indiana Region and 16 years in a global internal communications role for a Fortune 500 professional services company. Additionally, he is co-owner of the Lake County Corn Dogs minor league baseball franchise, located in Crown Point, Indiana. In his spare time, he enjoys writing and recording his own music, oil painting, biking, volleyball, golf and cheering on the Corn Dogs.