A rare trip into rarified air

Posted on by Mark Fontecchio

by Brenon Daly

Symantec’s blockbuster $10.7bn divestiture of its enterprise security business to Broadcom marks a rare trip into rarified air for the information security (infosec) M&A market. Through the first seven-plus months of 2019, 451 Researchs M&A KnowledgeBase shows not a single deal in the segment valued at more than $1bn.

Obviously, the unusual carve-up of Big Yellow blows past that threshold. But setting aside this transaction, which we would very much describe as a one-time deal, a couple of trends are playing out in the infosec market that may make it tough to see many more of those three-comma deals coming for the rest of 2019. We suspect that this year’s total will end up looking up at the three separate billion-dollar transactions we tallied last year.

Helping to keep a lid on deals at the top end of the infosec sector right now are factors including:

Several of the industry’s largest vendors appear unlikely to pursue big-ticket transactions. In some cases, that’s due to internal upheaval (e.g., Symantec, which has announced five billion-dollar acquisitions in the past 15 years). In other cases, it’s due to a likely period of digestion (e.g., Palo Alto Networks, which has dropped $1.6bn in a half-dozen high-valuation deals over the past 18 months).

After only recently starting to print big purchases, private equity firms have slowed their activity at the top end of the market. That move down-market comes after buyout shops have been behind significant infosec take-privates in the past two years, including Barracuda and Imperva.

And most notably, VC dollars have replaced M&A dollars in the ‘unicorn universe.’ In just the past four months, Auth0, SentinelOne, Cybereason and Sumo Logic have all landed funding rounds that value the infosec startups at more than $1bn, according to the premium version of 451 Research’s Private Company Database.

As long as startups only have to give up a portion of their equity to VCs (rather than full ownership to an acquirer), funding will likely be the option of choice for popular infosec startups. Of course, taking money now at such an elevated level assumes that billion-dollar buyers will return at some point to provide big exits. That may well be the case, but it’s a pretty high-stakes gamble nonetheless.