The Billion-Dollar Exits: Infrastructure M&A Case Studies

Infrastructure companies don't exit like consumer apps.

No viral growth story. No user acquisition metrics. No celebrity founder narrative.

They exit because they became essential. Because ripping them out would break too many systems. Because the acquirer's customers demanded it, or the acquirer's competitors already had it.

I've studied dozens of infrastructure acquisitions. The best ones share a pattern: the acquirer wasn't buying revenue. They were buying time, technical depth, and customer lock-in they couldn't build themselves.

Here are five exits worth studying.

GitHub: $7.5B to Microsoft (2018)

Microsoft paid $7.5B for GitHub in 2018. At the time, GitHub did maybe $300M ARR. That's a 25x revenue multiple. Why?

GitHub had become the version control system for 28 million developers. But the real value wasn't Git hosting. It was the workflow layer built on top: pull requests, code review, CI/CD integrations, issue tracking, project management, package registries.

Every engineering organization had GitHub embedded in their development process. Merge workflows. Branch protection rules. Status checks. Automated deployments triggered by merges to main. Security scanning integrated into PRs. Dependency management through Dependabot.

Switching meant retraining every engineer, rewriting CI/CD pipelines, migrating years of issues and documentation, and rebuilding integrations with every tool in the stack. The technical debt of migration was measured in quarters, not weeks.

Microsoft wasn't buying revenue. They were buying developer distribution. GitHub gave them a platform to push VS Code, Azure DevOps, and eventually Copilot. The acquisition made Microsoft credible with open source developers who had spent a decade distrusting them.

The technical moat: workflow infrastructure that becomes organizational muscle memory.

Segment: $3.2B to Twilio (2020)

Twilio paid $3.2B for Segment in 2020. Segment did ~$150M ARR. That's a 21x multiple. The reason: customer data infrastructure that sat between every product and every tool.

Segment solved a hard technical problem. Every company needs to send customer data to analytics tools, marketing platforms, data warehouses, and internal systems. Without Segment, you write custom integrations for each tool. With Segment, you send data once and it routes everywhere.

The architecture: a single JavaScript snippet or server-side SDK captures events. Segment's infrastructure handles schema validation, data transformation, retry logic, and delivery guarantees. One API call becomes 20+ downstream deliveries.

But the real lock-in was the schema. Once you define your tracking plan in Segment (what events to capture, what properties to include, how to structure user profiles), every downstream tool depends on that schema. Changing CDP providers means redefining your entire data model and updating every integration.

Twilio already owned communication infrastructure (SMS, voice, email). Adding Segment gave them the customer data layer. Now they could see what user actions triggered which communications. The combination created a closed loop: capture customer behavior, trigger personalized messages, measure outcomes.

The technical moat: data infrastructure that becomes the source of truth for customer identity and behavior.

Mandiant: $5.4B to Google (2022)

Google paid $5.4B for Mandiant in 2022. Mandiant did ~$500M revenue. That's a 10.8x multiple for a security company.

Mandiant wasn't selling software. They were selling threat intelligence and incident response expertise. When a company gets breached, Mandiant is who they call. The team has responded to thousands of incidents: ransomware, nation-state attacks, supply chain compromises.

That operational knowledge compounds. Mandiant knows how attackers move laterally through networks. What tools they use. What vulnerabilities they exploit. What indicators to look for. This intelligence feeds their detection platform.

Google needed this for Google Cloud. AWS had GuardDuty. Azure had Sentinel. Google Cloud needed credible security tooling to compete for enterprise workloads. Building threat intelligence from scratch takes years. Acquiring Mandiant gave them 18 years of incident response data and a team that had seen every attack pattern.

The integration: Mandiant's threat intelligence now powers Chronicle (Google's SIEM). Customers running workloads on Google Cloud get security monitoring backed by real-world breach data. The moat isn't the technology. It's the operational knowledge that only comes from responding to actual attacks.

The technical moat: threat intelligence that compounds with every incident response engagement.

Looker: $2.6B to Google (2019)

Google paid $2.6B for Looker in 2019. Looker did ~$150M ARR. That's a 17x multiple for a BI tool.

Looker's differentiation was LookML, a modeling layer that sits between raw data and dashboards. Instead of writing SQL for every chart, you define metrics once in LookML. Then anyone can explore data without writing queries.

The technical architecture: LookML compiles to SQL at query time. This means Looker can run on any SQL database (BigQuery, Redshift, Snowflake, Postgres). The modeling layer is database-agnostic. But once a company defines their metrics in LookML, switching BI tools means rewriting every metric definition.

Google needed Looker for BigQuery. They were competing with Snowflake and Databricks for data warehouse workloads. BigQuery had the performance, but customers needed a BI layer that didn't require SQL expertise. Looker gave them that.

The integration: Looker became the default BI tool for BigQuery customers. Google could now sell data warehouse + BI as a bundle. The acquisition turned BigQuery from infrastructure into a complete analytics platform.

The technical moat: a semantic layer that becomes the definition of business metrics.

Wiz: $23B Offer from Google (2024, Declined)

Google offered $23B for Wiz in 2024. Wiz declined. They're doing ~$500M ARR. That would have been a 46x multiple.

Wiz does cloud security posture management. They scan your AWS, Azure, and Google Cloud environments for misconfigurations, vulnerabilities, and compliance violations. The product is an agentless scanner that uses cloud provider APIs to inventory resources and assess risk.

The technical differentiation: Wiz's graph database maps relationships between cloud resources. They can answer questions like "which S3 buckets are publicly accessible and contain PII?" or "which EC2 instances have admin access to production databases?" This requires understanding IAM policies, network topology, and data classification simultaneously.

Building this takes years. You need to understand every cloud service's API, every permission model, every networking construct. Wiz has 400+ integrations across AWS, Azure, and Google Cloud. Replicating that is a multi-year engineering effort.

Google wanted Wiz to compete with Microsoft Defender and AWS Security Hub. But Wiz declined the offer. They're growing 300%+ year-over-year and believe they can build something worth more than $23B.

The technical moat: a graph database that maps the entire cloud environment and understands the security implications of resource relationships.

What Made These Companies Valuable

These weren't revenue acquisitions. They were capability acquisitions. The acquirers couldn't build these systems fast enough or credibly enough.

GitHub: workflow infrastructure embedded in organizational process. Segment: data infrastructure that became the source of truth. Mandiant: operational knowledge from thousands of incident responses. Looker: semantic layer that defined business metrics. Wiz: graph database mapping cloud security relationships.

The pattern: technical depth that takes years to replicate, integration depth that makes switching painful, and operational knowledge that compounds with usage.

Infrastructure acquisitions pay for time saved and moats acquired. The companies that command premium multiples are the ones where rebuilding from scratch would take longer than the market window allows.