CyberArk, a leading identity security provider announced its definitive agreement to acquire Venafi, a leading machine identity management provider from Thoma Bravo.
The acquisition will merge Venafi’s advanced machine identity management capabilities with CyberArk’s identity security expertise, creating a comprehensive platform for enterprise-scale machine identity security.
CyberArk CEO Matt Cohen said in a Monday investors call, “Our combined solutions and expertise will uniquely address the growing identity security needs of global enterprises to secure the explosive growth of machine identities. These identities are increasingly leveraged in sophisticated cyberattacks.”
The rise in digital transformation and cloud migration has led to a surge in machine identities, including workloads, applications, IoT devices and containers. Machine identities now outnumber human identities significantly, with over 40 machine identities for each human identity. These identities, if unprotected, are prime targets for cybercriminals. Effective management and security of machine identities are crucial, especially with shorter certificate lifecycles and the need for quantum-ready solutions.
Forrester says there is a growing urgency in managing machine identities due to their exponential increase. Historically, enterprises have focused less on machine identities compared to human identities because of the former’s unique requirements and lifecycle challenges. However, the growth in machine identities for devices and cloud workloads demands improved management to mitigate associated risks, it said.
“Cloud computing has expanded the attack surface, increasing the connectivity between humans and machines in a perimeter-less world,” Cohen said. “Every workload, API application, consumer and IoT device is now connected, and each connection point creates a potential vulnerability.”
The Acquisition, a Mix of Strategic Synergies
Technological Integration: The integration of Venafi’s certificate lifecycle management, private Public Key Infrastructure (PKI), IoT identity management and cryptographic code signing with CyberArk’s secrets management will enhance security against the misuse and compromise of machine identities. This unified solution will support rapid risk mitigation across various deployment models, including SaaS and hybrid environments.
Market Expansion: Venafi’s strengths in PKI and certificate management will expand CyberArk’s total addressable market by nearly $10 billion, reaching approximately $60 billion.
Chip Virnig, a partner at Thoma Bravo said, “We believe CyberArk is a great partner for Venafi and that the scaled end-to-end machine identity security platform created by this strategic combination will deliver significant value to shareholders.”
Acquisition Details
Transaction Value: CyberArk will acquire Venafi for an enterprise value of approximately $1.54 billion, consisting of about $1 billion in cash and $540 million in CyberArk shares.
Board Approvals: The Boards of both CyberArk and Venafi have approved the transaction.
Closing Timeline: The acquisition is expected to close in the second half of 2024, pending regulatory approvals and customary conditions.
Financial Impact
Revenue Contribution: Venafi is expected to add approximately $150 million in annual recurring revenue (ARR).
Business Model: Venafi boasts a strong business model with 95% recurring revenue, including SaaS and term-based licenses.
Synergies and Expansion: The transaction is anticipated to be immediately accretive to margins and drive significant revenue synergies through cross-selling, up-selling, and geographic expansion.
CyberArk is considered one of the global leaders in identity security, offering solutions for both human and machine identities across various environments, including business applications, hybrid clouds, and DevOps lifecycles.
The company acquired multi-cloud security and compliance provider C3M in July 2022 for $28.3 million to enhance its cloud privilege security offerings. CyberArk also acquired Aapi.io in March 2022 to bolster Identity Lifecycle Management capabilities and broaden Identity Automation and Orchestration capabilities across its Identity Security Platform.
Venafi on the other hand is a pioneer in machine identity management, protecting machine-to-machine connections through cryptographic key and digital certificate orchestration. Venafi’s solutions offer global visibility and automated remediation to safeguard machine identities across diverse environments, ensuring secure information flow and preventing untrusted machine communication.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
