Contact: Scott Denne Eric Ogren
Sophos has made its first acquisition as a public company with a $32m deal for endpoint security player SurfRight. The purchase adds behavioral endpoint threat detection to its current drive to unify its network- and endpoint-security products. Sophos recently launched its XG Firewall, a product that aims to share data between its cloud endpoint products and its network-security products, in order to synchronize security strategies.
Sophos has picked up a few endpoint-security companies since becoming a semi-frequent acquirer in 2011, although it hasn’t spent much more than $10m on past deals. Advanced endpoint detection, such as the signatureless variety championed by SurfRight, doesn’t come cheaply. In recent years, we’ve seen Palo Alto Networks pay $200m for Cyvera and F5 Networks spend $92m for Versafe – both targets were putting up modest revenue at the time.
Several security companies are looking to merge endpoint and network security into a single offering. That’s something that Sophos hopes will be particularly appealing to its base of midsize customers, most of which have limited capabilities to deploy multiple security point solutions.
One of the hallmarks of a behavioral endpoint security approach is that you don’t have to know all the gory details of an attack to know that one program should not be manipulating the memory of another. The ability to detect memory-oriented threats, such as those commonly introduced by browsers, without reliance on signatures is a key technology that Sophos is acquiring along with the rest of SurfRight. After integration with its Heartbeat features, Sophos will have an enhanced early-warning capability to coordinate endpoint and network responses to advanced threats.
Holland Corporate Finance advised SurfRight on the transaction. Look for a full report on this deal in tomorrow’s 451 Market Insight Service.
For more real-time information on tech M&A, follow us on Twitter @451TechMnA.