The Cybersecurity Market Is Consolidating—Cyber Saturday

A flurry of deal-making activity has struck the cybersecurity industry.

CrowdStrike is preparing for an imminent initial public offering that could value the company at $6 billion. Elastic, maker of a Splunk-like data trawling product, just snapped up Endgame, a CrowdStrike competitor, for a comparatively measly $234 million. Investment firm Insight Partners bought out a portfolio company, threat intelligence firm Recorded Future, for $780 million. And Cisco, Palo Alto Networks, FireEye, and Imperva have all made cybersecurity-oriented acquisitions over the past couple weeks.

What’s behind all this market consolidation? One possibility: fears of a coming recession.

Ron Gula, a cybersecurity investor and alumnus of the U.S. National Security Agency, tells Fortune that whispers of a possible downturn may be provoking people to plan for a drought. Venture capital firms use the circumstances to persuade startups to accept new fundraising, or to apply pressure on their investments to cash out. Entrepreneurs, eyeing a potential cliff on the horizon while also watching rivals get subsumed by acquirers, may find the time for an exit ripe. Peer pressure mounts: As more exits take place, “this can create a sense of urgency” among founders to follow suit, Gula says.

Five or so years ago the market for cybersecurity venture capital kicked off a boom, and companies funded during that era are now mature enough to exit. At the same time, there are more potential buyers across industries. Enrique Salem, a cybersecurity investor at Bain Capital Ventures and former CEO of Symantec, said he expects the spate of mergers and acquisitions to continue, especially as companies not traditionally thought of as cybersecurity firms look to bolster their offerings.”You’ll find lots of companies adding security capabilities to their portfolios,” he said. “They see the benefit of saying, We have lots of data, we’re gonna look to add security to that data.”

If there is a storm brewing, then some cybersecurity businesses may be better positioned to weather the winds than others. Sarah Guo, an investor at Greylock Partners, agrees that “there’s some preemptive concern about how weaker or less strategic companies will progress when such a long bull market inevitably changes.”

“There is a bit of a scramble to get premium assets,” Guo says. “One driving factor could be the strong tech market right now is giving acquirers the multiple (and therefore the ammo) to make big acquisitions.” In other words, there’s pressure from above, among acquirers, to use-it-while-you’ve-got-it.

What do cybersecurity executives think about this? Tom Turner, CEO of BitSight, told me at a dinner he hosted this week that he is not overly concerned about the onset of a winter. While the cybersecurity industry periodically contracts, “the consolidation is rarely as widespread as forecast,” he said. Besides, when competitors exit, that creates opportunities to hire talent that then re-enters the market.

No one knows exactly when a pullback may come, but the smart money is making moves in preparation. As the clouds gather, we must look to those with sunny dispositions to pierce the gloom.

***

By the way, I would like to put out a call for nominations for Fortune’s Change The World list, which recognizes companies that do well by doing good. This is not a list that honors corporations for philanthropy. Rather, it aims to spotlight corporations that have baked social good into fundamental parts of their business, using the power of profit motives to fix global problems. (Think Merck investing in Ebola vaccines.) Do shoot me a note if you have any recommendations.

Robert Hackett

@rhhackett

robert.hackett@fortune.com

Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach Robert Hackett via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.

THREATS

I’m blue daba dee daba die. Last week we discussed Baltimore’s ransomware mess and why it’s the city’s own fault, rather than the NSA’s. Now it’s looking increasingly like EternalBlue, the NSA hacking tool the New York Times initially reported was responsible for the infection, did not have a hand in the incident. In addition to Maryland congressperson, a malware analyst and the supposed perpetrators of the attack all say that EternalBlue wasn’t used. We’ll continue to keep tabs on this story; in the meanwhile, here’s a good piece by the Wall Street Journal that takes a look at why hackers are increasingly targeting local governments with ransomware.

Salute your solution. The Federal Election Commission’s legal team advised the commission earlier this week to block a request by a cybersecurity company to provide its services to 2020 presidential candidates at little or no cost. (Campaign financing laws generally prevent companies from making such contributions, because they could be considered favor-currying, in-kind political donations–although there are exceptions.) Later in the week, the chief executive of the company in question–Oren Falkowitz of Area 1 Security, an anti-phishing firm–made his case before the commission, and it appears the watchdog group may reverse its stance. Falkowitz, a Cyber Saturday reader, tells Fortune that he feels good about the prospects after having submitted a revised request to the commission on Friday evening.

Count me out. Speaking of election security, Politico reports that VR Systems, an election software company based in Florida, enabled remote access to machines in eight states used by poll workers to check in and verify voters in 2016. While the connection would not have permitted potential election interferers to alter votes, it could have allowed them to alter records in a way that might have prevented people from voting in key swing precincts, Politico says. Security experts warn that remote connections create opportunities for hackers to infiltrate systems.

Let’s go to the breach each. A data breach at Quest Diagnostics affects up to 12 million customers’ medical and financial information. The Department of Homeland Security is warning people about a severe vulnerability in a smart building automation system made by Optergy. GitLab, a maker of developer toolsets, is urging people to update their software after disclosing 13 security flaws. Google confirmed that criminals managed to install advanced backdoors on some Android devices in 2017–though details are thin and the scope is unclear. Someone is burning Iranian spy tools by leaking them on Telegram. And some slightly good news: Norsk Hydro, a major aluminum supplier, posted better than expected profits, despite a recent ransomware attack.

Women: bikini preferred

Share today’s Cyber Saturday with a friend:

http://fortune.com/newsletter/cybersaturday/

Looking for previous Data Sheets? Click here

ACCESS GRANTED

Where’s the beef? Joseph Menn, an investigative journalist for Reuters, has written a new book about hacker history: Cult of the Dead Cow, named after an early and influential group. In a review, the New York Times called it “a hugely important piece of the puzzle for anyone who wants to understand the forces shaping the internet age.” Cris Thomas, an IBM executive who has gone by the online moniker “space rogue” since joining the early hacker scene, quibbled that it is “a good story, not a history book.” Nevertheless, Wired ran a delicious excerpt focusing on the exploits of @stake, a cybersecurity company whose members seeded the so-called infosec industry. Here’s a snippet.

Some hackers felt great fulfillment in government service. Serving the government in the wake of the terror attacks gave them a chance to fit in when they hadn’t before, united by a common cause. But for too many of this cohort, what started with moral clarity ended in the realization that morality can fall apart when governments battle governments. That was the case with a cDc Ninja Strike Force member I will call Stevens.

ONE MORE THING

Welcome to cyber school. The Israel Defense Forces Military Intelligence Corps. trains 500 to 600 digital warriors every year at a “cyber school” it runs in Be’er Sheva, Israel. The Israeli newspaper Haaretz takes readers inside the facility to learn about its curriculum from Lieutenant Colonel “N.,” the institution’s commander. There are no grades, and students must learn idiosyncratic skills such as typing blind or navigating a computer without a mouse.