Akamai Buying ‘Micro-Segmentation’ Security Specialist for $600M

“If you want to stop ransomware, you need Guardicore,” said Akamai CEO Tom Leighton on an investor call Wednesday, explaining the company’s rationale for buying the privately held “micro-segmentation” cybersecurity solutions provider. Akamai will pay $600 million cash from its existing reserves for 100% of Guardicore stock, said Akamai Chief Financial Officer Ed McGowan. The transaction is expected to close in Q4.

Enterprises are confronting “a rapidly evolving threat landscape, with sophisticated attackers who are trying to steal their data, disrupt their operations and extort them for large sums of money,” said Leighton. “The recent growth of ransomware and other malware-based attacks is explosive,” he said, citing estimates that the number of ransomware-infected devices jumped “35-fold” last year. The costs related to ransomware attacks are expected to exceed $20 billion globally this year, he said.

There are “just too many ways for malware to sneak inside an enterprise,” said Leighton. It can be imported from “compromised” supply chains, phishing schemes, infected third-party content, stolen credentials or employees “connecting devices to corporate networks,” he said. “The problem has gotten even worse with so many employees working remotely.”

Once malware gets inside the enterprise, “it’s critical to stop it from spreading,” said Leighton. “For that, you need micro-segmentation” of the type Guardicore specializes in, he said. Guardicore limits “access to only those applications that are authorized to communicate with each other,” he said. “By denying communication as the default, the threat surface and risk exposure are drastically reduced.” Guardicore’s micro-segmentation is the “second layer of defense” to Akamai’s existing “zero-trust” model for preventing attackers from “gaining access to enterprise infrastructure and applications,” he said.

Guardicore “interfaces well with the legacy application environments present in most enterprises today,” said Leighton. Guardicore’s client list has “hundreds” of enterprises, including global banks, “top retail brands,” big tech companies, wireless carriers, manufacturers and other companies that can ill-afford “to take risks with their operations or data,” he said.

Guardicore is based in Tel Aviv, close to Akamai’s own base of 200 engineers, most of them employed in Akamai network security services, said Leighton. CFO McGowan said the acquisition will expand Akamai’s “existing employee footprint in Israel, which is already a key technology hub for our security business.” When the transaction closes, Guardicore’s roughly 300 employees will be integrated into Akamai’s Security Technology Group, he said.

Leighton knows of privately held Illumio as Guardicore’s only direct competitor in the micro-segmentation security space, he said. Both companies “are competing against sort of the old way of doing things” in terms of using hardware for “segmenting the network” against the spread of malware, he said. For the “more effective way of doing micro-segmentation as the zero-trust of the future, Guardicore and Illumio are the only players really out there today.”

Akamai's Guardicore buy "further underscores the critical need" for zero trust micro-segmentation "as a core component of an organization’s cybersecurity strategy," emailed Illumio CEO Andrew Rubin. "Akamai is the latest company to react to customers’ recognition of the vital role" that micro-segmentation plays in improving an organization's "security posture, increasing cyber-resiliency and preventing cyber catastrophes," he said. "The need for a new approach to cybersecurity has been reinforced by the barrage of ransomware attacks we have witnessed over the past 12 months," said Rubin. "Traditional approaches to perimeter security, endpoint protection, and monitoring as a company’s sole cyber strategy will no longer be enough given today’s sophisticated threats."