Cloudflare To Buy Area 1 Security For $162M For Email Defense
‘Email is the largest cyber attack vector on the internet, which makes integrated email security critical to any true Zero Trust network. That’s why today we’re welcoming Area 1 Security,’ says Cloudflare’s Matthew Prince.
Cloudflare has agreed to purchase Area 1 Security to stop corporate phishing attacks by preemptively discovering and eliminating them before they can inflict damage.
The San Francisco-based security and performance services vendor said San Mateo, Calif.-based Area 1 Security has long taken a preemptive approach to email security to stop phishing campaigns during the earliest stages of an attack cycle. Meanwhile, Cloudflare entered the email security market last year with tools to manage incoming email routing and prevent email spoofing and phishing on outgoing emails.
“Email is the largest cyber attack vector on the internet, which makes integrated email security critical to any true Zero Trust network,” Cloudflare CEO Matthew Prince said in a statement. “That’s why today we’re welcoming Area 1 Security to help make Cloudflare’s platform the clear leader in Zero Trust … Together, we expect we’ll be delivering the fastest, most effective, and most reliable email security.”
Cloudflare will acquire Area 1 Security for approximately $162 million, and the deal is expected to close early in the second quarter of 2022. The company’s stock is down $0.84 (0.92 percent) to $90.50 per share, which is the lowest Cloudflare’s stock has traded since Jan. 28.
Area 1 Security was founded in 2013, employs 97 people, and has raised $82.5 million in five rounds of outside funding, according to LinkedIn and Crunchbase. The company in June 2020 brought on longtime SonicWall marketing and product management leader Patrick Sweeney as CEO, and he two months later recruited former SonicWall Chief Revenue Officer Steve Pataky to take the same role at Area 1.
“By combining our leading phishing protection and threat intelligence capabilities with Cloudflare’s global network, data capabilities, and Zero Trust platform we truly believe that together we can help companies of any size better secure their entire network infrastructure and better protect against the most destructive cyber risks,” Sweeney said in a statement.
The two companies have had different philosophies regarding the channel, with Area 1 pivoting from having virtually none of its business go through partners in spring 2020 to mapping between 75 percent and 80 percent of the company’s business to solution providers within six months. Area 1 brought in Dawn Ringstaff to be the company’s first-ever channel chief and rolled out its first formal partner program.
Area 1 Security today is a channel-first company with more than 100 solution provider partners as the company looks to push down market from the Fortune 500. Conversely, Cloudflare had just 11 percent of its business (or $45.3 million of $431 million) come through the channel in 2020, which was up slightly from 9 percent in 2019 and 7 percent in 2018, according to Securities and Exchange Commission filings.
“With Cloudflare operating in all corners of the world, Area 1 will be able to deploy and support its solutions on a worldwide basis,” Sweeney wrote in a blog post. “Cloudflare has innovated in global scalability and Cloudflare will integrate Area 1’s technology into its global network to give customers the most complete Zero Trust security platform available.”
Cloudflare implemented Area 1 to protect its own employees in early 2020 and the results have been fantastic, with a significant and prolonged drop in phishing emails, Cloudflare Chief Technology Officer John Graham-Cumming wrote in a blog post. Specifically, he said Area 1 has allowed Cloudflare to proactively identity phishing campaigns and take action against them before they cause damage.
Area 1 additional had little to no impact on email productivity, which means that there were minimal false positives distracting Cloudflare’s security team, according to Graham-Cumming. The company has built a significant data platform that is able to identify patterns in emails such as where it came from, what it looks like, and what IP it came from, Graham-Cumming said.
The company’s nine years in the email security space have allowed Area 1 to amass an incredibly valuable trove of threat intelligence data, Graham-Cumming said. Area 1 has also used this data to train state-of-the-art machine learning models to act preemptively against threats, Graham-Cumming said.
“Area 1’s technology was so effective at launch that our CEO reached out to our Chief Security Officer to inquire if our email security was broken,” Graham-Cumming wrote. “It turns out our employees weren’t reporting any phishing attempts because Area 1 was catching all phishing attempts before they reached our employee’s inboxes.”
The Area 1 acquisition comes just 13 days after Cloudflare bought Vectrix to detect and mitigate issues like inappropriate filing sharing and user permission misconfigurations in AWS, Google Workspace and GitHub. Two months earlier, Cloudflare bought startup Zaraz to boost website speed and security without sacrificing privacy by reducing the impact of third-party marketing and analytics tools.
A year before that, Cloudflare acquired automation platform Linc for an undisclosed amount to help front-end developers collaborate and build powerful applications. And in January 2020, Cloudflare purchased early-stage browser isolation vendor S2 Systems for $17.7 million to keep security threats away from devices and make everyday web browsing safer and faster.
All told, Cloudflare has made nine acquisitions since being established nearly 13 years ago, according to Crunchbase.