A visitor tries out a smartphone next to a symbol of a cloud at the CeBIT 2012 technology trade March 5, 2012, in Hanover, Germany. Check Point Software Technologies announced Monday that it acquired cloud email provider Avanan. (Photo by Sean Gallup/Getty Images)

Looking to strengthen its portfolio of cloud offerings and deliver end-to-end security for enterprises, Check Point Software Technologies on Monday announced that it had acquired cloud email provider Avanan.

Security analysts viewed the news as part of a wider trend of the cyber market heating up with acquisitions and venture capital funding.

A report released last week by Momentum Cyber found that there was $39.5 billion total M&A volume in cybersecurity in the first half of 2021, up from $9.8 billion in the first half of 2020. Funding has also been strong in the cybersecurity market, with $11.5 billion in total venture capital financing in the first half of 2021, more than double from $4.7 billion in the first half of 2020.

“Most ransomware attacks start with phishing, which always start with email,” said Jai Das, co-founder, president and partner at Sapphire Ventures. “The usage of email has kept increasing even with the advent of text messaging and OTT apps like Signal/WhatsApp/Telegram. Finally, email delivery is based on protocols, which was designed several decades ago and does not have robust security or anti-spoofing built in. Therefore, demand for email security has kept increasing and it makes a lot of sense for Check Point to enter this market segment with their Avanan acquisition.”

In making the acquisition, Check Point pointed out that over the past year during the pandemic, much of email has shifted to the cloud; with some 95% of cyberattacks targeting enterprise networks by spearphishing attacks, the threat to cloud email has never been wider. The Anti-Phishing Working Group has also reported that the amount of phishing attacks doubled in 2020, with every Microsoft Office 365 user in the world attacked at least once.

Check Point has worked hard to build a comprehensive, end-user security solution for all of Office 365 and G-Suite, said Dave Gruber, a senior analyst at the Enterprise Strategy Group who covers security. Check Point recently pulled together and rebranded end-user security controls as “Harmony,” aimed to secure all email and collaboration tools with a simple, straightforward licensing model. Prior to the Avanan acquisition, Gruber said Check Point offered CloudGuard SaaS (now known as “Cloud Email and Productivity Suite”), as the core solution aimed at protecting Office 365 and G-Suite applications.

Gruber explained that Avanan offers a broad set of controls, targeted at both extending Microsoft-native email security controls, in addition to potentially fully replacing Microsoft’s native email security controls. This approach simplifies email security, compared to other cloud email supplemental security (CESS) solutions that are truly add-ons to Microsoft-native controls.

“The CESS space is hot right now, as the majority of large enterprises have migrated to M365 for email, while recognizing that gaps exist in the native email security controls,” Gruber said. “The Avanan acquisition positions Check Point to potentially one-up the CESS providers with a complete end-user security solution, inclusive of cloud email security.”

Frank Dickson, program vice president, security and trust at IDC, said the vast majority of remote work and email today are protected by security delivered as SaaS. Additionally, extended detection and response — or XDR — has become the future of security.

 “Email security is a critical input and control point to XDR,” Dickson said. “And XDR without email security is like riding a motorcycle without a helmet; it’s not a good idea. The acquisition of Avanan helps Check Point address both points.”