In an unusual case of one information security consolidator buying another one, Trustwave has announced that it will pay an undisclosed amount for M86 Security. Although terms weren’t disclosed, we understand that the purchase is the largest ever by Trustwave by a considerable margin. Nearly all of Trustwave’s previous acquisitions – and there have been more than a half-dozen of them over the years – brought revenue of just $5-15m to Trustwave.

Trustwave is no stranger to accumulating product lines through M&A, and the addition of a Web gateway security and malware business would slot easily into its existing portfolio, as well as jibe with its recently unveiled ‘unified security’ and managed services strategy. Plus, Trustwave has been strongest in more traditional areas of security infrastructure where compliance requirements are well defined, while M86 has had far more of a specific security (and especially malware) focus. However, M86 is a much larger bite than Trustwave typically takes, and its technology is not as compliance-driven as the bulk of Trustwave’s portfolio.

Still, setting aside valuation for the moment, the deal is a compelling one for M86 from an operational perspective. Up against solid competitors like Symantec, Websense and BlueCoat Systems, the need for M86 was to build on its existing sales channels, as well as find ways of integrating its products within a broader set of security functionality and services. This transaction will present a path for Trustwave to expand into cloud security and provide a set of malware gateways (a niche where FireEye has been, well, on fire), and for the M86 business to resolve some of its operational challenges. But given the relative scale of the deal compared with past Trustwave acquisitions, the push into more security-driven sales and integration of the M86 products into its managed services environment should nonetheless pose a new set of execution challenges. Trustwave’s acquisition of M86 represents a significant gamble on its ability to integrate a large business.

Separately, Trustwave’s return to M&A indicates that it’s likely to look again to hit the public market, but at a much bigger size.
This report was written by 451 Research’s Enterprise Security Practice Senior Analyst Steve Coplan, M&A Research Director Brenon Daly and Andrew Hay.

(Read the full report here – 451 Research subscription required)

After acquiring primarily IT services and outsourcing shops in the past decade, ManTech International recently reached for cyber-security specialist HBGary’s assets – its first security software acquisition of 2012 and most recent purchase since its October 2011 Worldwide Information Network Systems buy. The transaction is notable as it is yet another acquisition in the growing line of cyber-security plays that includes deals announced by BEA Systems, Boeing and Raytheon, among others.

This report was written by both 451 Research’s Financial Markets Research Associate Ben Kolada and Andrew Hay.

(Read the full report here – 451 Research subscription required)

Having only joined Warburg Pincus as an Entrepreneur in Residence in November 2011, former McAfee CTO George Kurtz has cofounded stealth-mode cyber-security firm CrowdStrike – and with him comes $26m of series A investment from Warburg. Working with cofounders Dmitri Alperovitch (CTO) and Gregg Marston (CFO), the company aims to provide software (leveraging what it alludes to as ‘big data technologies’) to fight and respond to nation-state targeted intrusions. We look forward to hearing more as the company grows and emerges from its stealthy veil.