IT Security. The Acquisition Boom

Transcription

1 IT Security The Acquisition Boom Ash Sethi / MergerTech Winter 2016

2 IT THREATS ON A GLOBAL SCALE It s 1:50pm, and there have already been more than 14,000 cyber attacks today. Really. Hacking ranging from the lone cybercriminal, to systematic industrial IT espionage targeting enterprise R&D, IP, customer data, internal communications, financial data, even employee information, costs the American economy over $200 billion a year. And IT threats are only proliferating, and growing more sophisticated and ambitious in both scale and design. One of the consequences of this dangerous new paradigm is a growing appetite for IT security acquisitions. IT security assets are attracting investments from large strategic buyers, private equity houses, consulting firms, even defense contractors. Surveys indicate that cybersecurity is now the chief IT priority for the government sector, which has stoked public IT contractors to shift their development focus on IT security related consulting and software products. These slides examine the current state of the IT security market and why 2016 will be THE year for M&A activity in the space. АШ САЙТИ

3 MARKET DRIVERS THREAT ASSESSMENT INCREASE IN CYBERCRIME SINCE 2010: 296% GLOBAL IT SECURITY SPENDING THE IT SECURITY MARKET IS RAPIDLY RESPONDING TO THE PROLIFERATION OF CYBER THREATS. ATTACKS BY NATIONS AGAINST COMPANIES: 80% $150B $145B INCIDENTS AT POWER & UTILITY SITES: 527% $120B $120B INCREASE IN MOBILE THREATS FROM 2014: 59% ANNUAL GLOBAL DAMAGE FROM CYBERATTACKS: $445B AVERAGE COST OF A SINGLE DATA BREACH: $3.5M $90B $60B $51B $64B $97B CYBERSTALKING EVENTS PER DAY: +600,000 $30B $0B E 2016E 2017E 2018E 3

4 THREAT VECTORS ORGANIZED CYBERTHEFT AND HACKING OF PERSONAL AND CORPORATE DATA BY FOREIGN MILITARY AND INTELLIGENCE SERVICES IS SURPASSING LEVELS SEEN DURING THE COLD WAR. EFFECTIVE COMMERCIAL AND PUBLIC IT SECURITY IS NOW AN INTEGRAL PART OF A NATION S OVERALL DEFENSE READINESS POSTURE. DNS POISONING TROJANS WORMS VIRUSES PHISHING MALWARE TCP/IP HIJACKING CYBERSTALKING DDoS ATTACK 14x INCREASE IN US BUDGET ALLOCATION TO IT SECURITY SINCE % 5 YEAR CAGR IN IT SECURITY SPENDING $145B ANNUAL DAMAGE TO US ECONOMY RESULTING FROM DATA BREACHES TUNNELLING NETWORK SNIFFING RANSOMWARE BOTNETS 4

5 ENTERPRISE AND CONSUMER SECURITY CHALLENGES MOBILE OPPORTUNITIES FACILITATES ACCESS TO DATA ANYWHERE, ANYTIME CHALLENGES BYOD BLURS DATA OWNERSHIP; RISK OF LOST OR STOLEN DEVICES CLOUD INCREASED TEAM COLLABORATION AND BUSINESS AGILITY INCREASED THREAT OF UNAUTHORIZED ACCESS TO DATA BI IDENTIFIES PATTERNS NOT EASILY SEEN; PROVIDES ACTIONABLE INTELLIGENCE EXISTENCE OF DATA MAKES ORGANIZATIONS VULNERABLE TO ATTACK FINTECH CAN ACCESS ACCOUNTS AND PRODUCTS ANYWHERE, ANYTIME TEMPTING TARGET FOR CYBERCRIMINALS DIGITAL MEDIA PROVIDES ABILITY TO CONSUME A MULTITUDE OF MEDIA, ANYWHERE CAN BE A VEHICLE FOR VIRUSES AND BACKDOOR ATTACKS 5

6 COMING EXPLOSION IN SMB SECURITY GROWTH AN UNMINED YET POTENTIALLY LARGE SOURCE OF GROWTH IS THE SHEER NUMBER OF SMBs BOTH IN NORTH AMERICA AND OVERSEAS THAT LACK ANY TANGIBLE SECURITY MEASURES AROUND THEIR IT OPERATIONS. SOME FACTS AROUND SMBs: 67% DO NOT USE WEB BASED SECURITY 77% LACK FORMAL IT SECURITY POLICY 40% OF ATTACKS ARE ON COMPANIES WITH <500 72% OF ATTACKS ARE ON COMPANIES WITH <100 67% DO NOT HAVE ANY SECURITY FOR THEIR CLOUD DATA WHERE SECURITY IS LAX, HACKERS HAVE HELPED THEMSELVES TO BILLIONS IN FRAUDULENT CREDIT CARD TRANSACTIONS, COMPANY DATA AND PROPRIETARY INFORMATION, BANK ACCOUNT DETAILS, AND EMPLOYEE INFORMATION. 6

7 THE NEW PARADIGM AS NEW TYPES OF ATTACKS DEVELOP, THE MOST EFFECTIVE DEFENSES ARE EMERGING FROM NEW GUARD PLAYERS WHO INCUBATE INNOVATIVE, EFFECTIVE SOLUTIONS. TRADITIONAL IT CONSULTING COMPANIES AND LARGE SYSTEMS INTEGRATORS ARE LOOKING TO ACQUIRE THESE FIRMS TO GET A STRATEGIC EDGE OVER COMPETITORS. $70B $53B $35B $18B $0B GLOBAL MILITARY IT SPEND $67.9B $69.3B $64.1B $60.5B $55.8B $49.5B $52.4B $46.9B $43.7B E 2016E 2017E 2018E 2019E 2020E *INCLUDES NON-SECURITY SPENDING PROMINENT HACKING INCIDENTS WHITE HOUSE STATE DEPARTMENT USPS OFFICE OF PERSONNEL MANAGEMENT GENERAL ACCOUNTING OFFICE HEALTHCARE.GOV NUCLEAR REGULATORY COMMISSION ARMY CORPS OF ENGINEERS ENVIRONMENTAL PROTECTION AGENCY IRS ADOBE EBAY JP MORGAN TARGET ANTHEM UBISOFT HOME DEPOT EVERNOTE LIVING SOCIAL SONY ASHLEY MADISON NEIMAN MARCUS YAHOO MICHAELS AT&T PF CHANGS UPS BOEING GOOGLE GOODWILL INDUSTRIES CITIGROUP DAIRY QUEEN ALBERTSONS COMMUNITY HEALTH SYSTEMS LIVING SOCIAL KMART STAPLES BEBE SNAPCHAT PAYPAL 7

8 DIVERSE ACQUISITION ECOSYSTEM THE BIG FOUR IM GLOBAL, QUBERA, VIGILANT, URGENTIS, HSC, QUBIT, P3 CONSULTING, TRUSTEQ, FIRST POINT GLOBAL, NORSE, MTS ALLSTREAM, ASECURE, KEY IT GROUP, MPC, SEEKER, INTEGRC, MYCROFT DEFENSE CONTRACTORS WEBSENSE, SILVERSKY, INDUSTRIAL DEFENDER, SENSAGE, FIDELIS, HB GARY, NARUS, CLOUDSHIELD, SIGNACERT, CYVEILLANCE, OAKLEY NETWORKS PRIVATE EQUITY FIDELIS, BLUECOAT, BEYONDTRUST, BAY31, IMMEDIATE INSIGHT, SAILPOINT, GOOD TECHNOLOGY, TIBCO SOFTWARE, ARCSERVE, FIREMON, GALAXYTECH, ACCUVANT IT SERVICES EMERGING THREATS, XCEEDIUM, ADALLOM, GOODLOCK, CASPIDA, VOLTAGE SECURITY, CIRRO SECURE, OPENDNS, XEROCOLE, HYPERWISE, INTELLINX, TRIPWIRE, PASSWORDBOX, AORATO IT SECURITY NARUS, RANDOMSTORM, NORMAN SAFEGROUND, LOCATION LABS, NITRODESK, RISK IDS, DEFENSE.NET, NPULSE, METAFORIC, CYVERA, CENZIC, STOPTHEHACKER, CARBON BLACK 8

9 MARKET RESPONSE INVESTMENT TRENDS GLOBAL IT SECURITY VC INVESTMENTS >MAJOR SHIFT FROM A PURE PERIMETER-FOCUSED SECURITY PARADIGM TO A MULTI-LAYERED DEFENSE APPROACH THAT INTEGRATES DATA ANALYTICS, REAL-TIME INTELLIGENCE, AND THREAT RESPONSE $3,410M $4,000M $3,000M 201 $2,540M >SIGNIFICANT INVESTMENT IN STARTUPS FOCUSING ON SECURITY CHALLENGES RELATIVELY NEW TO THE MODERN ENTERPRISE: WIRELESS ACCESS, BYOD, CLOUD STORAGE AND VIRTUALIZATION DEALS $1,220M $1,710M $2,000M INVESTMENTS >PROLIFERATION OF MOBILE COMMERCE AND BANKING, GREATER USE OF DIGITAL CASH, AND GROWTH IN NEW PAYMENT MODELS FUELING INVESTMENT IN FINTECH RELATED SECURITY 16% OF ALL ATTACKS ARE ON FINANCIAL SERVICES FIRMS/PLATFORMS 80 0 $800M $815M E $1,000M $0M 9

10 MAJOR VC INVESTORS AND GROWTH VERTICALS AORATO, COREOS, FORGEROCK, ILLUMIO, LOOKOUT, NETSKOPE, SENTINEL ONE, SIMILITY, VECTRA NETWORKS BYOD 6 STEALTH TECH 8 THREAT INTELLIGENCE 14 BLUEBOX, CIPHER CLOUD, ILLUMIO, OKTA, LOOKOUT, SIGNALFX, SOOKASA AGARI, BLOCKSCORE, COHESITY, GUARDICORE, LIGHTCYBER, KEYME, RISKIQ, SCALYR, VERADOCS, ZERTO DUO SECURITY, IONIC SECURITY, MAPR, SHAPE SECURITY, SYNACK, TEAM8, THREAT STREAM AWAKE NETWORKS, GUARDICORE, OKTA, SKY-HIGH NETWORKS, SUMO LOGIC, ZERTO AREA1 SECURITY, BIT9, COREOS, ENDGAME, ICONIC SECURITY, SHAPE SECURITY, SYNACK DATA SECURITY 15 ENDPOINT SECURITY 16 APPLICATION SECURITY 18 IAM 26 CLOUD SECURITY US VC INVESTMENTS BY SECTOR ADALLOM, BIT9, COHESITY, COREOS, FORTER, KEEN.IO, OKTA, SAFEBREACH, SUMO LOGIC NETWORK SECURITY 36 10

11 PUBLIC MARKETS LANDSCAPE VALUATION OBSERVATIONS >MEDIAN VALUATIONS FOR IT SECURITY COMPANIES HAVE BEEN STRONG AND STEADY OVER THE LAST THREE YEARS, BETWEEN THE 4-5x LTM REVENUE RANGE PUBLICLY TRADED IT SECURITY FIRMS COMPANY MARKET CAP TEV/LTM REV PALO ALTO NETWORKS $16.4B 16.2x SYMANTEC $13.5B 2.0x FORTINET $6.0B 5.9x >GIVEN THE EVOLUTIONARY NATURE OF CYBERATTACKS, MERGERTECH FORECASTS THAT IT SECURITY WILL BE ONE OF THE LARGEST TECHNOLOGY GROWTH VERTICALS GLOBALLY OVER THE NEXT 3-5 YEARS >LARGEST VENDORS: IBM, SYMANTEC, INTEL, TREND MICRO, EMC/DELL TREND MICRO $5.7B 5.2x FIREEYE $3.4B 6.3x IMPERVA $2.3B 10.1x QUALYS $1.3B 7.9x AVG TECHNOLOGY $1.0B 2.6x BARACUDA NETWORKS $987M 2.7x A10 NETWORKS $470M 2.0x MOBILEIRON $332M 2.0x 11

12 MARKET CONSOLIDATION LARGE IT FIRMS ARE NATURAL BUYERS OF SECURITY TECHNOLOGY, AS THEY HAVE AN EXISTING PORTFOLIO OF GLOBAL CLIENTS IN INDUSTRIAL VERTICALS THEY CAN EASILY CROSS-SELL NEW SOLUTIONS INTO. SYSTEM INTEGRATORS SECURITY VENDORS IT CONSULTING FIRMS SOFTWARE VENDORS THE BIG 4 MDM THREAT RESPONSE DATA LOSS PREVENTION TRANSACTION SECURITY CRITICAL INFRASTRUCTURE SEC IT ADVISORY ANTI-VIRUS MANAGED SECURITY ENDPOINT SECURITY FRAUD DETECTION DATA ENCRYPTION APPLICATION SECURITY BIOMETRICS RFID BI CLOUD INFRASTRUCTURE ATP NETWORK VISIBILITY 12

13 M&A MARKET LANDSCAPE >M&A ACTIVITY HAS BEEN BOLSTERED BY CONSTANT EMERGENCE OF NEW TYPES OF THREATS TO A CONTINUAL STREAM OF NEW WORKPLACE TECHNOLOGIES >MEDIAN 2014 ANNOUNCED M&A DEAL VALUE WAS $42M Mean M&A TEV/Rev (x) SECURITY M&A DEALS & VALUATION x 3.6x 3.1x 3.2x E Total Security Deals ISRAEL THE ISRAELI CYBERSECURITY SECTOR IS A VERY LARGE AND VERY DYNAMIC SECTOR, WITH HIGHLY ADVANCED R&D AND SIGNIFICANT M&A ACTIVITY INVOLVING CROSS- BORDER BUYERS. INDIA WITH A +1B POPULATION AND A RELATIVELY SMALL CYBERSECURITY MARKET, INDIA IS POISED TO DOUBLE ITS SECURITY MARKET FROM $500M TO $1B IN LESS THAN 2 YEARS. THE RAND CORPORATION RELEASED A STUDY CITING THE EXISTENCE OF ~1,000 A-LEVEL CYBERSECURITY EXPERTS GLOBALLY, VS A NEED FOR 10,000 TO 30,

14 BUYER LANDSCAPE TOTAL ACQUISITIONS SINCE 2010 MAJOR DEALS SINCE 2013 IBM CISCO CISCO SOURCEFIRE $2,500M ORACLE 35 BAIN CAPITAL BLUECOAT $2,400M EMC VMWARE VMWARE AIRWATCH $1,550M DELL INTEL FIREYE MANDIANT $989M HP 22 VISTA EQUITY WEBSENSE $902M CA 17 TIBCO 12 IBM TRUSTEER $900M SYMANTEC JUNIPER 9 11 GEMALTO SAFENET $890M AKAMAI 8 *INCLUDES NON-SECURITY DEALS SINGTEL TRUSTWAVE $810M 14

15 HOT SECTORS WHY MOBILE & CLOUD ARE HOT 1.BELIEF THAT IT SECURITY IS LIKE AN ARMS-RACE BETWEEN THE PUBLIC AND CYBERHACKERS 2.RECENT TORRENT OF ATTACKS MAKE THE PUBLIC FEEL IT IS NOT ADEQUATELY PROTECTED AGAINST BREACHES MOST DEAL ACTIVITY IDENTITY & ACCESS MANAGEMENT M&A SUBSECTOR RANKINGS HIGHEST MULTIPLES ANTI-MALWARE/ANTI- FRAUD HIGHEST Y-O-Y GROWTH MOBILE SECURITY NETWORK SERVICES MOBILE SECURITY MANAGED SECURITY 3.SECURITY AROUND NEW TECHNOLOGIES ALWAYS LAG BEHIND CYBERHACKERS; ORGANIZATIONS PAY PREMIUMS TO RAPIDLY CATCH UP MDM 17 EXITS LAST YEAR, WITH OVER 200% Y-O-Y ACQUISITION GROWTH MANAGED SECURITY NETWORK SECURITY CLOUD SECURITY MANY OF THE HOT VERTICALS WITHIN IT SECURITY PERTAIN TO TECHNOLOGIES THAT ARE RELATIVELY NEW IN THE ENTERPRISE (EG MOBILE, CLOUD) 15

16 Ash Sethi / Associate / MergerTech If you re interested in chatting about IT Security or tech, please get in touch with me at: [email protected]