Zscaler’s
announcement this week that it is buying managed detection and response (MDR) specialist Red Canary to boost its capabilities in agentic AI and human expertise represents the latest acquisition in a cybersecurity industry that continues to see consolidation of both vendors and portfolios.
Talking about the deal, Zscaler founder and CEO Jay Chaudhry said in a statement that the combination of his company’s AI-powered risk management services – such as Risk360 and the data fabric technology inherited from its $350 million
acquisition last year of startup Avalor – and
Red Canary’s MDR and threat intelligence will “accelerate our
vision of AI-powered SOC [security operations center] of the future. By integrating Red Canary with Zscaler, we will deliver to our customers the power of a fully integrated Zero Trust platform and AI-powered security operations.”
While no financial details were released about the deal, it is expected to close in August this year. Cole Grolmus, an industry analyst who founded market research and intelligence firm
Strategy of Security, in a
LinkedIn post called the acquisition “a monster deal” that rumors are putting at about $4 billion.
“We've seen some very large strategic acquisitions lately (Alphabet-Wiz, Cisco-Splunk, etc.) — but many of them were done by large technology companies (or [private equity] firms) whose primary business isn't cybersecurity,” Grolmus wrote. “Multi-billion dollar acquisitions by pure-play cybersecurity companies are exceptionally rare. ... Zscaler-Red Canary is a rare and historic acquisition in cybersecurity.”
Acquistions and Consolidation
The San Jose, California-based company has made at least seven acquisitions since the sharp spike in M&A activity in the cybersecurity space in 2021, adding companies like
ShiftRight, Airgap Networks, and
Canonic – along with Avalor and now Red Canary. These deals have added more capabilities to Zscaler in areas such as zero trust, security workflow automation, and secure access service edge (SASE).
The Red Canary deal is one of more than two dozen acquisitions of cybersecurity companies since January, anchored by Google’s high-profile
$32 billion deal for startup Wiz in March to build out its cloud security portfolio but including other deals by vendors like Palo Alto Networks (
Protect AI), Forcepoint (
Getvisibility), and Menlo Security (
Votiro). Fenix24 also bought two companies over the past five months –
vArmour and
appNovi.
This week, Check Point announced it is buying
exposure management specialist Veriti while Tenable – which
bought Vulcan Cyber in January – said it is
acquiring Apex Security, another exposure management company.
Following in 2024's Footsteps
This comes after a busy 2024, which Paul Arceneaux, vice president of product management at cybersecurity company
VikingCloud,
wrote in a LinkedIn column in January “witnessed a surge in M&A activity, driven by a desire to consolidate capabilities and address emerging threats.”
Helping to fuel the activity were accelerating trends like the cloud and AI, which Arceneaux wrote “have become the key battlegrounds in cybersecurity,” an increased focus on threat intelligence, and cybersecurity acquisitions from major players like Google, Amazon, and Microsoft.
“These tech giants, armed with vast resources and access to massive datasets, are becoming formidable competitors to traditional cybersecurity firms,” he wrote. “Their ability to integrate cybersecurity offerings into cloud services could further disrupt the market, potentially driving down costs but also creating challenges for smaller players.”
Platforming Security
Arceneaux also wrote that the trend toward cybersecurity firms building out tightly integrated product and services platforms – giving organizations a single place for their security needs rather than having to piece together myriad point products that they have to integrate and manage – is feeding the M&A push.
“Large players like Palo Alto Networks, Fortinet, and Sophos are absorbing niche firms to create comprehensive solutions that span detection, prevention, and response,” he wrote. “While this benefits customers seeking integrated platforms, it also raises concerns about reduced competition and innovation.”
The acquisition trend last year is another indication of a maturing cybersecurity industry where large vendors look to assert dominance while startups are focused on innovation, he wrote, adding that the rising important of cloud computing AI, and threat intelligence will continue to shift the competitive landscape.
Trends are Good for MSSPs, MSPs
CYRISMA, which offers an all-in-one, cloud-based platform, wrote in a
column on MSSP Alert that such “platformization” of security capabilities is a boon for MSSPs and MSPs.
“Platformization, or the consolidation of multiple cybersecurity tools into a unified, multi-tenant platform, offers significant advantages,” the company wrote. “It allows service providers to deliver multiple services or service bundles using a single product, minimize operational complexity, reduce costs, avoid unnecessary duplication of capabilities, and increase overall efficiency.”
Deals Keep Coming
Industry advisory firm
Altitude Cyber in January released its annual
Cybersecurity in Review report, outlining a range of trends in the cybersecurity field, including M&A activity. Strategy of Security’s Grolmus wrote in
a deep dive into the report, that acquisition spending surged to nearly $81 billion in 2021, up sharply from $19.7 billion the previous year.
Since then, the industry has had a steady drumbeat of about 280 M&A deals and about $50 billion spent. Grolmus wrote.
Among the trends he found in Altitude’s report were that strategic buyers were more active in 2024 – as opposed to those looking to make financial gains. He also noted that the largest acquisitions were made by non-cybersecurity buyers, while financial services firms were active in buying security companies, a multi-year shift that was highlighted by
MasterCard buying Recorded Future for $2.65 billion.
Such trends indicate that “cybersecurity capabilities are starting to be viewed as core components of broader business strategies, not just an isolated field,” he wrote.
Grolmus also noted that larger companies like Cisco Systems and Palo Alto Networks are becoming more active and that startups are getting scooped up earlier in their lives.
Overall, the number of M&A deals is stable and way above what it was between 2016 and 2020, financing activity is down, capital is there for large companies ready to scale and early-stage startups.
“In 2024, the notable [macro trend] was AI driving data security market activity,” he wrote. “Trends like these take years to play out, so we're going to keep seeing this one in 2025 and beyond.”
