CyberArk Completes Acquisition of Machine Identity Management Leader Venafi

CyberArk Completes Acquisition of Machine Identity Management Leader Venafi

NEWTON, Mass. & PETACH TIKVA, Israel--CyberArk (NASDAQ: CYBR), the identity security company, today announced the successful completion of its acquisition of Venafi, a leader in machine identity management, from Thoma Bravo. This acquisition enables CyberArk to further deliver on its vision to secure every identity – human and machine – with the right level of privilege controls. Together, CyberArk and Venafi will build end-to-end machine identity security solutions that help organizations vastly improve security and stop costly outages. Venafi adds complementary solutions that expand CyberArk’s total addressable market by $10 billion to approximately $60 billion.

We are thrilled to officially welcome the exceptional Venafi team to CyberArk. Over the past months, every interaction has further validated that this acquisition is a great fit from all perspectives – technology, people, culture and spirit of innovation,” said Matt Cohen, Chief Executive Officer, CyberArk. “Machines are the fastest growing and most complex identity and today, many organizations rely on manual processes and siloed tools to secure and manage them. By joining forces, CyberArk and Venafi will set a new paradigm, with the industry’s most comprehensive platform for end-to-end machine identity security at enterprise scale.”

Ongoing digital transformation, pervasive cloud computing and the rise of AI are driving an exponential increase in the number of machine identities, which can outnumber human identities by as much as 45-to-1, many of which remain undetected. If left unprotected and unmanaged, these identities can serve as a lucrative hunting ground for cybercriminals who seek to exploit their vulnerabilities. A new paradigm is required to keep pace with this rapid proliferation – shifting from inefficient manual, siloed approaches that create compliance and security risks to centralized management of machine identities across all applications and workloads for any cloud or IT environment at scale.

CyberArk's acquisition of Venafi underscores the growing recognition of the critical role machine identities play in securing modern digital environments,” said Katie Norton, Research Manager, DevSecOps and Software Supply Chain Security at IDC. “While organizations have heavily invested in human identity security, the automation and management of credentials for machine identities has not historically received the same attention. Together, the companies' complementary capabilities should enable organizations to implement a more comprehensive machine identity security strategy, reducing risk and enhancing operational efficiency.”

All machine identities, including workloads, code, applications, IoT devices and containers, must be discovered, managed, secured and automated to keep their connections and communications safe. The combination of Venafi’s certificate lifecycle management, enterprise Public Key Infrastructure (PKI), workload identity management, secure code signing and SSH security with CyberArk’s secrets management capabilities, will empower organizations to protect against misuse and compromise of machine identities at scale.

Details Regarding the Acquisition

Under the terms of the agreement, CyberArk acquired Venafi for approximately $1.54 billion in a combination of cash and CyberArk ordinary shares (approximately $1 billion in cash and approximately $540 million in ordinary shares).

Advisors

Morgan Stanley & Co. LLC served as exclusive financial advisor to CyberArk, and Latham & Watkins LLP served as legal counsel to CyberArk. Piper Sandler served as exclusive financial advisor to Thoma Bravo and Venafi, and Kirkland & Ellis LLP served as legal counsel to Thoma Bravo and Venafi.

About CyberArk

CyberArk (NASDAQ: CYBR) is the global leader in identity security. Centered on intelligent privilege controls, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud environments and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets. To learn more about CyberArk, visit https://www.cyberark.com, read the CyberArk blogs or follow on LinkedIn, X, Facebook or YouTube.

About Venafi

Venafi is a cybersecurity market leader and the category creator of machine identity management, securing machine-to-machine connections and communications. Venafi protects machine identity types by orchestrating cryptographic keys and digital certificates for SSL/TLS, SSH, code signing, mobile and IoT. Venafi provides global visibility of machine identities and the risks associated with them for the extended enterprise—on premises, mobile, virtual, cloud and IoT—at machine speed and scale. Venafi puts this intelligence into action with automated remediation that reduces the security and availability risks connected with weak or compromised machine identities while safeguarding the flow of information to trusted machines and preventing communication with machines that are not trusted.

About Thoma Bravo

Thoma Bravo is one of the largest software-focused investors in the world, with approximately US$160 billion in assets under management as of June 30, 2024. Through its private equity, growth equity and credit strategies, the firm invests in growth-oriented, innovative companies operating in the software and technology sectors. Leveraging Thoma Bravo’s deep sector knowledge and strategic and operational expertise, the firm collaborates with its portfolio companies to implement operating best practices and drive growth initiatives. Over the past 20+ years, the firm has acquired or invested in more than 490 companies representing approximately US$265 billion in enterprise value (including control and non-control investments). The firm has offices in Chicago, London, Miami, New York and San Francisco. For more information, visit Thoma Bravo’s website at thomabravo.com.

Copyright © 2024 CyberArk Software. All Rights Reserved. All other brand names, product names, or trademarks belong to their respective holders.

Cautionary Language Concerning Forward-Looking Statements

This release contains forward-looking statements, which express the current beliefs and expectations of CyberArk’s (the “Company”) management. In some cases, forward-looking statements may be identified by terminology such as “believe,” “may,” “estimate,” “continue,” “anticipate,” “intend,” “should,” “plan,” “expect,” “predict,” “potential” or the negative of these terms or other similar expressions. Such statements involve a number of known and unknown risks and uncertainties that could cause the Company’s future results, levels of activity, performance or achievements to differ materially from the results, levels of activity, performance or achievements expressed or implied by such forward-looking statements. Important factors that could cause or contribute to such differences include risks relating, but not limited to: risks related to the Company’s acquisition of Venafi Holdings, Inc. (“Venafi”), including impacts of the acquisition on the Company’s or Venafi’s operating results and business generally; the ability of the Company or Venafi to retain and hire key personnel and maintain relationships with customers, suppliers and others with whom the Company or Venafi do business; risks that Venafi’s business will not be integrated successfully into the Company’s operations; risks relating to the Company’s ability to realize anticipated benefits of the combined operations after the Venafi acquisition; changes to the drivers of the Company’s growth and the Company’s ability to adapt its solutions to the information security market changes and demands, including artificial intelligence (“AI”); the Company’s ability to acquire new customers and maintain and expand the Company’s revenues from existing customers; intense competition within the information security market; real or perceived security vulnerabilities, gaps, or cybersecurity breaches of the Company, or the Company’s customers’ or partners’ systems, solutions or services; risks related to the Company’s compliance with privacy, data protection and AI laws and regulations; the Company’s ability to successfully operate its business as a subscription company and fluctuation in the quarterly results of operations; the Company’s reliance on third-party cloud providers for its operations and software-as-a-service (“SaaS”) solutions; the Company’s ability to hire, train, retain and motivate qualified personnel; the Company’s ability to effectively execute its sales and marketing strategies; the Company’s ability to find, complete, fully integrate or achieve the expected benefits of additional strategic acquisitions; the Company’s ability to maintain successful relationships with channel partners, or if the Company’s channel partners fail to perform; risks related to sales made to government entities; prolonged economic uncertainties or downturns; the Company’s history of incurring net losses, the Company’s ability to generate sufficient revenue to achieve and sustain profitability and the Company’s ability to generate cash flow from operating activities; regulatory and geopolitical risks associated with the Company’s global sales and operations; risks related to intellectual property claims; fluctuations in currency exchange rates; the ability of the Company’s products to help customers achieve and maintain compliance with government regulations or industry standards; the Company’s ability to protect its proprietary technology and intellectual property rights; risks related to using third-party software, such as open-source software; risks related to stock price volatility or activist shareholders; any failure to retain the Company’s “foreign private issuer” status or the risk that the Company may be classified, for U.S. federal income tax purposes, as a “passive foreign investment company”; risks related to the Company’s Convertible Senior Notes due 2024 (the “Convertible Notes”), including the potential dilution to existing shareholders and the Company’s ability to raise the funds necessary to repurchase the Convertible Notes; changes in tax laws; the Company’s expectation to not pay dividends on the Company’s ordinary shares for the foreseeable future; risks related to the Company’s incorporation and location in Israel, including the ongoing war between Israel and Hamas and conflict in the region; and other factors discussed under the heading “Risk Factors” in the Company’s most recent annual report on Form 20-F filed with the Securities and Exchange Commission. Forward-looking statements in this release are made pursuant to the safe harbor provisions contained in the U.S. Private Securities Litigation Reform Act of 1995. These forward-looking statements are made only as of the date hereof, and the Company undertakes no obligation to update or revise the forward-looking statements, whether as a result of new information, future events or otherwise, except as required by applicable law.