附近上门

grabbed headlines last week when it announced it will pay $5.4 billion to buy cyber firm . While the size of the deal alone is impressive, it may also be a harbinger for a record-setting year of M&A in the space.

Less than three months into the year, some noteworthy deals aside from the Mandiant/Google acquisition have already been announced both by companies in cyber and outside the space, including:

• Google bought New York-based security orchestration, automation and response (SOAR) provider for $500 million in January.
• Minnesota-based bought both Portland, Oregon-based compliance management startup for $350 million in February, and Houston-based cloud security company for an undisclosed amount last week.
• San Francisco-based acquired Walnut, California-based identity verification and compliance platform for $250 million last week.
• acquired Fremont-based identity detection and response company for $616.5 million just this week.

Other companies, including , and , all announced deals early in the year. In total, more than two dozen deals have been announced thus far in 2022. While only a handful of announced deals disclosed terms, those that did were worth nearly $7.4 billion, easily on pace to beat the $13.7 billion for deals with announced terms in 2021鈥�which was a record year in terms of volume with 134 deals.

Google makes a move

While the Google/Mandiant proposed marriage made big headlines because of what it could mean for cloud security, last year had an even larger deal in the greater cyber ecosystem when paid $6.5 billion in a stock deal for Bellevue, Washington-based .

However, that was a very different space鈥攊dentification and authentication鈥攁nd did not involve one of the largest tech giants in the world in its cloud battle with and .

鈥淕oogle is a late comer to the enterprise (space) in general,鈥� said , partner and head of the Israel office for cyber venture firm . 鈥淭his is the cloud vendor’s war.鈥�

Those involved in the cybersecurity sector agree the Mandiant deal鈥擥oogle鈥檚 second-largest acquisition ever鈥攁nd the Siemplify buy are both aimed at taking on and Microsoft for cloud supremacy. Perhaps more specifically, it is to take on Microsoft鈥攚hich had been a 鈥攁nd the security it has built around its Azure cloud offering.

Through the years, Microsoft has prioritized security鈥攑articularly around the Azure cloud鈥攂oth through internal development and through dealmaking, picking up cybersecurity startups such as , , and .

鈥淢icrosoft has a better standing in the enterprise鈥� market, Schreiber said.

With the acquisition of Mandiant, which can help automate incident response, Google strengthened its cloud security offering to potential customers. Schreiber said he believes the next buzzword in the industry could be 鈥淴DR鈥濃�攐r extended detection and response鈥攚hich collects and correlates data across multiple security layers such as cloud workloads, servers and endpoints.

鈥淪ecurity really is a data issue,鈥� he said. 鈥淵ou need data for sophisticated attackers.鈥�

Taking its cloud offering more to large enterprises was something Google had in mind back in 2019 when it named CEO of after his time at , said , co-founder and managing director at , which specializes in cybersecurity and infrastructure software investments. Y茅pez sold his last cyber company to Oracle while Kurian was there, and Kevin Mandia鈥擬andiant鈥檚 founder鈥攕erves on Forgepoint鈥檚 advisory council.

Y茅pez said he can see both the Mandiant and Siemplify deals working in unison for Google Cloud鈥攁s Siemplify鈥檚 orchestration aspect acts as a middleware layer and helps with integration.

What鈥檚 next

Y茅pez, whose portfolio company was acquired by Cloudflare just last month, does not necessarily expect the dealmaking to cease any time soon. Along with large players like those mentioned above continuing to buy select point solution specialists with strong IP, Y茅pez said he also believes the current uncertainty in the market will play a role.

鈥淚 think this is a prime time for exits,鈥� said Y茅pez, who also was an early investor in Attivo. 鈥淐ompanies may have to raise money at lower valuations 鈥� these overfunded companies will have to make a choice.鈥�

Companies will look at targets in cybersecurity to expand their total addressable market, Y茅pez said. Acquisition targets that can do that and have high intellectual property can still see 20x trailing revenue, said Y茅pez, adding that potential acquirers consistently reach out to his聽 portfolio investments.

However, Schreiber said due to the sheer amount of capital poured into the space through the last few years, valuations remain high and he is seeing a bit of slowing in dealmaking.

While deals in the range of $150 million to $400 million used to be seen in cyber, it now has become small deals for very young companies or big home run swings by tech giants.

鈥淵ou are seeing a lot of companies get bought early,鈥� he said. 鈥淭here just are not a lot of exits for a few hundreds of millions of dollars.鈥�

Illustration: