BlackBerry has announced its intention to acquire AI-driven cybersecurity company Cylance for $1.4 billion in cash.
The move is part of BlackBerry’s programme of expansion into the cybersecurity space – though the smartphone legacy has proved hard to shake, security (mobile-specific and otherwise) has been a primary driver of the company’s strategy for the past five years.
Bringing Cylance’s team, expertise and customers on board is expected to contribute to that strategy.
“Cylance’s leadership in artificial intelligence and cybersecurity will immediately complement our entire portfolio, UEM and QNX in particular. We are very excited to onboard their team and leverage our newly combined expertise,” said John Chen, Executive Chairman and CEO of BlackBerry. “We believe adding Cylance’s capabilities to our trusted advantages in privacy, secure mobility, and embedded systems will make BlackBerry Spark indispensable to realizing the Enterprise of Things.”
One of the major difficulties in securing IoT-connected devices has been with discovery and monitoring. Connected devices are rendering the traditional perimeter a thing of the past, and many of them are difficult or even impossible to effectively secure themselves. Accordingly, many are turning to AI as a way of coping effectively with a constantly-shifting attack surface.
Cylance’s agent, which operates on- and off-line, and has minimal memory and power requirements, is a solution BlackBerry evidently sees as capable of addressing that problem.
“Our highly skilled cybersecurity workforce and market leadership in next-generation endpoint solutions will be a perfect fit within BlackBerry where our customers, teams and technologies will gain immediate benefits from BlackBerry’s global reach,” said Stuart McClure, Cylance’s co-founder, Chairman, and CEO. “We are eager to leverage BlackBerry’s mobility and security strengths to adapt our advanced AI technology to deliver a single platform.”
Cylance is expected to continue to operate as a separate business unit within BlackBerry following the acquisition – no great surprise, given the impressive name it’s made for itself. Since being founded in 2012, it’s disclosed £297 million in funding, with the most recent round (just a few months ago) raising $120 million.
It must be deja vu for McClure – before Cylance, he was co-founder of Foundstone Consultancy, which raised $12 million over five years before being bought by McAfee, where it continued to operate as a business unit.
While not quite the scale of IBM’s $34 billion Red Hat purchase, for example, this is one of many cases in the past few years where we’ve seen big-name tech companies branch out into cybersecurity by simply acquiring a company that’s already got the expertise, reputation and customers. Like BlackBerry, IBM already had its own security products (though many of the more successful among those, such as Resilient and Qradar, were acquisitions themselves). And like BlackBerry, AT&T – primarily known for telecoms – has made a point of expanding into security with its acquisition of AlienVault, whose solutions it will be integrating into its own offerings.
Cisco, which made headlines not long ago with its $2.4 billion acquisition of identity and access management company Duo Security, may still be primarily a networking and hardware company, but its security division is growing rapidly – and acquisition has been a major part of its growth strategy, too.
Even those companies which are primarily known for cybersecurity, such as Palo Alto Networks and Symantec, have shown a strong preference for growth through acquisition, particularly when it comes to adding ‘niche’ or highly specialised offerings. Given the way AI is taking off, companies which are able to leverage it (the vast majority using machine learning) are a particularly tempting acquisition opportunity – Fortinet’s recent acquisition of Scottish cybersecurity company ZoneFox being one example.
A solid, well-established reputation goes a long way – our own research has found that the big guys are still the most trusted – but in a field like cybersecurity, constant innovation is crucial. With many end-users actively preferring to combine several best-of-breed solutions, waiting for a startup to make a name for itself as the leader in its field, and then acquiring it (along with its reputation, expertise and customers) is a strategy which makes a great deal of sense.