Contact: Brenon Daly
In addition to the Pollyanna marketers and go-getter executives that make up most of the attendees at the RSA Conference, there will also be a slightly more unsettling figure looming around the security industry’s marquee event: Charles Darwin. No, the long-dead scientist won’t be actually docking his ship, HMS Beagle, on the San Francisco waterfront to attend next week’s confab. But Darwin’s seminal theory about ‘natural selection’ is going to be one of the more visible – if unacknowledged – themes at this year’s RSA Conference. Bluntly put, some of the 500 companies and sponsors that help put on this year’s event won’t be around when RSA opens the doors on future conferences. (451 Research subscribers, see our full preview of this year’s RSA Conference.)
This isn’t to say that the RSA show floor is somehow going to turn into a killing ground. Rather than viewing it cinematographically, we view it clinically. The RSA Conference is nothing more than a petri dish of organisms that, until now, have had ideal conditions to evolve and reproduce. In the months leading up to this year’s gathering, however, those life-sustaining conditions have deteriorated to the point where some of the organisms will not survive. The weak will be ‘selected out’ – a process that in some ways is overdue in the crowded information security market.
We’re already seeing some of that pressure come through in infosec M&A. Consider the contrast between the two largest acquisitions by FireEye, which has served as a convenient bellwether for the next-generation infosec vendors. Two years ago, it spent almost $1bn, more than 10x trailing sales, for incident response firm Mandiant. Last month, it handed over just $200m upfront for iSIGHT Partners, valuing the threat intelligence specialist at half the multiple it paid for Mandiant. Further, according to our understanding, iSIGHT garnered only a slight uptick in valuation in its sale compared with its valuation in a funding round announced a year earlier. The return can still be boosted, provided iSIGHT hits the targets of a $75m earnout. But even including the additional kicker, it’s still a relatively modest exit for a company that as recently as last year had positioned itself in the IPO pipeline.
That bearishness might not come through on the RSA Conference show floor or even in the afterhours cocktail parties next week. But long after the booths are packed up and the drinks have stopped flowing, infosec startups will have to get back to business. And what they are likely to find is that business for the rest of the year is going to get a whole lot tougher as buyers and backers hold much more tightly onto their life-sustaining purchases and investments, respectively. To help adapt to that new environment, startups might be well served to tuck a copy of Darwin’s On the Origin of Species into their RSA Conference swag bag and look for some pointers on how to make it through the upcoming selection cycle in the infosec industry. See our full report.
