Hot markets are exciting markets and cybersecurity acquisitions are red hot. The recent sale of Blue Coat to Symantec for a staggering $4.3B suggests there is still ample opportunity for mergers, acquisitions, and roll-ups. Recently the partners at TrueBit came together and discussed what companies, public and private we thought we ripe for acquisition. While each of the partners has their own unique perspective, my list tended toward four big trends:
- Cloud: Security is not merely moving into the cloud, it is the cloud. Almost all of these vendors either are hosted in the cloud (usually AWS) or offer a cloud-based solution. The future of cybersecurity is all cloud, all the time.
- Security Analytics: This trend has been in place for a few years. Security analytics is the convergence of point solutions into cohesive, enterprise-wide security platforms that can identify, assess, and react to security in a coordinated manner.
- Behavior Analytics: A close cousin to security analytics, behavior analytics aims to use sophisticated machine learning and baselining functions to identify anomalous activity among big data.
- Endpoint Security: This trend is actually a subset trend of Security Analytics. However, its such a strong undercurrent in cybersecurity right now.
This list is based on other criteria as well such as quality of the company’s products, market presence, and ability to execute. These companies all represent strong players who have a lot of potential.
Poor RSA. From getting buried inside the EMC storage array, to getting Dell’ed into information obscurity, to Amit Yoran’s subversive RSA keynote, is there no love for the grandfather of cybersecurity? It is unfortunate, because RSA has ultra smart people and some really innovative technologies. They need a home where they can get a lot of hugs…like Symantec.
The endpoint is back in play, and Tanium goes after a boring, yet profoundly important aspect of information security: configuration management. It is a persistent problem in organizations of 10 or 10,000 systems. Tanium has grown rapidly and has a very impressive client-base. They would make an excellent addition to the portfolios of numerous larger players.
This winner of the 2016 RSA Innovation Sandbox has a bright future. Coordinating security response across disparate platforms has been a Holy Grail of cybersecurity for decades. Phantom actually makes it look easy. Their product is surprisingly mature for a young company. There is tremendous potential for them as an add-on to any larger security analytics platform.
Identity and access management has changed quite a bit in the past five years. Okta seized this shifting market to offer a comprehensive, cloud-based platform for user and identity management. Their platform is powerful and extremely extensible. With identity-based security growing in popularity and demand, this company would be a natural fit for some of the Security Analytics players.
This company makes a product that is simultaneously spooky and spectacular. It can track almost anything on an endpoint PC and provide policy-based recording of every action, right down to mouse-clicks and window movements. In high security environments, this level of monitoring is an absolute must have. This is also a good example of a company with a single solution, that is “all in” on its features. This makes them a natural addition to numerous larger security vendors.
This is another SaaS product that has nailed a very specific niche. Their web acceleration, WAF, and DDoS protection is a must have for any website. With Cisco’s acquisition of OpenDNS, companies like CloudFlare should be top on the acquisition list for other security firms. It is not, necessarily, their great products that make them valuable, but the oodles of data they have which can be rendered into threat intelligence.
While CrowdStrike has taken its lumps for frothing over the attack on Hillary Clinton’s campaign, their products remain compelling nevertheless. CrowdStike enjoys “Palo Alto Networks” style zealotry among its customers. Their endpoint products have a robust set of capabilities. They would make an easy tuck in for any security vendor who needs a much stronger endpoint solution (Cisco, Fortinet?)
For the past few years, the SIEM market has been dead. Nobody wanted anything to do with SIEM. Then just this month, Fortinet went and bought Accelops. SIEM is a miserable market, but it is also an extremely important, foundational technology for any IT department. LogRtythm has done exceptionally well in the mid-market, with a supremely compelling technology. They would be an excellent add-on to any larger vendor seeing to build out a impressive security analytics platform (Cisco, Symantec?)
Security analytics is perhaps one of the most potent trends in cybersecurity right now. The need for platforms that can pull together information from multiple sources is in extremely high demand. Anomoli (formerly ThreatStream) has a powerful set of technologies that do just that. They are ideally situated for any one of the security analytics players, like Cisco, Symantec, Fortinet, etc.
Last, is the company that is so acquirable it is amazing it has made it this long without being acquired. Stuart McClure’s Cylance makes an impressive endpoint security tool that is both light and powerful. They have been growing like crazy the past year, and everybody seems to want a piece of their action. Cylance would be an easy add on to almost any security company. They would make a strong component to ForcePoint, Fortinet, Cisco…anybody.
There are plenty of others we like at TrueBit, including Distil Networks, Iovation, Duo Security, Cyren, CheckMarx, Zscaler, Cyphort, SkyHigh Networks, Threat Quotient, Beyond Trust, and Looking Glass.
Regardless of how you sort this list, the cybersecurity market remains exciting. We look forward to the next big acquisition, and will not be surprised if it is one or more of the firms we mentioned.