Thoma Bravo sells Imperva to Thales Group for $3.6B

Thales Group has agreed to acquire Imperva Inc. from private equity firm Thoma Bravo for $3.6 billion with the goal of expanding its data and application security offerings.

The acquisition was announced Tuesday, four years after Thoma Bravo completed the purchase of Imperva for $2.1 billion. Thales will integrate Imperva's data and application security products that focus on DDoS and API defense into its current offerings to expand its role in the Digital Identity and Security (DIS) business.

The French technology conglomerate, which serves customers in more than 50 countries, said the Imperva acquisition will add around $500 million of revenue. Thales also said the acquisition will create a global cybersecurity portfolio that focuses on identity, data security and application security.

"In this growth context and subject to forthcoming social processes, Thales plans to regroup as of January 1, 2024 all its civil cyber activities (currently split between its Digital Identity and Security and Defense and Security operating segments) within DIS," Thales wrote in its press release.

With Imperva, Thales expects its DIS sales to grow organically between 6%-7% for the next four years, reaching approximately $6 billion by 2027. In addition to DIS, Thales is in several other markets, including defense and security, aerospace, space and transportation.

In the press release, Thales emphasized Imperva's focus on protecting critical applications, APIs, and data -- areas that have been under heightened scrutiny recently. For example, ransomware groups have been increasingly focusing on data exfiltration rather than encryption to pressure victim organizations into paying. Extortion threats are becoming more aggressive as those groups leak sensitive data, such as photos and videos, through public data leak sites. The shift in ransomware tactics is affecting enterprises as well as cyber insurance coverage.

Massive DDoS attacks, which is a core focus for Imperva's Web Application Firewall (WAF), are also on the rise. When Microsoft suffered layer 7 DDoS attack last month that caused significant disruptions across cloud services and applications, implementing Azure WAF was strongly recommended.

Sebastian Cano, senior vice president of cloud protection and licensing at Thales, said the company has observed an exponential growth of attacks happening at the API level. Another challenge for Thales, he said, involved customer data. While the Thales platform can encrypt customer data, the company didn't have visibility of that data.

"Very often customers come to us and say, 'I want you to protect this amount of data.' The usual follow up question for us is 'how much other data do you have that needs to be encrypted today?' Most of the time the answer we get is, 'We don't know.' Now with this capability from Imperva [Data Security platform], we have a constant view of all the data," Cano said. "The more data we encrypt, the more money we make as a company."

John Grady, an analyst with TechTarget's Enterprise Security Group, said the acquisition is an interesting move for Thales as Imperva is more widely known for its web and API security capabilities.

"That's going to be new to Thales versus data security, where they're obviously a big player. There may be some synergies with what Thales does around customer identity and Imperva's bot protection relative to account takeover and fraud. But I think the buyers for data security and app security have traditionally been different. A lot of Imperva's customer base bought one or the other, so there's some work to do to bring out any go-to-market synergies and get additional value," Grady said in an email to TechTarget Editorial.

As for Thoma Bravo, Grady said the sale is typical for the private equity firm. On the cybersecurity side, he's observed that Thoma Bravo tends to hold onto companies for 3 to 4 years before selling off. "I don't think the sale is indicative of anything specific. They have been pretty acquisitive lately, so this obviously represents a good return and cash infusion to show their investors," he said.

Heidi Shey, principal analyst at Forrester, agreed that the biggest change for Thales focuses on application security since they were already a significant player in data security. The Imperva acquisition is Thales way of buying into applications security market, but Shey said integrating those products will take work.

"Imperva was also already working its way through bringing its other acquisitions in and had aggressive plans with its own products in application security and data security," Shey said in an email to TechTarget Editorial. "They will need to stay focused to deliver on those plans for existing customers."

The acquisition is expected to close at the beginning of 2024.

Arielle Waldman is a Boston-based reporter covering enterprise security news.