Editor’s note: This is the first edition of Mergers & Money, a new monthly column by Senior Reporter Chris Metinko that covers dealmaking in the enterprise tech space.
While 2020 wasn’t a banner year for most things, that’s also true for M&A dealmaking in cybersecurity. However, last month saw some interesting acquisitions by both a large public company and a private company that may be the opening salvos in a battle to build the best extended detection and response (XDR) solutions.
Subscribe to the Crunchbase Daily
On Feb. 9, Mountain View, California-based AI endpoint security provider SentinelOne bought data analytics platform Scalyr for $155 million. That was followed nine days later by CrowdStrike buying London-based cloud log management provider Humio for $400 million.
On face value, neither deal shook the M&A world, but taken together they could show how eager companies are to improve their extended detection and response platforms. Both SentinelOne and Crowdstrike mentioned how the acquisitions extend their XDR capabilities by taking in data from logs and applications in real time.
XDR platforms have become en vogue as they are highly scalable and offer companies better visibility in network and application communication. XDR solutions can read and group related alerts and build timelines concerning attacks by evaluating data found on activity logs. The platform’s threat detection and response capabilities across endpoints and the network has become even more important with the expanded attack surface many companies face with so many employees working from home.
Palo Alto Networks, SentinelOne and CrowdStrike are not the only companies in cybersecurity with XDR platforms. All the usual suspects in cyber such as Microsoft, Trend Micro, Symantec, FireEye, Rapid7, Sophos and McAfee all provide solutions in the space and could be on the hunt to take leadership of the sector.
Venture-backed companies such as Cynet, Cybereason, Hunters Cyber and Bitdefender also compete in the space to some degree and may benefit from the increased interest in the market, as could Skyview Capital-owned Fidelis Cybersecurity.
Even data logging and analytics tools such as LogDNA, Graylog, Logz.io and Vista Equity Partners-owned LogicMonitor may benefit as cyber companies seek the ability to process enormous amounts of log data in real-time.
While SentinelOne may have led the way in buying log data tools, the company may be wanting to follow competitor CrowdStrike when it comes to something else — entering the public market.
On Feb. 26, Bloomberg reported SentinelOne was preparing for an initial public offering that could value it at more than $10 billion. It also reported the company was interviewing bankers for the listing, which could happen this year.
Last November, the company closed a $267 million Series F that valued the company at $3 billion — tripling the company’s valuation from just nine months prior.
The Series F was led by Tiger Global Management and included participation from Sequoia Capital Global Equities, Insight Partners and Third Point Ventures. Founded in 2013, the company has raised $696.5 million to date, according to Crunchbase.
At the time of the Series F, co-founder and CEO Tomer Weingarten told Crunchbase News that SentinelOne anticipated 100 percent growth this year and already has reached triple digits in annual recurring revenue, but had no set time frame for an IPO.
“I’m not saying (an IPO) can’t happen in 18 months, but we do not have any target right now,” he said at the time.
Through the last decade, meanwhile, newer competitors emerged and realized large money exits. In November 2018, Blackberry announced it would acquire endpoint security provider Cylance for $1.4 billion, right as that company had reportedly been considering an IPO. Then in August 2019, VMware acquired Carbon Black — which had gone public in 2018 — for $2.1 billion.
However, not all endpoint security companies witnessed an M&A exit. In June 2019 CrowdStrike undertook one of the most successful cybersecurity IPOs in history, almost doubling its nearly $7 billion market cap on its first day of trading. The company’s market cap now stands at more than $46.6 billion.
Can’t contain the heat
Early last month, Rapid7 bought Israel-based Kubernetes security provider Alcide for about $50 million, just nine months after it bought cloud security posture management company DivvyCloud for about $145 million.
Then on Feb. 16, Palo Alto Networks acquired San Francisco-based Bridgecrew for about $156 million to add to its cloud security offering Prisma Cloud and provide developers with security assessment throughout the DevOps process.
Those followed last month’s deals that included San Jose-based Lacework — whose cloud security platform includes securing workloads in Kubernetes — closing a $525 million round valuing the company at more than $1 billion and IBM’s Red Hat acquiring Mountain View-based Kubernetes-native security platform StackRox for an undisclosed amount.
Building modern applications using containers has become extremely popular in the last several years, with open-source platform Kubernetes becoming the dominant way to deploy and manage those containers. It also allows companies to move containers between multicloud environments, which also is becoming more important as large enterprises do not want to commit to just one cloud provider so as to not be boxed in.
Which is all to say — expect dealmaking to remain hot in the sector.
Contact Senior Reporter Chris Metinko at firstname.lastname@example.org.
Illustration: Dom Guzman
Stay up to date with recent funding rounds, acquisitions, and more with the Crunchbase Daily.