French aerospace and security multinational Thales has agreed to buy US application security specialist Imperva for $3.6 billion – its second cybersecurity acquisition in six weeks after June’s move for Tesserant.
The deal is “an important step towards our ambition to build a world-class global cybersecurity integrated player”, said Thales CEO Patrice Caine.
Imperva, with 1,400 employees and ~$500 million in annual revenues, is what Gartner describes as a “cloud web application and API protection platform (WAAP).” Despite being a category leader, it has – the most recent Magic Quadrant reflects – suffered from executive churn in recent years that has caused some “adverse impact on Imperva’s roadmap execution.”
It has also underwhelmed versus competitors vis-a-vis its modest distributed infrastructure and faced criticism over its “late support for TLS 1.3 and lack of SSO for back-end applications, and… certificate management," as the 2022 WAAP Magic Quadrant puts it.
Both employees and customers will be looking for investment and consistency from its deep-pocketed new owners to resolve such criticisms.
The deal meanwhile represents a healthy exit for private equity behemoth Thoma Bravo, which bought Imperva for $2.1 billion cash in 2018.
It is also the latest indicator that consolidation opportunities are emerging in the crowded cybersecurity space as valuations begin to fall after years of froth. (Other recent deals include HPE’s move for Axis Security; Mastercard’s acquisition of Baffin Bay; and Cisco’s bid for Lightspin Technologies – all blue chips moving for cloud security specialists.)
Thales said it sees $110 million of synergies and the significant growth of its “addressable market in an already fast-growing sector” from the deal.
Thales on July 21 reported first half sales of €8.7 billion, up 5.6% year-on-year. Its digital identity and security segment includes Hardware Security Modules (HSMs) for financial services; cryptographic key management for cloud services run as a managed service, and more.