CyberArk Completes Acquisition of Machine Identity Management Leader Venafi

Rhea-AI Summary

CyberArk (NASDAQ: CYBR) has successfully completed its acquisition of Venafi, a leader in machine identity management, from Thoma Bravo. This strategic move expands CyberArk's total addressable market by $10 billion to approximately $60 billion. The combined capabilities aim to create end-to-end machine identity security solutions, addressing the rapid proliferation of machine identities in digital environments.

The acquisition, valued at approximately $1.54 billion, was completed through a combination of cash ($1 billion) and CyberArk ordinary shares ($540 million). This merger is expected to set a new paradigm for machine identity security at enterprise scale, shifting from manual, siloed approaches to centralized management across all applications and workloads in any cloud or IT environment.

Positive

• Expansion of total addressable market by $10 billion to $60 billion
• Creation of comprehensive platform for end-to-end machine identity security
• Strengthening of CyberArk's position in the rapidly growing machine identity management sector
• Potential for improved operational efficiency and reduced security risks for clients

Negative

• Significant cash outlay of $1 billion for the acquisition
• Potential integration challenges between CyberArk and Venafi systems and teams
• Dilution of existing shareholders due to issuance of $540 million in ordinary shares

Insights

Financial Analyst

CyberArk's acquisition of Venafi for $1.54 billion is a significant move in the cybersecurity space. This deal expands CyberArk's total addressable market by $10 billion to approximately $60 billion, which is substantial. The combination of cash ($1 billion) and stock ($540 million) in the transaction structure is noteworthy, as it balances immediate capital deployment with long-term alignment.

The strategic rationale is clear: machine identities are proliferating rapidly, outnumbering human identities by up to 45-to-1. This acquisition positions CyberArk to address this growing market segment comprehensively. From an investor's perspective, this move could drive significant revenue synergies and expand CyberArk's competitive moat in the identity security market.

However, investors should monitor the integration process closely, as realizing the full potential of this acquisition will depend on successful execution and cross-selling opportunities. The impact on CyberArk's financials, particularly in terms of revenue growth and profitability margins, will be important to watch in the coming quarters.

Cybersecurity Expert

The CyberArk-Venafi merger represents a pivotal shift in the cybersecurity landscape, particularly in machine identity management. This union addresses a critical gap in many organizations' security strategies, where machine identities often outnumber human identities by a staggering 45-to-1 ratio, yet remain largely unprotected.

The combined capabilities of CyberArk's secrets management and Venafi's certificate lifecycle management, PKI and workload identity management create a comprehensive solution for end-to-end machine identity security. This is important in an era where digital transformation, cloud computing and AI are driving an exponential increase in machine identities.

For enterprises, this acquisition promises enhanced security posture and operational efficiency. It could potentially reduce the risk of costly outages and security breaches caused by mismanaged machine identities. However, the true test will be in the seamless integration of these technologies and the ability to deliver a unified, scalable solution that can keep pace with the rapidly evolving threat landscape.

Combined Capabilities Will Set New Paradigm for End-to-End Machine Identity Security

NEWTON, Mass. & PETACH TIKVA, Israel--(BUSINESS WIRE)-- CyberArk (NASDAQ: CYBR), the identity security company, today announced the successful completion of its acquisition of Venafi, a leader in machine identity management, from Thoma Bravo. This acquisition enables CyberArk to further deliver on its vision to secure every identity – human and machine – with the right level of privilege controls. Together, CyberArk and Venafi will build end-to-end machine identity security solutions that help organizations vastly improve security and stop costly outages. Venafi adds complementary solutions that expand CyberArk’s total addressable market by $10 billion to approximately $60 billion.

“We are thrilled to officially welcome the exceptional Venafi team to CyberArk. Over the past months, every interaction has further validated that this acquisition is a great fit from all perspectives – technology, people, culture and spirit of innovation,” said Matt Cohen, Chief Executive Officer, CyberArk. “Machines are the fastest growing and most complex identity and today, many organizations rely on manual processes and siloed tools to secure and manage them. By joining forces, CyberArk and Venafi will set a new paradigm, with the industry’s most comprehensive platform for end-to-end machine identity security at enterprise scale.”

Ongoing digital transformation, pervasive cloud computing and the rise of AI are driving an exponential increase in the number of machine identities, which can outnumber human identities by as much as 45-to-1, many of which remain undetected. If left unprotected and unmanaged, these identities can serve as a lucrative hunting ground for cybercriminals who seek to exploit their vulnerabilities. A new paradigm is required to keep pace with this rapid proliferation – shifting from inefficient manual, siloed approaches that create compliance and security risks to centralized management of machine identities across all applications and workloads for any cloud or IT environment at scale.

“CyberArk's acquisition of Venafi underscores the growing recognition of the critical role machine identities play in securing modern digital environments,” said Katie Norton, Research Manager, DevSecOps and Software Supply Chain Security at IDC. “While organizations have heavily invested in human identity security, the automation and management of credentials for machine identities has not historically received the same attention. Together, the companies' complementary capabilities should enable organizations to implement a more comprehensive machine identity security strategy, reducing risk and enhancing operational efficiency.”

All machine identities, including workloads, code, applications, IoT devices and containers, must be discovered, managed, secured and automated to keep their connections and communications safe. The combination of Venafi’s certificate lifecycle management, enterprise Public Key Infrastructure (PKI), workload identity management, secure code signing and SSH security with CyberArk’s secrets management capabilities, will empower organizations to protect against misuse and compromise of machine identities at scale.

Details Regarding the Acquisition

Under the terms of the agreement, CyberArk acquired Venafi for approximately $1.54 billion in a combination of cash and CyberArk ordinary shares (approximately $1 billion in cash and approximately $540 million in ordinary shares).

Advisors

Morgan Stanley & Co. LLC served as exclusive financial advisor to CyberArk, and Latham & Watkins LLP served as legal counsel to CyberArk. Piper Sandler served as exclusive financial advisor to Thoma Bravo and Venafi, and Kirkland & Ellis LLP served as legal counsel to Thoma Bravo and Venafi.

About CyberArk

CyberArk (NASDAQ: CYBR) is the global leader in identity security. Centered on intelligent privilege controls, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud environments and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets. To learn more about CyberArk, visit https://www.cyberark.com, read the CyberArk blogs or follow on LinkedIn, X, Facebook or YouTube.

About Venafi

Venafi is a cybersecurity market leader and the category creator of machine identity management, securing machine-to-machine connections and communications. Venafi protects machine identity types by orchestrating cryptographic keys and digital certificates for SSL/TLS, SSH, code signing, mobile and IoT. Venafi provides global visibility of machine identities and the risks associated with them for the extended enterprise—on premises, mobile, virtual, cloud and IoT—at machine speed and scale. Venafi puts this intelligence into action with automated remediation that reduces the security and availability risks connected with weak or compromised machine identities while safeguarding the flow of information to trusted machines and preventing communication with machines that are not trusted.

About Thoma Bravo

Thoma Bravo is one of the largest software-focused investors in the world, with approximately US$160 billion in assets under management as of June 30, 2024. Through its private equity, growth equity and credit strategies, the firm invests in growth-oriented, innovative companies operating in the software and technology sectors. Leveraging Thoma Bravo’s deep sector knowledge and strategic and operational expertise, the firm collaborates with its portfolio companies to implement operating best practices and drive growth initiatives. Over the past 20+ years, the firm has acquired or invested in more than 490 companies representing approximately US$265 billion in enterprise value (including control and non-control investments). The firm has offices in Chicago, London, Miami, New York and San Francisco. For more information, visit Thoma Bravo’s website at thomabravo.com.

Copyright © 2024 CyberArk Software. All Rights Reserved. All other brand names, product names, or trademarks belong to their respective holders.

Cautionary Language Concerning Forward-Looking Statements

This release contains forward-looking statements, which express the current beliefs and expectations of CyberArk’s (the “Company”) management. In some cases, forward-looking statements may be identified by terminology such as “believe,” “may,” “estimate,” “continue,” “anticipate,” “intend,” “should,” “plan,” “expect,” “predict,” “potential” or the negative of these terms or other similar expressions. Such statements involve a number of known and unknown risks and uncertainties that could cause the Company’s future results, levels of activity, performance or achievements to differ materially from the results, levels of activity, performance or achievements expressed or implied by such forward-looking statements. Important factors that could cause or contribute to such differences include risks relating, but not limited to: risks related to the Company’s acquisition of Venafi Holdings, Inc. (“Venafi”), including impacts of the acquisition on the Company’s or Venafi’s operating results and business generally; the ability of the Company or Venafi to retain and hire key personnel and maintain relationships with customers, suppliers and others with whom the Company or Venafi do business; risks that Venafi’s business will not be integrated successfully into the Company’s operations; risks relating to the Company’s ability to realize anticipated benefits of the combined operations after the Venafi acquisition; changes to the drivers of the Company’s growth and the Company’s ability to adapt its solutions to the information security market changes and demands, including artificial intelligence (“AI”); the Company’s ability to acquire new customers and maintain and expand the Company’s revenues from existing customers; intense competition within the information security market; real or perceived security vulnerabilities, gaps, or cybersecurity breaches of the Company, or the Company’s customers’ or partners’ systems, solutions or services; risks related to the Company’s compliance with privacy, data protection and AI laws and regulations; the Company’s ability to successfully operate its business as a subscription company and fluctuation in the quarterly results of operations; the Company’s reliance on third-party cloud providers for its operations and software-as-a-service (“SaaS”) solutions; the Company’s ability to hire, train, retain and motivate qualified personnel; the Company’s ability to effectively execute its sales and marketing strategies; the Company’s ability to find, complete, fully integrate or achieve the expected benefits of additional strategic acquisitions; the Company’s ability to maintain successful relationships with channel partners, or if the Company’s channel partners fail to perform; risks related to sales made to government entities; prolonged economic uncertainties or downturns; the Company’s history of incurring net losses, the Company’s ability to generate sufficient revenue to achieve and sustain profitability and the Company’s ability to generate cash flow from operating activities; regulatory and geopolitical risks associated with the Company’s global sales and operations; risks related to intellectual property claims; fluctuations in currency exchange rates; the ability of the Company’s products to help customers achieve and maintain compliance with government regulations or industry standards; the Company’s ability to protect its proprietary technology and intellectual property rights; risks related to using third-party software, such as open-source software; risks related to stock price volatility or activist shareholders; any failure to retain the Company’s “foreign private issuer” status or the risk that the Company may be classified, for U.S. federal income tax purposes, as a “passive foreign investment company”; risks related to the Company’s Convertible Senior Notes due 2024 (the “Convertible Notes”), including the potential dilution to existing shareholders and the Company’s ability to raise the funds necessary to repurchase the Convertible Notes; changes in tax laws; the Company’s expectation to not pay dividends on the Company’s ordinary shares for the foreseeable future; risks related to the Company’s incorporation and location in Israel, including the ongoing war between Israel and Hamas and conflict in the region; and other factors discussed under the heading “Risk Factors” in the Company’s most recent annual report on Form 20-F filed with the Securities and Exchange Commission. Forward-looking statements in this release are made pursuant to the safe harbor provisions contained in the U.S. Private Securities Litigation Reform Act of 1995. These forward-looking statements are made only as of the date hereof, and the Company undertakes no obligation to update or revise the forward-looking statements, whether as a result of new information, future events or otherwise, except as required by applicable law.

View source version on businesswire.com: https://www.businesswire.com/news/home/20240930990953/en/

Investor Relations:

Srinivas Anantha, CFA

CyberArk

617-558-2132

ir@cyberark.com



Media:

Nick Bowman

CyberArk

+44 (0) 7841 673378

press@cyberark.com

Source: CyberArk

FAQ

What is the value of CyberArk's acquisition of Venafi?

CyberArk acquired Venafi for approximately $1.54 billion, consisting of $1 billion in cash and $540 million in CyberArk ordinary shares.

How does the Venafi acquisition impact CyberArk's (CYBR) addressable market?

The acquisition expands CyberArk's total addressable market by $10 billion, bringing it to approximately $60 billion.

What is the main focus of the CyberArk-Venafi combined offering?

The combined offering focuses on providing end-to-end machine identity security solutions, aiming to improve security and prevent costly outages for organizations.

Why is machine identity management important according to the CyberArk (CYBR) press release?

Machine identities are growing rapidly, often outnumbering human identities by 45-to-1, and if left unprotected, they can be exploited by cybercriminals, posing significant security risks.