Analysis: Industry experts weigh in on where the smart money is going in cyber security.
The cyber security market was predicted to see several major acquisitions in 2016, and so far it doesn’t seem to be disappointing – but does the move to consolidation signal trouble for standalone start-ups?
451 Research figures show that the number of security acquisitions has increased by 41 percent in the past two years. According to 451 Research’s survey of technology investment bankers in December 2015, cybersecurity had displaced mobility as the area where M&A spending was expected to grow most over the next year.
20 percent of the investment bankers surveyed expected ‘substantially more’ activity, while 52 percent anticipated ‘somewhat more’ activity.
So far this year, BlackBerry acquired Encription, IBM bought Resilient Systems, Infoblox bought IID and FireEye bought Invotas and iSIGHT Partners.
These buy-outs seem to underline a general ambition among cyber security companies to build complete platforms through acquisitions.
President of Global Sales at BlackBerry told CBR in April that BlackBerry would be sitting on its $2.6 billion in cash for the time being as it now has most of the major areas covered.
"We’re not looking for some big category that we don’t have," said Wiese. "We’re being very selective in terms of where it plugs in. Right now, we’re not looking for the next big thing."
This came after a year in which Blackberry bought WatchDox, a secure data sync and share company for the enterprise, AtHoc, a networked crisis communications provider and Good Technology, a rival in the enterprise mobility management (EMM) space.
According to Adrian Sanabria, senior security analyst at 451 Research, the industry is in the middle of "the second great endpoint security consolidation."
Sanabria says that the first endpoint security consolidation cycle ran began in 2001 with Check Point’s acquisition of ZoneAlarm, and ended in 2009 with McAfee’s acquisition of SolidCore.
He says that while the push for unified platforms was initially centred around optimising cost, it is now driven by a key realisation about the unification strategy.
"These days, buyers and vendors have realized that security products can’t be terribly successful when they operate in isolation," explains Sanabria, "and we can’t depend on security analysts to manually correlate all the output."
According to the CEO of iSIGHT Partners, John Watters, the impetus for consolidation has come from the customers, "who want less vendors not more."
"The pendulum shifts from one vendor, say a Symantec shop or a Cisco shop, which became kind of the old gen. You get all of these next-generation technologies such as FireEye, Palo Alto," says Watters.
This was followed by an explosion of capital into the cyber security space, he explains, which led to roughly 1200 venture capital (VC)-backed security companies in the last four years.
"It was all best-in-breed little pieces of the puzzle, so that customers ended up with 20, 30, 40, in some cases close to 100 security vendors, and an unmanageable system," he says.
He says that another security product now is just another noise-maker, generating another alert when people are trying to move to less.
In response, he says, the bigger platforms will now move to acquire capabilities that they are missing.
Watters claims that the VC market for single products is "played out", and that overall the market for single products will be a "minefield of disasters ahead".
"You’ll see less money going into early-stage start-ups that block more bad things: there are too many out there already," he says.
This doesn’t mean that there is no future for the start-ups, says Watters. But he advises them to follow one of two very specific courses: one of these is to merge with other small companies to try and create an overall platform.
The other would be to get a private equity firm that wants to buy the start-up before acquiring other components.
"Trying to be the best at one small technology and trying to sell them into companies, there is less tolerance for it. It is one more product and one more vendor to manage."
For Watters, the VC model has been poorly adapted to investing in cyber security. iSIGHT Partners started with a friends and family round in 2013 involving Blackstone. This was followed by the first institutional round in late 2014. Watters controls the board and until December 2014 was the only board member, making all of the investment decisions.
For Watters, "the long pole in the tent" in cyber security is the intelligence. The company spent seven years and $100 million building its intelligence before we even hired a marketing guy.
"Not many VCs want to put money in this space, because they’re looking for a quick return on their money."
Walter Scott, CEO, LOGICnow, says that the heyday of the niche security start-up has "absolutely not" ended and won’t end anytime soon.
He says that the speed of improvement of cyber attackers, the increase in compliance and government regulation and the blurring of the endpoint and data security is exceeding the ability of established security vendors to respond.
Jamie Graves, CEO of ZoneFox, agrees: "If anything the niche cyber start-up will become more prevalent due to the fact that platform providers are incapable of innovating in order to solve the tricky cyber challenges their customers face."
LOGICnow’s Scott believes that the money is going to be going to very specific types of start-ups.
"The days of getting funding for a security product that is a little better or a little cheaper are over. Although the multiples have come down in the market they are still trading well in terms of PEG.
"What VCs are focusing on is the go-to market strategy and technology differentiation.
Like Watters, Scott cites the importance of being able to handle data.
"Those security companies that leverage big data, collective intelligence and behavioural heuristics will have people lining up to get funds," he says.
Whether the VC market for cyber security start-ups offering specific security services is really "played out" or whether it has just become more targeted, the big companies seem to want a unified platform. Smaller companies are looking at a lucrative buy-out if they can develop technology that can slot into a broader platform.