CyberArk acquires cybersecurity provider Venafi for $1.54B

CyberArk Software Ltd. today announced that it has inked a deal to acquire Venafi Inc., a fellow provider of cybersecurity software, for $1.54 billion.

CyberArk is purchasing the company from Thoma Bravo. The acquisition price is about $400 million higher than what the private equity firm paid to buy Venafi in 2020. Under the terms of the deal, Thoma Bravo will receive $1 billion in cash and $540 million worth of CyberArk shares.

“Our integrated technologies, capabilities and expertise will address the needs of global enterprises and empower chief information security officers to defend against increasingly sophisticated attacks that leverage human and machine identities as part of the attack chain,” said CyberArk Chief Executive Officer Matt Cohen.

Nasdaq-listed CyberArk provides software that allows workers to securely access their companies’ business applications. It offers tools for verifying employee login requests, as well as an application that companies can use to scan staffers’ devices for malware. CyberArk also has a presence in other parts of the cybersecurity market: it provides products for managing application secrets such as encryption keys.

Venafi, in turn, offers a collection of software products that companies can use to implement public key cryptography. This is a popular form of encryption that underpins several widely used cybersecurity technologies.

The most ubiquitous implementation of public key cryptography is the TLS/SSL certification. It’s a file that browsers use to check a website isn’t malicious before establishing a connection. Without a TLS certificate, users can’t connect to online applications.

A website’s TLS certificate expires a few weeks or months after it’s created. If a company doesn’t replace it in time, the website becomes inaccessible to users. Venafi provides a cloud service that helps avoid such outages by automatically notifying administrators when TLS certificates are about to expire.

Public key cryptography is also used for other tasks besides powering website connections. The technology helps secure Kubernetes-powered applications’ data traffic and underpins SSH, a networking protocol that allows administrators to remotely log into servers. Another use case is preventing hackers from tampering with the code produced by software teams. 

Venafi provides products that promise to ease those tasks. Its CodeSign Protect and SSH Protect tools help companies shield their developers’ code from tempering attempts and secure SSH connections, respectively. A third product, TLS Protect for Kubernetes, can be used to secure the network connections that link together an organization’s Kubernetes workloads.

CyberArk estimates that Venafi will add about $150 million in annual recurring revenue to its top line. Additionally, the company sees opportunities to increase that number by selling its products to Venafi’s customers and vice versa. In the long term, CyberArk expects the acquisition to increase its total addressable market by $10 billion for a total of $60 million.

“Over the course of our investment, Venafi has accelerated SaaS growth, expanded margins, and successfully created a best-in-class SaaS offering, setting the stage for continued innovation,” said Thoma Bravo partner Chip Virnig.

CyberArk expects to close the acquisition in the second half of 2024.

Photo: Train825/Wikimedia Commons