Zscaler, a cloud security company with headquarters in San Jose, California, has acquired cybersecurity startup Avalor 26 months after its founding, reportedly for $310 million in cash and equity.
In a press release announcing the news, Zscaler founder and CEO Jay Chaudhry said that the deal would expand Zscaler’s platform with capabilities including streamlined reporting of security incidents, incident mitigation, asset discovery, data classification, security policy generation and more.
“AI is only as good as the underlying data, and many solutions lack the additional context and knowledge from data sources across the enterprise to truly leverage security-specific AI models,” Chaudhry said in a press release. “Zscaler operates the world’s largest security cloud with the most relevant data to train security specific large language models, and with the Avalor acquisition, we can more effectively identify vulnerabilities while predicting and preventing breaches.”
Raanan Raz co-founded Avalor with Kfir Tishbi, who previously led the engineering team at Datorama, a marketing analytics company acquired by Salesforce in 2018. Raz and Tishbi worked together at Datorama both leading up to — and after — the Salesforce purchase.
Avalor acts as a source of truth for cybersecurity assets, controls, identities, vulnerabilities, bugs and other data points, allowing security teams to aggregate, normalize, de-duplicate and track risk data from discovery to remediation.
It’s not a unique concept. An array of startups out there tackle the same problem, like Securiti and Dig Security. But what sets Avalor apart is the ability to handle data from virtually any source in any format, and its unique set of vulnerability risk management and prioritization tools.
Prior to the Zscaler acquisition, Avalor managed to secure $30 million from investors, including TCV, Salesforce Ventures, Jibe Ventures and Cyberstarts. And Raz sees Zscaler taking the business — and its ~80-person team spread across the U.S. and Israel — further.
“[With Zscaler, ] we get instant access to a set of resources it would have taken years for us to develop organically — 7,000 customers, 4,200 channel partners globally, near-ubiquitous customer awareness and the validation of a $2 billion business behind us,” Raz wrote in a post on Avalor’s blog published Thursday morning. “We’ll continue to operate independently as a complete Avalor team, and we’ll have all the tailwinds of the amazing Zscaler resources helping us.”
Avalor is Zscaler’s third acquisition after Canonic, a startup focused on protecting against cyberattacks targeting software-as-a-service products, and Trustdome, a cloud infrastructure entitlement platform. Founded in 2007 by Chaudhry and K. Kailash, Zscaler — which went public in March 2018 — has ~7,000 employees and a market cap of about $30 billion.
As Crunchbase’s Chris Metinko noted earlier today, Zscaler’s acquisition — along with others in the cybersecurity space — could help spark activity in a slow-to-stagnant cyber M&A market. Last year saw only 66 M&A deals involving VC-backed cybersecurity startups, per Crunchbase — a 26% drop from 2022 (which saw 89 such deals) and more than a 50% decline from 2021 (139 deals).
So far in 2024, there have been 18 cybersecurity-related mergers and acquisitions, with especially notable moves being made by Wiz, SentinelOne and CrowdStrike.