“Ivanti and RiskSense are bringing two powerful data sets together. RiskSense has the most robust data on vulnerabilities and exploits, including the ability to map them back to ransomware families that are evolving as ransomware-as-a-service, along with nation states associated with APT groups and Ivanti has the most robust data on patches. Together, Ivanti and RiskSense will enable customers to take the right action at the right time and effectively defend against ransomware, which is the biggest security threat today.”
– Srinivas Mukkamala, CEO of RiskSense
“Ivanti has been a leader in patch management for many years, but the acquisition of RiskSense will take our capabilities to an even higher level. This combination will allow us to provide our customers with a holistic view of vulnerabilities and exposures, and then enable them to take fast action through Ivanti Neurons for Patch Intelligence. Customers will be able to greatly reduce their attack surface and risk of breach because of the vulnerability intelligence and the resulting remediation prioritization based on actively trending exploits and ransomware attacks.”
– Jim Schaper, Ivanti Chairman & CEO
Transaction Overview
- On August 2nd, 2021, Ivanti, the automation platform that discovers, manages, secures, and services IT assets from cloud to edge, today announced it has acquired RiskSense, a pioneer in risk-based vulnerability management and prioritization, to drive the next evolution of patch management. The terms of the transaction were not disclosed
- RiskSense is a Sunnyvale, California-based provider of vulnerability management and prioritization to measure and control cybersecurity risk. The cloud-based RiskSense platform uses a foundation of risk-based scoring, analytics, and technology-accelerated pen testing to identify critical security weaknesses with corresponding remediation action plans. Founded in 2015, RiskSense raised approximately $24 million in funding prior to the acquisition
- Ivanti is a Salt Lake City, Utah-based provider of IT systems management, security management, and service management services. By integrating and automating critical IT tasks, Ivanti helps IT organizations successfully automate and secure the digital workplace. Ivanti counts most enterprises on the Fortune 100 list among its customers
- This combination will enable organizations to shrink their attack surface, prioritize vulnerabilities to remediate, and reduce their exposure to cyber threats and ransomware attacks by taking a proactive, risk-based approach to patch management
- Several robust risk-based vulnerability prioritization and remediation capabilities are already available to Ivanti Neurons for Patch Intelligence customers
- Srinivas Mukkamala, RiskSense CEO, joined Ivanti as Senior Vice President of Security Products, and the entire RiskSense team joined Ivanti's organization
- Ivanti is a private company backed by investors Clearlake Capital Group, L.P., Charlesbank Capital Partners and TA Associates. BMO Capital Markets acted as exclusive financial advisor to Ivanti
Transaction Significance
- Together, Ivanti and RiskSense will provide security and IT teams with context and adaptive intelligence regarding what their organization's exposures are to vulnerabilities that are being actively exploited, including whether those vulnerabilities are tied to ransomware, and then enable them to quickly remediate those threats
- Solutions from the combined companies are expected to reduce the mean time to detect, discover, remediate, and respond to cyber threats, particularly critical vulnerabilities linked to or associated with ransomware
- Ivanti has already integrated the RiskSense Vulnerability Intelligence and Vulnerability Risk Rating, which prioritizes and quantifies adversarial risk based on factors such as threat intelligence, in-the-wild exploit trends, and security analyst validation, into Ivanti Neurons for Patch Intelligence. This feature is currently available to Ivanti Neurons for Patch Intelligence customers who also have RiskSense licenses
- This combination is occurring at a critical time, as the White House recently released a memo encouraging organizations to use a risk-based assessment strategy to drive patch management and bolster cybersecurity against ransomware attacks. Furthermore, Gartner listed risk-based vulnerability management as a top security project that security and risk management professionals should focus on in 2021 to drive business value and reduce risk
- The combination of risk-based vulnerability prioritization and automated patch intelligence is completely unique to the market, bringing together two powerful complementary data sets on vulnerabilities/exploits and patches to help organizations take the right action at the right time
- This acquisition enhances Ivanti's security pillar and is part of Ivanti's "Summer of Security" commitment to protecting customers from increased and more sophisticated cyber threats in the Everywhere Workplace
Momentum Cyber's Role
- Momentum Cyber acted as exclusive financial & strategic advisor to RiskSense
- This transaction demonstrates Momentum Cyber's deep domain expertise in cybersecurity M&A and its proven track record advising leading vulnerability management and risk-based prioritization companies on strategic transactions
If you’re navigating a critical inflection point in cybersecurity growth, M&A, or capital strategy, Momentum Cyber brings unmatched sector expertise and senior-level advisory to every engagement. Let us advise you today and help you maximize value with confidence in an increasingly complex cyber landscape.