Relx acquires ThreatMetrix for $817M to ramp up in risk-based authentication

Another startup in the area of cyber security has been snapped up as platform businesses serving enterprises look for more ways of securing their own networks and working with customers to secure theirs. Today, the RELX Group (formerly known as Reed Elsevier) announced that it would acquire ThreatMetrix for £580 million (about $817 million) in cash.

This is a big exit for ThreatMetrix, which was last valued at around $237 million in its last funding round, in 2014, according to PitchBook analysis.

ThreatMetrix, which has been around since 2005 and has made some acquisitions of its own, is a digital identity platform that uses a number of factors (over 250 in all) like device information, location, anonymized ID information and behavioral analytics to determine that individuals logging into a service are who they say they are, and if not, to identify when the behavior is looking abnormal and risky.

It’s notable for being one of the earlier of the cybersecurity companies to offer both identification authentication services as well as malware detection, but the identity repository may be the key to the price paid here. RELX says ThreatMetrix’s so-called Digital Identity Network analyses over 100 million transactions per day covering 35,000 websites from 5,000 customers — tracking 1.4 billion unique online identities from 4.5 billion devices in 185 countries — making it one of the largest repositories of online digital identities in the world.

The group will become a part of RELX’s Risk & Business Analytics, which is part of the LexisNexis Risk Solutions group and already works in areas of fraud and authentication, and had, in fact, already been collaborating with ThreatMetrix.

“Our partnership with LexisNexis Risk Solutions over the past two years has fully demonstrated the strong synergies between our two organizations,” said Reed Taussig, President and CEO of ThreatMetrix, in a statement. 

Now as a combined company, it looks like RELX plans to expand the kinds of offerings it may have in digital identity, putting it potentially in competition with the likes of OpenDNS, FireEye, Palo Alto Networks and others — an interesting development, considering the company’s roots in educational and scientific publishing.

“Further integration of ThreatMetrix’s capabilities in device, email and social intelligence will build a more complete picture of risk in today’s global, mobile digital economy, providing both physical and digital identity solutions,” the company writes.

“ThreatMetrix is widely recognised as a leader in the digital identity space. Bringing that together with our own strengths in physical identity attributes will give our clients across all forms of commerce and geographies a more reliable, comprehensive approach to fraud and identity risk management while maintaining the privacy and security principles our customers have come to expect,” said Risk & Business Analytics CEO, Mark Kelsey, in a statement. “The acquisition is in line with our organic growth driven strategy, supported by acquisitions of targeted data sets and analytics that are natural additions to our existing business.”

The strong exit for ThreatMetrix underscores the current climate in the world of cybersecurity. A notable number of increasingly sophisticated breaches are forcing companies to invest significantly more in their security services, and to look for increasingly complex and specific solutions to meet the challenge.

Some of this is being initiated by the companies themselves, in some cases (such as in the UK, where RELX is based) there are government directives that are compelling organizations to become more proactive.

RELX said the deal should close in the first half of this year.