CyberArk Acquires Conjur, Revolutionizing DevOps Security to Drive Greater Business Agility

May 11, 2017

Delivers Industry’s Only Enterprise-Class, Automated Privileged Account Security and Secrets Management Solution to Secure the DevOps Lifecycle and Cloud-Native Environments

NEWTON, Mass. and PETACH TIKVA, Israel – May 11, 2017 – CyberArk Software Ltd. (NASDAQ: CYBR), the company that protects organizations from cyber attacks that have made their way inside the network perimeter, today acquired privately-held Conjur, Inc., a Newton, Mass.-based provider of DevOps security software for $42 million in cash.

Conjur’s revolutionary technology for securing DevOps extends CyberArk’s reach deeper into the DevOps lifecycle to protect secrets and manage machine identities. With the addition of Conjur, recently named a Cool Vendor in DevOps by Gartnerˡ, CyberArk uniquely empowers CIOs and CISOs to accelerate modern software deployment – securely – with the industry’s only enterprise-class security solution that delivers comprehensive privileged account management and secrets protection.

“While empowering organizations with more efficiency and speed, the DevOps process is also dramatically expanding the attack surface across the entire enterprise,” said Udi Mokady, Chairman and CEO, CyberArk. “CyberArk’s acquisition of Conjur further strengthens our market leadership position – providing the industry’s only enterprise-class solution for privileged account security and secrets management on premises, in the cloud and across the DevOps pipeline. Now with Conjur, CyberArk customers can truly embrace DevOps without compromising on security.”

Due to the dynamic nature of DevOps, “secrets” – which are privileged account credentials, SSH Keys, API keys and more – are proliferating throughout the IT infrastructure at a rapid-fire pace, creating massive security risks for organizations. “A Gartner survey in mid-2016 found that 50% of enterprises would be using DevOps by the end of 2016.” However, Gartner estimates “that fewer than 20% of enterprise security architects have engaged to systematically incorporate information security into their organizations’ DevOps initiatives.”² CIOs, CISOs and developers need solutions that offer control and security without impeding the agility and speed of the DevOps pipeline. Conjur and CyberArk integrate with leading DevOps tools and platforms including Puppet, Chef and Ansible to further enable agile development processes.

“Conjur’s innovative DevOps security solution is gaining momentum with developers, security and operations teams in modern enterprise IT organizations around the world,” said Elizabeth Lawler, CEO and co-founder, Conjur. “We are excited to become part of CyberArk to set a new industry standard for privileged account security and secrets management, helping customers move to a true DevSecOps delivery model that supports greater business agility.”

The CyberArk-Conjur Solution for DevOps is available from CyberArk today.

Related Resources

ˡ Gartner, Cool Vendors in DevOps, 2017, Ian Head, Felix Gaehtgens, Thomas E. Murphy, Nathan Wilson, David Paul Williams, 08 May 2017 ID: G00326392

²Gartner, “Top 10 Strategic Technology Trends for 2017: Adaptive Security Architecture,” David W. Cearley, Avivah Litan, Mike J. Walker, 21 March 2017 ID: G00319583

About Conjur

Conjur delivers a DevOps security software platform that enables organizations to balance their goal of adopting cloud computing with their need to ensure security. Conjur automates machine identity provisioning, authorization of privileged access, service account control, and machine-to-machine connectivity in a way that meets the needs of all DevSecOps stakeholders. Companies adopting dynamic, cloud-centric IT infrastructure across industries, including financial services, communications, media and software development, consider Conjur an essential component of their security strategy. Conjur is headquartered in Newton, Mass.

About CyberArk                                                                                                       

CyberArk is the only security company focused on eliminating the most advanced cyber threats; those that use insider privileges to attack the heart of the enterprise. Dedicated to stopping attacks before they stop business, CyberArk proactively secures against cyber threats before attacks can escalate and do irreparable damage. The company is trusted by the world’s leading companies – including more than 45 percent of the Fortune 100 – to protect their highest value information assets, infrastructure and applications. A global company, CyberArk is headquartered in Petach Tikva, Israel, with U.S. headquarters located in Newton, Mass. The company also has offices throughout the Americas, EMEA, Asia Pacific and Japan. To learn more about CyberArk, visit, read the CyberArk blog, or follow on Twitter via @CyberArk, LinkedIn or Facebook.

Cautionary Language Concerning Forward-Looking Statements

This release may contain forward-looking statements, which express the current beliefs and expectations of CyberArk’s (the “Company”) management. In some cases, forward-looking statements may be identified by terminology such as “believe,” “may,” “estimate,” “continue,” “anticipate,” “intend,” “should,” “plan,” “expect,” “predict,” “potential” or the negative of these terms or other similar expressions.  Such statements involve a number of known and unknown risks and uncertainties that could cause the Company’s future results, performance or achievements to differ significantly from the results, performance or achievements expressed or implied by such forward-looking statements. Important factors that could cause or contribute to such differences include risks relating to: changes in the rapidly evolving cyber threat landscape; real or perceived shortcomings, defects or vulnerabilities in the Company’s solutions or internal network system, or the failure of  the Company’s customers or channel partners to correctly implement the Company’s solutions; fluctuations in quarterly results of operations, including due to our failure to close significant sales before the end of a particular quarter; the inability to acquire new customers or sell additional products and services to existing customers; competition from IT security vendors; the reputational impact of any compromise to our internal IT network system; failure to effectively manage growth; the Company’s failure to effectively expand, train and retain our sales and marketing personnel; reliance on channel partners; failure to anticipate market needs and enhance the Company’s existing products or develop or acquire new products; the Company’s ability to successfully integrate recent and or future acquisitions; and other factors discussed under the heading “Risk Factors” in the Company’s most recent annual report on Form 20-F filed with the Securities and Exchange Commission. Forward-looking statements in this release are made pursuant to the safe harbor provisions contained in the Private Securities Litigation Reform Act of 1995. These forward-looking statements are made only as of the date hereof, and the Company undertakes no obligation to update or revise the forward-looking statements, whether as a result of new information, future events or otherwise.