Who will acquire these 3 large security vendors?
Reading time: 5-6 minutes
Background
If you’ve been keeping up with industry news this year, you might have read a few reports on three large and public security vendors that are exploring selling themselves:
Feb 1, 2023 - Rapid7 explores sale1
Feb 21, 2023 - AT&T Cybersecurity explores sale2
Aug 21, 2023 - SentinelOne explores sale3
Let me take you through each of these companies and who might (or might not) be in talks to acquire them.
1) Rapid7
Company evolution
Rapid7, founded in 2000, was initially focused on vulnerability management with their Nexpose vulnerability scanner and their widely used penetration testing tool, Metasploit that they acquired in 2009.
Fast forward to 2015 when Rapid7 went public and started a string of ten acquisitions building out a much broader product portfolio extending beyond vulnerability management and into application security, security information & event management (SIEM), cloud security, Kubernetes security and managed detection & response (MDR).
Rapid7 released their Insight cloud (SaaS) platform in 2017 as the primary platform to host new product capabilities. The Insight platform initially supported two security capabilities; vulnerability management and web application scanning aka Dynamic Application Security Testing (DAST).
Since 2017, Rapid7 has incrementally added new security capabilities to the Insight platform based on their acquisitions. In a number of cases, transitioning on-premises security point solutions into cloud hosted capabilities. Additionally, it’s important to point out that Rapid7 is not exclusively a security product company, since they also sell security managed and professional services to complement their products.
From an outside perspective, it appears Rapid7 has historically done a great job integrating their acquisitions into the company, both technically and organizationally.
Rapid7 uses a “land and expand” sales strategy; initially selling customers one product/service and then cross-selling additional products/services over time with the intent of extracting more revenue from each customer.
Financially, Rapid7 has experienced modest low double digit year-over-year revenue growth however its stock price is trading well below 2021 highs and has been somewhat flat for most of 2023. Over the last 5 years, Rapid7 has underperformed compared to its closest competitors (Qualys & Tenable) as well as the overall Nasdaq.
Potential acquirers
So who might be interested in acquiring Rapid7?
Rapid7 currently has an Enterprise Value of $3.48B, so they would be a significant target to acquire and out of reach for many.
Private Equity firms such as Thoma Bravo, Francisco Partners and TPG who already have complementary investments in security would be obvious acquirers
Google and Cisco would be two other companies who continue to be been very active security acquirers and have the ability to afford a company the size of Rapid7
2) AT&T Cybersecurity (formerly AlienVault)
Company evolution
AT&T initially expanded into security via its acquisition of AlienVault in 2018 for ~$600M.
AlienVault was focused on selling the following security capabilities to smaller SMB customers and managed security service providers (MSSPs):
Asset discovery
Vulnerability assessment
Intrusion detection
Network behavioral monitoring
Open source log management aka SIEM
Open source threat intelligence
After the acquisition, AT&T rebranded AlienVault as AT&T Cybersecurity. Over the past 5 years, AT&T has not made any additional security acquisitions to their cybersecurity division and has largely left the AlienVault product assets intact. AT&T Cybersecurity competes directly against Rapid7 and Fortra and to a lesser degree against Microsoft, Sumo Logic, Splunk and numerous other smaller security companies.
To substantiate the Reuters report from February, AT&T has since stated on their quarterly earnings calls that they seek to shed their lower margin businesses (such as their cybersecurity division) and are focusing on higher profitability with core mobility services and broadband revenue.
Potential acquirers
So who might be interested in acquiring the AT&T Cybersecurity business?
Since AT&T Cybersecurity is a part of the broader AT&T business, it’s not public knowledge what that part of the business would be valued at. That said, logical acquirers for this type of business might include:
Private Equity firm KKR who owns security service provider Optiv
Larger security service providers or global systems integrators (GSIs) such as as Cognizant, Atos, Orange Cybersecurity, Deloitte, EY and Capgemini
3) SentinelOne
Company evolution
Endpoint security vendor, SentinelOne was founded in 2013 and went public in 2021.
However, in the past few years the endpoint security market has become increasingly more competitive with the introduction of more advanced security capabilities from extended detection and response (XDR) vendors.
As a response, SentinelOne has made two acquisitions since 2021 to enhance their XDR capabilities.
SentinelOne competes directly against Microsoft, CrowdStrike, Palo Alto Networks, Trellix, Tanium and others in the space.
It’s evident in their stock performance over the past year+ that the company might be struggling, so it didn’t come as a surprise when Reuters reported in August that SentinelOne might be exploring a sale.
For sale??? Hang on, maybe not!
After the initial Reuters report on August 21st, some dramatic events quickly unfolded over the following week:
August 25th - Reuters subsequently reported that cloud native application protection platform (CNAPP) vendor, Wiz was considering a potential bid to acquire SentinelOne4.
Side note: Wiz acquiring SentinelOne makes a lot of sense because the two companies were already integrated/partnered with each other and SentinelOne’s strength in endpoint security would massively bolster Wiz’s CNAPP capabilities and give Wiz a huge advantage over their CNAPP competitors.
August 30th - SentinelOne terminates their partnership with Wiz5
August 31st - SentinelOne’s CEO denies rumored Wiz acquisition6 and the company was not for sale7
So, was SentinelOne in talks with Wiz regarding a sale? It’s unclear, but highly likely.
Potential acquirers
So (hypothetically) who might be interested in acquiring SentinelOne? SentinelOne currently has an Enterprise Value of $3.85B, so similar in size to Rapid7, they would be a significant target to acquire and out of reach for a lot of companies. Logical acquirers for this type of business might include:
Larger security vendors who are looking to add/bolster their endpoint security technology like Cisco and perhaps even Check Point, Tenable and Qualys to help them compete against their largest security competitors; Microsoft, Palo Alto Networks and CrowdStrike
AppSec vendor Snyk who could combine SentinelOne’s endpoint security capabilities with existing acquisitions and transition into a CNAPP player themselves
Private Equity firms such as Thoma Bravo, Francisco Partners and TPG
If you liked this post, please subscribe and share it with others.
If you think my insight would add value to your organization, please email or DM me on LinkedIn to engage. Thank you!
Reuters, Cybersecurity firm Rapid7 explores sale -sources, 01 February 2023
Reuters, AT&T seeks to shed cybersecurity division -sources, 21 February 2023
Reuters, Cybersecurity firm SentinelOne explores sale -sources, 21 August 2023
Reuters, Cybersecurity startup Wiz considers potential bid for SentinelOne, 25 August 2023
Calcalist, SentinelOne terminates cooperation with Wiz amidst takeover talk, 30 August 2023
BankInfoSecurity.com, SentinelOne CEO on Wiz M&A: ‘Pure Speculation on Their Part’, 31 August 2023
CNBC, SentinelOne CEO says the cybersecurity company is not for sale, 31 August 2023