by Brenon Daly
Other recent high-flying debutants in the information security (infosec) market have had to take some time to grow into their multi-unicorn status on Wall Street. Not so for CrowdStrike. The endpoint security vendor smashed all pricing expectations on its way to creating a stunning $12bn of initial market value in its IPO.
To put that number into perspective, CrowdStrike’s valuation is roughly equivalent to the M&A spending across the entire infosec market for any given year, according to 451 Research’s M&A KnowledgeBase. Or, sticking to comparisons in the IPO market, CrowdStrike’s debut market cap is twice the initial value created in IPOs by two other recent fast-growing cloud security startups:
Okta came public in April 2017 at a valuation of $2.4bn, and now commands a $14.5bn market cap.
Zscaler came public in March 2018 at a valuation of $3.7bn, and now commands a $10bn market cap.
In its most recent fiscal year, CrowdStrike posted revenue of $250m. Revenue more than doubled last year, helped in part by an astonishingly high dollar-based retention rate of roughly 140%. Although not yet profitable, the company showed some leverage in its model by holding its net loss at the same level over the past two years, even as it doubled revenue.
In the IPO, Wall Street is valuing CrowdStrike at nearly 50 times trailing sales. That’s a heady multiple, significantly eclipsing the current mid-30x price-to-sales multiples for both Okta and Zscaler.
CrowdStrike is, however, still looking up at the current trading multiple of Zoom Video Communications. Zoom shares have tacked on roughly 50% since debuting in April, giving the profitable and fast-growing videoconferencing startup a price-to-sales multiple of nearly 70x. If CrowdStrike could replicate Zoom’s trading in the aftermarket, the infosec startup would be tracking to nearly the same astronomical trading multiple later this summer.
by Brenon Daly
After an uncharacteristic half-year absence from the top end of the information security (infosec) market, a private equity (PE) shop has now put up the largest print in the bustling sector so far this year. Insight Venture Partners built on an earlier investment in Recorded Future to take a controlling stake in the threat intelligence startup in a deal valued at $780m.
Other than that, however, most of this year’s activity has been coming from newly resurgent strategic acquirers. In fact, except for Insight’s reach for Recorded Future, strategic acquirers account for all of the 10 largest infosec transactions listed in 451 Research’s M&A KnowledgeBase so far in 2019.
Already this year, Palo Alto Networks has announced three acquisitions totaling a cool $1bn in aggregate spending, Sophos has doubled up on deals, and FireEye has shelled out a quarter-billion dollars in its largest single purchase in a half-decade. Other infosec M&A mainstays such as Symantec, Akamai and Proofpoint have also been heard from this year, with all of them inking $100m+ acquisitions.
The key to many of these corporate deals getting done is that buyers are paying up. That’s particularly true for Palo Alto, which has made a practice of paying hundreds of millions of dollars for startups that measure their revenue in the tens of millions of dollars. But FireEye and Symantec have also paid double-digit valuations this year.
As strategic acquirers stretch on valuation, they have been able to elbow PE buyers aside. According to the M&A KnowledgeBase, buyout firms are behind just one of every five infosec transactions so far in 2019, down from at least one of four deals in each of the previous three years. Further, our data indicates that PE shops’ slumping market share of only 21% in infosec M&A so far in 2019 is a full 10 percentage points lower than their share of the overall tech M&A market.
by Brenon Daly
Having gotten a little richer in its mid-March IPO, Zscaler is now looking to get a little smarter with some M&A. In its first-ever acquisition, the cloud security vendor has reached for TrustPath, a startup that Zscaler plans to use to help speed and sharpen its analysis of the billions of transactions that flow over its platform each day. Not much is known about TrustPath, which is still operating in stealth mode.
Zscaler’s inaugural print continues the trend of information security (infosec) providers emerging as some of the busiest buyers of machine learning (ML) startups, a market that itself is pretty busy. In fact, for the past two years, tech investment bankers we have surveyed have forecast ML to be the single biggest driver for M&A in each of the coming years, ahead of other notable themes such as the Internet of Things and cloud computing.
More importantly, that sentiment is coming through in the actual deal flow. According to 451 Research’s M&A KnowledgeBase, the number of overall ML transactions is on pace to top 120 deals in 2018, three times the number announced just in 2015. Infosec is playing a key role in the record number of ML transactions, with Zscaler joining Amazon Web Services, Splunk and even PayPal in the parade of recent security-focused ML acquirers.
Collectively, infosec buyers are punching well above their weight in the emerging field of ML M&A. Look at it this way: Infosec accounts for roughly 15% of total ML deals in the M&A KnowledgeBase, despite security acquisitions making up less than 5% of all tech transactions we record in any given year.
The main reason for infosec’s outsized role in the ML market is that there’s actually business to be done there. In fact, in a recent survey by 451 Research’s Voice of the Enterprise: AI & Machine Learning, Adoption, Drivers and Stakeholders 2018, infosec emerged as the second-highest rated use case for ML, trailing only ‘business analytics.’ Importantly, the rankings in our survey came from folks who actually have ML technology up and running or are nearly there. With that kind of demand from customers, it’s no wonder infosec suppliers are leading the charge in snapping up smarts.
by Brenon Daly
Playing defense can be a lucrative strategy. Along with the record deal volume in the information security (infosec) market this year, valuations across the fast-growing sector have surged to their highest level. Already in 2018, 451 Research’s M&A KnowledgeBase lists eight transactions that have gone off at price-to-sales multiples of more than 10x, based on disclosed or estimated terms.
These double-digit valuations have helped to push the multiple across the entire infosec market to new heights, twice as rich as virtually all other major IT sectors. According to the M&A KnowledgeBase, acquirers have been paying 8.1x trailing sales for the infosec companies they have picked up so far this year.
For comparison, the next-richest segment (infrastructure software) checks in at 6.6x trailing sales. One sign of how inflated that market has become is the surprisingly rich valuation of infrastructure software titan CA Technologies. Broadcom is paying the highest price for CA shares since the internet bubble collapsed. The deal values CA at 4.5x sales, roughly a turn higher than other large software vendors that aren’t really growing. Additionally, Salesforce paid more than 20x trailing sales for MuleSoft in March.
More broadly, valuations in the 10 other IT sectors we track in the M&A KnowledgeBase are all less than half the median valuation in infosec. For instance, application software transactions this year are going off at 3.4x trailing sales, which is roughly consistent with the two previous years.
Of course, as in any small market, a few richly valued deals can skew the overall valuation for the sector. (The number of infosec prints each year is only about one-tenth the number of application software transactions in any given year.) And the infosec market has seen an unusually large number of big prices paid for very early-stage startups. Deals such as Palo Alto Networks-Evident.io and Splunk-Phantom Cyber are certainly pushing the median multiple higher. But even outside those outliers, acquirers are having to reach deeper than ever before to secure the security providers they want to buy.
For more real-time information on tech M&A, follow us on Twitter @451TechMnA.
BY Brenon Daly
At Black Hat last year, we half-cleverly noted how information security (infosec) vendors should feel right at home in Mandalay Bay, since exits were hard to find in both the infosec industry and the casino itself. Now, as the annual security conference gets set to open this weekend, it’s a much different picture. The exit door has been thrown wide open, with an unprecedented level of both IPOs and M&A in the cybersecurity market.
Start with IPOs. At this point last year, only one cybersecurity provider had made it public (Okta). As the conference gets set to open this weekend, three infosec startups have already debuted on Wall Street this year (Zscaler, Carbon Black and Tenable). Collectively, this year’s trio of new listings has created $9bn of market value, more than 10 times the amount of venture backing they raised altogether.
More significantly, the long-expected wave of consolidation in the overpopulated infosec market is beginning to take shape. For instance, 451 Research’s M&A KnowledgeBase lists 18 infosec acquisitions in July, which matches the highest-ever monthly total for the sector. Last month’s acceleration continues the already-strong dealmaking activity posted earlier this year, putting 2018 on track for the most infosec transactions in any year in history. This year’s unprecedented rate of M&A activity is being driven by an ever-increasing number of buyers that have been attracted to the fast-growing market.
Subscribers to 451 Research can look for a full report on the exit environment for infosec companies on our site early next week.