Highlights:

  • The CyberArk Venafi merger price is approximately USD 400 million more than the private equity firm paid to acquire Venafi in 2020.
  • Venafi provides a cloud service to prevent such outages by automatically alerting administrators when TLS certificates are nearing expiration.

CyberArk Software Ltd. recently announced that it has signed an agreement to acquire Venafi Inc., a fellow cybersecurity software provider, for USD 1.54 billion.

CyberArk is acquiring the company from Thoma Bravo. The CyberArk Venafi merger price is approximately USD 400 million more than the private equity firm paid to acquire Venafi in 2020. According to the terms of the agreement, Thoma Bravo will receive USD 1 billion in cash and USD 540 million worth of CyberArk shares.

“Our integrated technologies, capabilities, and expertise will address the needs of global enterprises and empower Chief Information Security Officers to defend against increasingly sophisticated attacks that leverage human and machine identities as part of the attack chain,” stated Matt Cohen, chief executive officer of CyberArk.

CyberArk, listed on Nasdaq, offers software solutions that enable employees to access their companies’ business applications securely. The company provides tools for verifying employee login requests and an application that enables companies to scan employees’ devices for malware. CyberArk also has a presence in other areas of the cybersecurity market, offering products for managing application secrets, such as encryption keys.

Venafi, on the other hand, provides a suite of software products designed for companies to implement public key cryptography, a prevalent form of encryption that forms the foundation for numerous widely used cybersecurity technologies.

One of the most ubiquitous implementations of public key cryptography is the TLS/SSL certification. Before establishing a connection, browsers use this certificate to verify that a website is not malicious. Without a TLS certificate, users are unable to connect to online applications.

A website’s TLS certificate usually expires a few weeks or months after its creation. Failure to replace it promptly can render the website inaccessible to users. Venafi provides a cloud service to prevent such outages by automatically alerting administrators when TLS certificates are nearing expiration.

Public key cryptography serves other purposes beyond facilitating website connections. It helps secure data traffic for Kubernetes-powered applications and forms the foundation of SSH, a networking protocol enabling administrators to log into servers remotely.
Another use case involves preventing hackers from tampering with the code produced by software teams.

Venafi offers products designed to simplify these tasks. Its CodeSign Protect and SSH Protect tools assist companies in safeguarding their developers’ code from tampering attempts and securing SSH connections, respectively. A third product, TLS Protect for Kubernetes, is available to ensure the network connections linking an organization’s Kubernetes workloads.

CyberArk estimates Venafi will contribute approximately USD 150 million in annual recurring revenue to its top line. Moreover, the company anticipates opportunities to augment this figure by cross-selling its products to Venafi’s customers and vice versa. In the long term, CyberArk anticipates the acquisition will expand its total addressable market by USD 10 billion, bringing it to USD 60 million.

“Over the course of our investment, Venafi has accelerated SaaS growth, expanded margins, and successfully created a best-in-class SaaS offering, setting the stage for continued innovation,” stated Thoma Bravo, Chip Virnig’s companion.

CyberArk anticipates closing the acquisition in the second half of 2024.