The field is tilted against companies trying to secure their information: they face an ever-growing number of attackers, but a shortage of defenders. To get around this imbalance, an increasing number of vendors are looking to hand off at least some of their security to other firms, which can manage headaches and heartaches that come with process. The offerings, which can range from single products all the way to broader portfolios from managed security service providers (MSSPs), have found buyers among thinly stretched CISOs. A recent survey of security professionals by 451 Research’s Voice of the Enterprise showed MSSPs ranking the second-highest increase in spending over the next year.
Against this backdrop of overall growth in the market, it’s worth noting that – unlike other areas of the information security (infosec) market – there haven’t been any significant prints recently, at least not among the pure MSSPs. According to 451 Research’s M&A KnowledgeBase, the most recent deal for a substantial MSSP came more than three years ago, when SingTel paid $810m for Trustwave. Since then, most of the M&A activity around hosted security has come from infosec vendors looking to acquire people and technology so they can offer their own product as a managed service. (For instance, earlier this month, CounterTack bought GoSecure, an 80-person startup that provides managed detection and response services.)
That could be changing. Long-rumored to be an acquisition candidate, Alert Logic would likely be the next blockbuster print in the spectrum of vendors that offer security as a service. This brings up a distinction not always clear in this space. Alert Logic is recognized by many as a provider of security SaaS, but the boundaries between that and managed security services keep getting blurrier, as traditional MSSPs move from one direction to reinforce managed services with hosted technologies, and from the other, security SaaS vendors augment their offerings with managed services. Alert Logic is among the poster children for the latter. (That approach also shows up in Alert Logic’s financials. According to our understanding, the company operates with gross margins of roughly 70%, much higher than a pure MSSP.)
Alert Logic has more than quadrupled revenue since it was recapitalized by private equity (PE) firm Welsh Carson Anderson & Stowe (WCAS) nearly five years ago. (Subscribers to the M&A KnowledgeBase can see our proprietary estimate of terms on that deal.) In addition to nearing the logical end of a holding period inside a PE portfolio, Alert Logic has also seen two top executives replaced this year. If it does trade, we estimate that Alert Logic’s price would be roughly double the amount WCAS paid, putting the transaction among the largest security services acquisitions.