Colorado cybersecurity firm Coalfire Systems Inc. is acquiring Veris Group to become a major cybersecurity and threat assessment consultancy to federal agencies, businesses and cloud-computing service providers looking to do business with the federal government.
Westminster-based Coalfire announced the deal after closing the transaction. Terms were not disclosed.
The combined company has 550 employees, generates about $100 million in annual revenue and aims to maintain a 30 percent annual growth rate, the companies said.
Veris Group, based outside Washington D.C. in Vienna, Virginia, began looking in mid-2016 to make a deal to expand. One of Coalfire’s owners, The Carlyle Group, introduced the two companies soon after.
It was immediately apparent the companies would fit really well together, said Larry Jones, Coalfire CEO.
“The chemistry was right and culture was right, but the overlap between the businesses was pretty minimal,” he said.
Coalfire, founded 15 years ago, has grown by helping companies comply with federal data-protection regulations such as HIPAA, FedRAMP and PCI, and safeguard themselves against data breaches, cyber fraud, infrastructure attacks and intellectual property theft. It has many mid-sized business clients but has more recently been winning business from the likes of Amazon, Oracle and other big customers.
Veris Group draws half its business from federal government departments and intelligence agencies, lines of work Coalfire wanted to be in but hadn’t yet cracked, Jones said.
The merger also means Coalfire now has one of the most advanced technical penetration testing and “red team” organizations in the industry, Jones said.
Penetration testing is the process of trying to break into client computer systems as a way of finding vulnerabilities to fix, while “red team” exercises simulate cyber attacks and helps clients practice how to respond to threats.
Coalfire is well-positioned after the merger to compete for clients against the likes of IBM and the “big four” accounting firms — PricewaterhouseCoopers, KPMG, Deloitte and Ernst & Young — and cybersecurity specialists such as SecureWorks, Jones said.