Cloudflare Buys Area 1 Security For $162M

February 28, 2022

Cloudflare has agreed to acquire Area 1 Security. Area 1 Security’s cloud-native platform, which works seamlessly with any email offering, stops phishing attacks by preemptively discovering and eliminating them before they can inflict damage in a corporate environment. In 2021 alone, the company blocked more than 40 million malicious phishing campaigns spanning business email compromise, malware, ransomware, and other advanced threats.

“Email is the largest cyber attack vector on the Internet, which makes integrated email security critical to any true Zero Trust network. That’s why today we’re welcoming Area 1 Security to help make Cloudflare’s platform the clear leader in Zero Trust,” said Matthew Prince, co-founder and CEO of Cloudflare. “To us, the future of Zero Trust includes an integrated, one-click approach to securing all of an organization’s applications, including its most ubiquitous cloud application, email. Together, we expect we’ll be delivering the fastest, most effective, and most reliable email security on the market.”

Data from the FBI’s Internet Crime Complaint Center 2020 Internet Crime Report shows that malicious phishing campaigns including business email compromise are the most costly—with U.S. businesses losing more than $1.8 billion. Well known incidents of the last decade include the JPMorgan Chase breach, where a phishing attack impacted 76 million households and 7 million small businesses; SolarWinds, where phishing led to the compromise of 18,000 customers including multiple government agencies; Sony Pictures, where a phishing attack reportedly led to more than 100 terabytes of proprietary data being stolen; and in the U.S. elections, where phishing has been cited as the cause of damage inflicted upon the United States’ electoral process. According to Forrester, “the biggest problems with email are its ubiquity and our willingness to trust it. Every person has an email account, often more than one, making this medium a perennially ripe target for attackers.” As email continues to be an attractive entry point for increasingly sophisticated cyberattacks, businesses of all sizes need to consider how to integrate email solutions into their overall security stack and bolster it with global threat intelligence.

Chris Rodriguez, Research Director for IDC’s Network Security Products and Strategies notes, "Email is often the largest cloud application for any organization; and also represents the largest attack vector. Instead of viewing email security as a stand alone issue, more businesses realize that it needs to be part of their holistic security strategy. The combination of Cloudflare and Area 1 Security offers customers a uniquely differentiated and comprehensive Zero Trust offering with coverage across the entire threat lifecycle."

“Today, email is a business’ most-used cloud application. It's unfortunately unprotected. We estimate that more than 90% of cyber security damages are the result of just one thing: phishing," said Patrick Sweeney, CEO and President of Area 1 Security. "By combining our leading phishing protection and threat intelligence capabilities with Cloudflare’s global network, data capabilities, and Zero Trust platform we truly believe that together we can help companies of any size better secure their entire network infrastructure and better protect against the most destructive cyber risks.”

Cloudflare entered the email security market in 2021 with the launch of its Advanced Email Security Suite and additional tools to create custom email addresses, manage incoming email routing, and prevent email spoofing and phishing on outgoing emails. Because Cloudflare’s global network blocks an average of 86 billion cyber threats each day, the company has unique threat intelligence data that can allow it to more effectively filter out targeted phishing attacks (spear phishing) and other security threats that legacy email security solutions and API-only email security offerings can miss. Area 1 Security has long taken a preemptive approach to email security to stop phishing campaigns during the earliest stages of an attack cycle. By combining Area 1 Security’s highly scalable technology and years of experience in email protection with Cloudflare’s global network, the two companies will provide a holistic Zero Trust solution that customers can enable through Cloudflare’s global edge.

Under the terms of the agreement, Cloudflare will acquire Area 1 Security for approximately $162 million, subject to customary adjustments, with 40-50% of the price payable in shares of Cloudflare’s Class A common stock and the remainder payable in cash. The acquisition is expected to close early in the second quarter of 2022 and is subject to customary closing conditions.