INCREASED SOPHISTICATION OF CYBER ATTACKS HEIGHTENS DEMAND - CYBERSECURITY INDUSTRY UPDATE | APRIL 2021
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
INCREASED SOPHISTICATION OF CYBER ATTACKS
HEIGHTENS DEMAND
CYBERSECURITY INDUSTRY UPDATE | APRIL 2021
3
TABLE OF CONTENTS
Key Industry Takeaways 4
Industry Outlook 5
M&A Overview 6
Notable Transactions 7
Select Transactions 8
Financing Activity 9
Deal Trends & Industry Return 10
Capstone Case Study 11
Buyer Q&A 12
Client Q&A 14
Market Outlook 17
Report Contributors 18
Firm Track Record 19
Endnotes 20
CONTACT OUR CYBERSECURITY
INDUSTRY EXPERTS
Tom McConnell
Managing Director
303-951-7125
tmcconnell@capstonepartners.com
David Brinkley
Managing Director
917-817-0375
dbrinkley@capstonepartners.com
Capstone Partners is one of the largest and most active independently-owned
investment banking firms in the United States. Over the past 20 years, thousands
of business owners, investors, and creditors have trusted us to help guide their
strategic decisions and maximize financial outcomes at every stage of the
corporate lifecycle.
MIDDLE FULL SUPERIOR TOP ESTABLISHED
MARKET SERVICE CLIENT RANKED BRAND
FOCUS CAPABILITIES RESULTS PERFORMANCE REPUTATION
A DIFFERENT KIND OF FIRM. BUILT FOR THE MIDDLE MARKET.
Mergers & Capital Financial Special ESOP
Acquisitions Advisory Advisory Situations Advisory
&
Restructuring
• Sell-side Advisory • Transaction Advisory • Special Situations
• Equity Advisory • Interim Management
• Buy-side Advisory • Debt Advisory • Turnaround
• Recapitalizations • Performance • Restructuring
• Infrastructure Finance Improvement
• Mergers & Joint • Bankruptcy
Ventures • Valuation Advisory
• Insolvency
• Litigation Support
Sign Up for Industry Insights.
Delivering timely, sector-specific intelligence to your inbox
One of our core capabilities is to deliver sector-specific intelligence
designed specifically for industry leaders, private equity firms and
their advisors. Our industry reports and featured articles deliver
real-time access to key sector data including:
• Emerging industry trends
• Acquirer and investor appetites
• Mergers & acquisitions market analysis
• Notable transactions
• Public company data
Receive email updates with our proprietary data, reports, and insights
as they're published for the industries that matter to you most.
Subscribe
capstonepartners.com
Cybersecurity Industry Update
Increased Sophistication of Cyber Attacks
Heightens Demand
KEY INDUSTRY TAKEAWAYS
Capstone Partners’ Cybersecurity Group is pleased to share its April Cybersecurity Industry Update. Through
our ongoing conversations with active industry players and analysis of trends in the industry, we have
identified several key takeaways below, followed by an in-depth overview of the factors contributing to
increased demand for cybersecurity solutions and commentary on transaction activity.
1. The recent SolarWinds attack has highlighted the increased sophistication of threat actors and the
need for robust cybersecurity solutions.
2. COVID-19 has introduced a largely distributed workforce, encouraging rapid cloud migration and novel
security challenges.
3. The proliferation of nation-state actors and cyber criminals has accelerated the adoption of
advanced solutions including zero-trust architecture.
4. Cybersecurity merger and acquisition (M&A) activity has outperformed other industries, increasing
approximately 33% year-over-year, while public company performance has outpaced broader
equity markets.
5. Integration of Security Orchestration, Automation and Response (SOAR) technologies and evolution of
Extended Detection and Response (XDR) platforms are expected to be key focuses for vendors in the
near term.
6. Outsourcing remains a cost-effective means to implement cybersecurity solutions, with Managed
Security Service Providers (MSSPs) continuing to receive investment and M&A interest.
7. Capstone expects strong M&A activity in 2021 as strategics look to bolster their offerings and private
equity firms enhance their sector portfolios.
Capstone Partners has developed a full suite of corporate finance solutions, including M&A advisory, debt
advisory, financial advisory, and equity capital financing to help privately owned businesses and private equity
firms through each stage of the company’s lifecycle, ranging from growth to an ultimate exit transaction.
To learn more about Capstone’s wide breadth of advisory services and Cybersecurity industry expertise,
please contact Tom McConnell or David Brinkley.
4
Cybersecurity | April 2021
INDUSTRY OUTLOOK
The magnitude of the SolarWinds hack by
suspected Russian nation-state actors has placed
Tom McConnell
heightened focus on advanced and sophisticated
Managing Director
cybersecurity solutions to protect U.S. critical
infrastructure and private sector networks. By
compromising SolarWinds’ network management “Demand for improved cybersecurity protection
software, hackers were able to insert malicious across the corporate, SMB, government and
consumer market sectors continues to increase.
code that affected approximately 18,000 This rising tide propels overall industry revenues
companies and government agencies. The attack and supports exceptional M&A and growth capital
extends beyond users of SolarWinds software as transaction activity. We are seeing ravenous
approximately 30% of affected customers appetites for deal flow from public and private
reported no connection to the tainted software equity backed acquirers.”
(Wall Street Journal1), highlighting the
sophistication and stealth of the intrusion. cybersecurity organizations. Notably, SOAR
technology has experienced increased interest as
While the economic cost of the breach is yet to be businesses look to implement solutions to improve
determined, the resulting demand for incident detection and response in a single, efficient
response and remediation services is poised to platform. SOAR platforms combine incident
elevate. In addition, the attack also provides response, orchestration and automation, and
further impetus for the acceleration of zero-trust threat intelligence management capabilities,
security architecture adoption as businesses and driving increased productivity in security
government agencies look to implement enhanced operation centers, according to Gartner.6 In
protection. Notably, as enterprises increasingly addition, security orchestration and automation
reshape their security policies, the Zero-Trust has become a feature in the evolution of other
Security market is forecasted to exceed $38 billion technology offerings, including XDR. Improving
by 2024, according to Markets and Markets.2 endpoint detection and response (EDR) offerings,
Leading incident response providers and XDR enables greater analysis and correction
cybersecurity players specializing in zero-trust capabilities beyond endpoint locations, according
architecture and next-generation capabilities are to VMWare.7 XDR has experienced increased
positioned to capture significant revenue focus by industry participants as providers look to
opportunities as businesses modernize their IT enhance visibility and response across networks
(information technology) infrastructure. and cloud environments, in addition to endpoints.
The pandemic has expanded the penetrable Advances in IT security solutions amid a rise in
vectors for cyber criminals to infiltrate IT networks sophistication of cyber attacks has driven elevated
and sensitive data. As businesses have rapidly demand for cybersecurity providers. Public
migrated workforces to the cloud to ensure companies have traded at premium valuations
business continuity, vulnerable security following the initial COVID-induced market shock
weaknesses have increasingly been exposed. in March. This has been evidenced by strong
Notably, since the start of the pandemic, reported performance in the HACK ETF (Exchange Traded
cybercrimes have increased 300% (IMC Grupo3), Fund), a portfolio of companies providing
with cloud-based cyber attacks rising 630% cybersecurity solutions, which has exceeded its
between January and April, according to Varonis.4 one-year high in revenue multiples in 2021,
The proliferation of cyber attacks and nation-state standing at 4.0x on February 1. In addition,
actors amid the pandemic has fostered elevated cybersecurity providers have outperformed
demand for highly effective and automated broader equity markets, with the one-year total
security solutions. return in the HACK ETF reaching +45%, compared
to +19.1% in the S&P 500. Cybersecurity is
As the industry combats an acute shortage of expected to be a key focus in the IT budgets of
talent, evidenced by the projected 3.5 million large enterprises and small-to-medium sized
unfilled jobs by the end of 2021 (Cybersecurity businesses. Outsourcing is also forecasted to
Ventures5), automation and machine assisted remain an attractive offering, with MSSPs likely to
solutions are likely to be critical offerings for be in high demand.
cybersecurity
5
Cybersecurity | April 2021
M&A OVERVIEW
M&A activity in the Cybersecurity industry M&A Volume Surges in Second Half of 2020
remained robust in 2020, with transaction volume After falling in Q2 at the height of the pandemic, M&A
increasing 33% year-over-year, despite a activity rebounded substantially, with the final two
slowdown in the broader M&A markets. The quarters outpacing the first half of the year by 70%.
industry experienced a sharp downturn in deal
activity in Q2 amid heightened economic 2019 2020
uncertainty as strategics grappled with depressed 160
Number of Transactions
revenues and liquidity constraints while private 120
equity firms allocated resources towards existing 120
portfolio companies. However, consolidation 94
activity recovered swiftly in the second half of the 72 75
80 65 63
year, with Q3 and Q4 volume outperforming 2019 52 54
levels by 49% and 60%, respectively. Private 40
equity, which comprised nearly 34% of total
transactions, demonstrated sustained appetite for
0
quality cybersecurity providers with attractive
Q1 Q2 Q3 Q4
growth prospects and recurring revenue profiles.
Through year-to-date (YTD) 2021, M&A activity
has continued its strong momentum with 32 deals
announced or completed, nearly equivalent to YTD
2020 levels. Cybersecurity Services in High Demand in 2020
Consulting and advisory providers have attracted
The Cybersecurity Services subsegment has strong buyer interest, as MSSPs continued to
comprised the majority of transactions, amounting experience robust consolidation in 2020.
to over 53% of total deals as consulting, advisory,
and outsourced solutions remain in high demand.
While the Software subsegment has trailed 5.0%
Services volume, it has accounted for 7.9%
IT Consulting &
approximately $16.7 billion of the $20.4 billion total Other Services
disclosed value in 2020. Industry participants
offering advanced security assessments including Software
penetration and vulnerability testing, threat 45.3%
management, and incident response solutions Internet Services
have attracted premium valuations as businesses & Infrastructure
look to bolster their IT security infrastructure. In 41.8%
Other
addition, managed security service providers
(MSSPs) continue to experience healthy
consolidation. Notably, leading MSSP Atos
(ENXTPA:ATO) has aggressively utilized inorganic
growth to enhance service offerings. Source: Capital IQ and Capstone Research
David Brinkley
Managing Director
“While the capital markets continue to accommodate the rapid expansion of cybersecurity
companies across the spectrum, we also note the maturation of certain subsegments and the
disruption of others, especially with the advent of artificial intelligence, machine learning and
automation technologies. Leading middle market firms in the space are finding strategic
opportunities often evolve rapidly, and sometimes unexpectedly. At the same time,
consolidation trends encourage careful planning that incorporates game theory analysis and
promotes engagement with the capital markets sooner, rather than later.”
6
Cybersecurity | April 2021
NOTABLE TRANSACTIONS
Atos (ENXTPA:ATO) has acquired In Fidem Inc., a Canada-based cybersecurity consulting
firm specializing in information security management for an undisclosed sum. In addition
to information security management, In Fidem consults on cloud security, digital identity,
cybersecurity operations, and cyber-breach response. The acquisition will provide access
to Atos’ vast client network and enhance services offered as In Fidem gains resources by
becoming an Atos subsidiary.
To Acquire
Atos, a France-based IT services provider with over 100,000 employees, has been an
active buyer in the Cybersecurity industry with the In Fidem acquisition being one of four
deals announced in the past four months, according to a press release. In Findem’s
operation will bolster Atos’ worldwide client portfolio, while simultaneously adding
expertise in cybersecurity services. “Atos and In Fidem today unite their expertise to bring
added value to our digital teams and for our clients in Canada and around the world,” Atos
Senior Executive Vice-President, Pierre Barnabé said in the press release.8
Entrust Corporation, a global leader in trusted identity, payments, and data protection, has
acquired HyTrust, Inc., a developer of cloud security software designed to automate
compliance and security-based policies. Terms of the deal were not disclosed. HyTrust
partners with IBM (NYSE:IBM), Cisco (Nasdaq:CSCO), Intel (Nasdaq:INTC), Google, and
Amazon (Nasdaq:AMZN) to bring their customers accelerated cloud and virtual security
controls at an improved cost savings.
Acquires
The combined entity’s joint solutions utilize Entrust’s hardware security models (HSMs)
and HyTrust DataControls to centralize their encryption key management at scale.
HyTrust’s cloud security policy serves as a value-add to its existing digital security
solutions. “Enterprises are rapidly transforming to take advantage of the efficiencies and
scale of cloud computing. In doing so, data protection and compliance are top of mind.
That’s why we are excited to bring the HyTrust team and solutions to Entrust,” said Entrust
President and CEO, Todd Wilkinson in a press release.9
FireEye, Inc. (Nasdaq:FEYE), has acquired Respond Software, Inc., a cybersecurity
investigation and automation provider, for an enterprise value of $186 million. Respond
Software offers Respond Analyst, an XDR engine that accelerates cyber investigation by
correlating multi-sourced attack evidence. The acquisition of Respond Software will
enable new market opportunities for FireEye, in addition to integrating Respond Analyst
Acquires with their current platform, Mandiant Solutions.
Founded in 2004, and achieving public listing in 2013, FireEye has grown organically and
inorganically resulting in the employment of over 3,000 people and a global network of
customers. “This [Respond Software acquisition] creates a learning system with new
capabilities that will enable us to expand our Mandiant portfolio and drive new XDR
revenue through our Mandiant Advantage platform,” commented FireEye CEO, Kevin
Mandia in a press release.10
7
Cybersecurity | April 2021
SELECT TRANSACTIONS
Enterprise EV / LTM
Date Target Acquirer Target Business Description Value (mm) Revenue EBITDA
01/22/21 Peak InfoSec Gigit Provides information security consulting services. - - -
Cipherpoint Develops IT and cyber security solutions for medium to
01/21/21 Brace168 $4.0 4.2x -
(ASX:CPT) large-scale businesses and enterprises.
Bureau Veritas Offers digital security advisory services
01/20/21 Secura - - -
(ENXTPA:BVI) in the Netherlands.
Provides cloud security automation and offers
01/14/21 HyTrust Entrust - - -
administrative control and data security.
Atos Offers information security management and
01/12/21 In Fidem - - -
(ENXTPA:ATO) cybersecurity services.
Global Market
01/04/21 Alagen Provides cybersecurity solution services. - - -
Innovators
Cerberus Cyber
12/29/20 Alpine Security Offers cybersecurity services and training services. $2.8 - -
Sentinel
Develops data security solutions for financial services,
12/23/20 Vera Security HelpSystems - - -
media and entertainment, and professional services.
Lateral Security Tesserent Provides tailored information security testing
12/17/20 $3.0 1.0x 5.0x
Services (ASX:TNT) and advisory services.
Lynx Technology
12/17/20 ITSourceTEK Offers cyber security services and solutions. - - -
Partners
Identity Intelligence Develops identity theft protection, credit monitoring,
12/16/20 Corsair Capital - - -
Group and data breach management solutions.
Tapestry ManTech Int. Provides cybersecurity, network engineering, and
12/14/20 - - -
Technologies (Nasdaq:MANT) training for the Department of Defense.
Foresight IT
12/09/20 CyberCX Offers cyber security consulting services. - - -
Consulting
Professional Provides Security-as-a-Service virtual application
12/08/20 Cybera - - -
Datasolutions networks to enterprises in the U.S.
Fortinet
12/08/20 Panopta Offers a network monitoring and diagnostics platform. $34.0 - -
(Nasdaq:FTNT)
NortonLifeLock Provides information technology-security protection
12/07/20 Avira $359.2 - -
(Nasdaq:NLOK) solutions through software and cloud-based solutions.
Intalock Spirit Tech. Offers cyber security management and information
12/02/20 $16.6 1.0x 9.8x
Technologies Solutions (ASX:ST1) technology (IT) advisory services.
Compliance of
12/02/20 Sysxnet Provides compliance security services solutions. - - -
ControlScan
Silent Break Offers cybersecurity testing including network and
12/02/20 NetSPI - - -
Security application testing, and adversary simulations.
Provides information and communication technology
11/25/20 OptimeSys Cinia Group - - -
solutions and specializes in cybersecurity.
Nasdaq Develops cloud-based enterprise fraud detection and
11/19/20 Verafin $2,750.0 - -
(Nasdaq:NDAQ) anti-money laundering software solutions.
FireEye Provides smart security operations software
11/19/20 Respond Software $186.7 - -
(Nasdaq:FEYE) for businesses.
Designs, develops, and offers a threat detection and
11/10/20 StratoZen ConnectWise CF CF CF
response platform.
Note: CF = confidential; highlighted deals are Capstone’s transactions
Source: Capital IQ, PitchBook, FactSet, and Capstone Research
8
Cybersecurity | April 2021
FINANCING ACTIVITY
COVID-19 caused a heightened demand for contracted cybersecurity services as companies sought to
digitize internal and external operations. This led to a 33% year-over-year (YOY) increase in funding allocated
to cybersecurity companies in 2020. Total transaction volume in 2020 (597 deals) also increased by 32.4%
YOY, with 132 deals completed in Q4 2020. Venture capital funding for Q1 2021 is on pace to compete with
prior quarters. Highlighted below are several notable venture funding deals from January 2021 and Q4 2020.
Cybersecurity Venture Capital Raises
(Q1 2018 – Q4 2021)
Total Volume Total Value
250 $3.5
$3.0
200
Number of Transactions
214
$2.5
$ in Billions
150 $2.0
136 132 $1.5
100 126
108 113 115
104
$1.0
50 76
51 48 49 $0.5
0 $0.0
Q1 '18 Q2 '18 Q3 '18 Q4 '18 Q1 '19 Q2 '19 Q3 '19 Q4 '19 Q1 '20 Q2 '20 Q3 '20 Q4 '20
Source: PitchBook and Capstone Research
NOTABLE VENTURE CAPITAL TRANSACTIONS
• iboss, a developer of a security cloud platform, raised $145 million in Series B funding led by NightDragon
Security in January. The Boston-based company is expanding to meet demand from remote work forces,
as their platform allows secure and compliant connections to cloud applications including Microsoft Office
365 and Zoom (Nasdaq:ZM).
• Lacework, an end-to-end cloud security startup, secured $525 million in Series D funding led by Altimeter
Capital Management in January, placing its post-money valuation at $1 billion. Lacework will utilize the
funding to enhance their position in the Cloud Security market as the Cloud industry continues its
advancement through 2021.
• Leading privacy, security, and data governance platform, OneTrust, raised $300 million in Series C funding
led by TVC this December. OneTrust has raised a total of $710 million in the last 18 months, with a current
post-money valuation of $5.1 billion. OneTrust seeks to serve the ever-growing addressable market as
compliance regulations increase globally.
• Arctic Wolf, provider of a cloud security platform designed to combat cyber-crime, currently has a post-
money valuation of $1.3 billion after securing $200 million in Series E funding from Viking Global Investors
(October). This latest round of funding will enable Arctic Wolf to bolster its leadership position in the
security operations and managed detection and response (MDR) markets.
9
Cybersecurity | April 2021
DEAL TRENDS & INDUSTRY RETURN
Transaction Volume
Reaches Elevated Levels Transaction Volume Transaction Value
in Q4 2020 200 $35
Number of Transactions
180
Transaction volume $30
160
reached a record high 140 120 $25
$ in Billions
in Q4 2020, with 120 120
94 $20
deals announced or 100 75 72 $15
completed. Disclosed 80 65 63
52 54
values peaked in Q4 60 $10
2019, with subsequent 40
$5
valuations remaining 20
consistent with 0 $0
historic trends. Q1 '19 Q2 '19 Q3 '19 Q4 '19 Q1 '20 Q2 '20 Q3 '20 Q4 '20
Source: Capital IQ and Capstone Research
Private Equity Buyers Private Public PE Platform PE Add-On
Remain Active Through
Add-on Acquisitions 100%
23.0% 24.7% 21.9%
Percent of Transactions
Private strategic buyers 80%
have historically 8.0% 9.1% 15.6%
comprised the majority
60% 14.9% 15.6%
of transaction activity, 9.4%
while private equity firms
seeking add-ons for their 40%
existing platform 54.0% 50.6% 53.1%
investments continue to 20%
showcase interest.
0%
2019 2020 YTD 2021
Year-to-date ended February 1
Source: Capital IQ and Capstone Research
Cybersecurity Public HACK ETF S&P 500
Company Total Return
Outperforms S&P 500 60%
Total Return Percentage
Following pandemic- 40%
induced headwinds in
March and April, the HACK 20%
ETF has recovered
significantly, with total 0%
return amounting to +45%
in early February, -20%
substantially
outperforming the -40%
S&P 500.
Feb-20 Apr-20 Jun-20 Aug-20 Oct-20 Dec-20 Feb-21
Source: Capital IQ and Capstone Research
10Cybersecurity | April 2021
CAPSTONE CASE STUDY
Capstone Partners, advised StratoZen, Inc., on its
sale to ConnectWise, LLC, a portfolio company of
Thoma Bravo, LLC. Strong and Hanni served as
legal counsel to the Company on the transaction. HAS BEEN ACQUIRED BY
StratoZen, based in Salt Lake City, Utah, utilizes an
industry leading SOAR technology platform to
provide managed security services including A portfolio company of
(Co)Managed Security Information and Event
Management (SIEM), SIEM-as-a-Service, SOC-as-
a-Service, and Proactive Defense services to
nearly 1,000 organizations on six continents,
processing over 20 billion security events every
day. StratoZen’s capabilities bolster
“
ConnectWise’s united IT management platform for
technology solution providers (TSPs). Working with Capstone
enabled us to achieve an
StratoZen, Inc. bridges the gap between traditional optimal result in all facets of
in-house cybersecurity and legacy outsourced the transaction. In-depth
MSSP (managed security service provider) options. industry knowledge,
As a cloud-based platform, StratoZen makes
outstanding process
cybersecurity more accessible, affordable and
flexible by leveraging a SOAR platform which
execution, and skilled
cross-correlates, analyzes and applies custom negotiating enabled us to
rules to data gathered from any network device. complete a fantastic
This engine eliminates false positives and provides transaction with a highly
truly actionable intelligence for SOC analysts strategic buyer. We are very
and clients. excited about the potential
for accelerated growth and
ConnectWise is an IT software company that success as part of
empowers Technology Solution Providers to ConnectWise.
achieve success in their As-a-Service business
with intelligent software, expert services, an
immersive IT community, and a vast ecosystem Kevin Prince
”
of integrations. StratoZen CEO
11Cybersecurity | April 2021
BUYER Q&A: CONNECTWISE
Capstone spoke with Andrew Dunfee, Senior Director, Corporate Development at
ConnectWise, to discuss the Cybersecurity market, ConnectWise’s platform, and the
acquisition of StratoZen. ConnectWise is an IT software company that empowers TSPs to
achieve success in their As-a-Service business with intelligent software, expert services, an
immersive IT community, and a vast ecosystem of integrations. With an innovative,
integrated, and security-centric platform, ConnectWise enables TSPs to drive business
efficiency with business automation, IT documentation, and data management capabilities.
What are the main trends you are seeing in the security tools and how to use them to meet the
Cybersecurity industry? There are a lot of topical needs of their customers. There’s a relatively small
issues that we could talk about like the Orion population of folks providing this type of security-
exploit and some of the Microsoft Exchange server specific service but it’s a huge and growing need.
vulnerabilities that we've seen recently. I think it's That was one of the things we found most
more so representative of the work from home compelling about StratoZen. They had a very
situation, more and more folks being remote, and strong understanding of the security application
more use of SaaS and distributed applications and toolkit and how the tools could be were used in the
environments. The proliferation of many different MSSP and MSP space. They were highly in tune
point solutions on the infrastructure side has been with where they could provide incremental value
a blessing to help service providers get their jobs above and beyond the tools themselves in an
done but opens up a lot of exposure on the SMB effective and scalable way, which made them a
(small and medium-sized business) and SME strong fit for attacking the Service Provider market.
(small and medium-sized enterprise) side of
things. There’s more to manage and there are more Do you see bifurcation in the market between
areas of risk. What that does for a company like SMBs and SMEs? I think SMBs are becoming more
ConnectWise is it creates an even stronger need aware that they need stronger security posture
to provide thought leadership, best practices, and and that they lack the expertise in that area,
best-of-breed solutions for our service provider whereas SMEs generally already have that
customers to make sure that they can do the job awareness to some degree and are also generally
they need to do at the end client level. better informed as to specific gaps in their posture
that they need to rectify.
Are you seeing increased demand for solutions
addressing the growing attack surface among Can you describe the process of ConnectWise’s
SMBs and SMEs? Yes, I think so. The attack acquisition of StratoZen? We'd known Kevin
surface has always been large but now it’s getting [Founder and CEO of StratoZen] and the StratoZen
more mind share. The more you see issues in the team for a few years and were familiar with their
press, the more consumers and SMBs are saying, offering. I think one of the things that really helped
‘Okay, we have to pick our heads up and us was how open Kevin and the team were and
proactively ask the question, how are we securing how well thought out and articulated their strategy
our environment?’ MSPs have to ask themselves, was. Part of the rationale for the acquisition was
‘How are we securing our clients’ environments?’ that certain pieces of StratoZen’s technology
Security previously was something that MSPs platform could be leveraged together with
needed to compel upon their customers but now ConnectWise’s technology as well as some
the drivers are also coming from the bottom-up. technology from another acquisition we were
contemplating at the time, so there were a few
Are you seeing SMBs and SMEs embracing the moving pieces. I think it's only something we were
value for the MSSP type offering? The MSSPs we able to get conviction with because of how helpful
deal with are uniquely focused on trying to Kevin and the Capstone team were going through
understand the security paradigm of MSPs and the process. Ultimately, we got the deep insight we
SMEs/SMBs. They are really in tune with today’s needed and it was a great outcome. We have a
security whole
12Cybersecurity | April 2021
BUYER Q&A: CONNECTWISE
whole lot of optimism and ambition for where
“
things can go from here.
The proliferation of many
Where do you see StratoZen fitting in with the different point solutions on the
ConnectWise platform? One of the unique things infrastructure side has been a
about StratoZen, as opposed to some more blessing to help service
service-oriented players in the MSSP space, is providers get their jobs done
where they chose to focus their energy. A lot of but opens up a lot of exposure
MSSPs focus on providing the basic services you
on the SMB and SME side of
need to certify compliance and little more, but
Kevin and team had a different approach. In
things. There’s more to manage
addition to having built a platform to leverage SIEM and there are more areas of
alert data and threat intelligence, they also built risk. What that does for a
upon that an automated intelligence layer to help company like ConnectWise is
surface priority alerts and suggests plays to run. It it creates an even stronger
wasn’t just about flagging issues, it was about need to provide thought
understanding which of the issues are important leadership, best practices, and
and what to do about them, which is a huge pain best-of-breed solutions for
point for MSPs when it comes to security. our service provider
customers to make sure that
Where do you see your product roadmap going
from here? Security is a broad area and we are
they can do the job they need
to do at the end client level.
”
continuously evolving our strategy in the space.
The acquisition of StratoZen is a step in the right
direction but not the end state for ConnectWise
with regard to security. Cloud is another
Andrew Dunfee
interesting space that has been growing in
Senior Director, Corporate
importance to MSPs. Fortunately, being a platform Development at ConnectWise
technology and services provider to MSPs means
there are a lot of different ways we can address
the needs of MSPs, and accordingly there are a lot
different areas we’re keeping an eye on from a
roadmap standpoint.
What are some of the main goals for
ConnectWise? Ultimately the mission is to help
MSPs become the best version of themselves. For
some that means helping them scale up, for others Andrew Dunfee, Senior Director,
Corporate Development
that may mean more of a focus on profitability, for
others it could mean getting them into new
Andrew Dunfee is a Senior Director
product areas, and for others still it could be less
of Corporate Development at
profit-driven and more about simplifying and de- ConnectWise. He held previous
complicating their operations. There are different positions as Director of Corporate
types of journeys that MSPs can have, and we're Dev
Development at Continuum Managed Services and as
here to support them in a variety of different ways an investment banking analyst at Signal Hill Capital.
across whatever type of journey makes sense for
them. Whether the MSP wants to operate the
business themselves, in a hybrid fashion with
strategic use of our NOC and SOC, or fully
outsource certain aspects of service delivery, we
have the technology and business model to
accommodate any phase of the journey.
Learn more about ConnectWise at www.connectwise.com
13Cybersecurity | April 2021
CLIENT Q&A: STRATOZEN
Kevin Prince, Founder and CEO of StratoZen
Kevin Prince is the Founder and CEO of StratoZen, providing managed threat
detection, response, and compliance solutions to organizations around the globe.
With more than 30 years of cybersecurity experience, Kevin is also the former CTO
of Compushare (now Finastra) and Perimeter eSecurity (now BAE Systems). Prior to
StratoZen, Kevin also founded Red Cliff Solutions, a financial services MSSP and
served as a former trainer to Federal Deposit Insurance Corporation, National Credit
Union Administration, and Federal Financial Institutions Examination Council auditors.
What is the current state of cybersecurity? last twelve months, how we approach
We’ve seen the number of breaches, the size of cybersecurity. All the technologies existed, but
the breaches, and the severity of the breaches, all now the focus shifted to endpoint and MDR
increase. Some of the attacks performed in the (managed detection & response), EDR (endpoint
last several months use never-before-seen detection response) solutions. Of course, this is
techniques. The sophistication of these is truly on top of all the measures organizations have
mind blowing. More and more attacks seem to be taken traditionally.
from foreign nation states as opposed to individual
hackers or rogue groups. At the same time, the What is the market feedback from those trying
individuals with the skills to combat these threats to protect their data and network? If I had to
are few and far between. The extreme shortage of sum it up into one word it would be “HELP!” But
qualified cybersecurity personnel is at a critical really it is all over the board. Remember that we
level for the industry resulting in these severe offer services to managed security service
attacks often going undetected and unmitigated providers (MSSPs) and other technology service
for months or years. At the same time, regulatory providers (TSPs), and they have varied levels of
pressure continues to mount for organizations that cybersecurity maturity. Many out there don’t
now often have two, three or more compliance know what to do or where to go. Other ones know
standards they must adhere to. Organizations are exactly what they need to do and just need help
feeling this pressure in a very real way and it doing it. There's no shortage of need. Service
continues to increase. providers work sometimes by geography with no
notion of industry. Some service providers are
Given the challenging and dynamic environment, very focused on niche markets or niche industries.
what are cybersecurity vendors and solution Others focus on client size. Each of those has
providers doing to address the problem? The unique challenges and opportunities as you can
perfect storm of increased attack sophistication imagine. For example, think of the different
and frequency, a personnel shortage, and challenge around protecting healthcare
compliance pressure represents a formidable organizations in the last year versus that around
challenge. We've seen this explosion of retail. We have clients that service both, or one or
technologies and companies that are trying to the other. As you can see, the needs vary greatly.
provide solutions and services to help
organizations be safe. We're seeing literally Given the diversity in customer needs, how do
hundreds and hundreds of new companies and you better serve your customers in this
new solutions enter the market, and yet environment to maintain their level of security?
organizations are more confused than ever. Which We combine really smart people with innovation
solutions are best? How should they prioritize their and automation. However, what is unusually
budgets? So, one of the biggest problems is a lack unique with us is that we are able to maintain
of education on the right approach a company customized environments for clients while many
needs to take to reduce their risk. On top of that other organizations apply default or limited sets of
you add COVID, which has radically changed rules and intelligence to achieve scale. We have
cybersecurity from being network-centric and been able to achieve scale with customization
company LAN (local area network) -centric to which is very important because every
individual workstation-centric and remote work environment is different. Different hardware,
centered. That has dramatically changed, in the software, versions, people, and uses make each
last company
14Cybersecurity | April 2021
CLIENT Q&A: STRATOZEN
company unique and your cybersecurity solutions when you get into cybersecurity, they're among
needs to be flexible to adapt to a company’s the most expensive amongst IT and then very
technology and people. So we built systems that difficult to retain. So, we knew that would be a
allowed us to automate customized solutions at losing battle. And there’s still many organizations
scale. We had to do this by building a cloud based, that try to fight the battle that way, it just never
cloud delivered, multi-tenant platform that works out. So that's why we focused on
solution providers could use as their own to automation. Automation for us was first and
their customers. foremost about accuracy. If you are dealing with
95% false positives, you are wasting 95% of
To get the most out of their security people’s time, either your employees or your
investments, how can companies best orient customers. We took that cost and invested into
their technology? First and foremost, before you automation that increased accuracy. The more
can almost do anything else, you’ve got to get all data being generated, the more accuracy and
of your data in one place so you can cross- automation you need. Then you need better
correlate it, analyze it, normalize it, and then start correlation so that what you output is nearly 100%
alerting against it. Then you can add on all types of accurate and actionable so no one’s time
other technologies on top of that to be even more gets wasted.
secure and reduce your risk as an organization.
But until you're seeing all the data in one place and How do you build a business that is effective,
making that data accurate and being able to take efficient, and profitable that can meet these
action on that data you will always be behind the different customer needs and priorities? Solving
eight ball. If you start adding on technologies an industry problem while being disciplined and
before solving the foundational data management innovative is the short answer. Due to that
and accuracy problem, it will cause an organization “perfect storm” I mentioned earlier, you need to
a lot of pain. So SIEM and SOC are the basics that build solutions that have a tremendous amount of
everyone needs. Then a company needs to ask automation to reduce the dependence upon
themselves what they have and what they need. personnel. In our case, we solve the hard problems
Perhaps some of their technologies or current organizations can’t solve on their own. We give
spend is not giving them the risk reduction it once them the solutions and because we can aggregate
did and there may be better solutions available. across many clients, we can build economies of
Another thing to do to orient their technology is to scale an individual organization simply can’t on
look at how COVID has changed their business and their own. This gives us a foundation to build
how it will impact things going forward, specifically automation and other time and money saving
the remote worker environment. This should help features. The trick is to do it in a way that still
direct them if more spending should be placed on offers clients a customized solution set that meets
these disparate work environments or more their unique needs. For us, we decided to offer a
consolidated network environments. There has solution set that meets the basic needs of all
also been a lot of innovation made around identity organizations which includes SIEM and SOC
management which more organizations need to services. SIEM is security information and event
look at and invest in when ready. Regardless of the management and SOC is a Security Operation
technology selections, if a company doesn’t have Center. These are historically very difficult for
the expertise in-house, they should consider using organizations to deploy and manage on their own
a technology service provider to help them. either due to technical complexity or talent
retention and costs. A SIEM gets all the data into
Do you see automation and correlation type one place and then correlates, analyzes and
solutions having a greater role? You have two normalizes it and present is to an analyst in a SOC
solutions to most cybersecurity monitoring for further investigation and notification. We built
problems. One is you just throw more and more that at scale allowing our clients (service
and more bodies at it, or you have to develop providers) to offer it to their customers at
technologies and solutions to have more affordable rates.
automation. And the more bodies you throw right
now, the less quality you get and the cost is
astronomical. IT people are expensive as it is, but
15Cybersecurity | April 2021
CLIENT Q&A: STRATOZEN
Any tips for other entrepreneurs who are scaling
their companies in this environment? I think
finding the right balance between investment in
automation and investment in people is
paramount. Then, with that balance, continually
invest in automation and accuracy. With the
volumes of data that are coming out of these
systems, you can be tempted to just throw more
bodies at the problem, but the costs can quickly
get away from you. Continually innovate. We
would get excited if we could cut 15 seconds off of
a process because we would be doing that
process with people 600 or 800 times a day.
Cutting 15 seconds off can significantly improve
analyst productivity.
What type of synergies are playing out between
StratoZen and ConnectWise? ConnectWise has
tens of thousands of existing MSSP customers, and
many, maybe even most of those are looking for a
cybersecurity solution that they can take to
market. ConnectWise wanted to strengthen the
cybersecurity offering they already had by adding
some underlying SIEM technology and more
automation and accuracy around the SOC. That is
why they purchased StratoZen and Perch in
October of last year. This combines the biggest
TSP provider with the right technology, automation
and accuracy designed perfectly for service
providers. It's a brilliant strategy and one that
helps the most people in the right way.
16Cybersecurity | April 2021
MARKET OUTLOOK
Managed Security Service Providers Market Outlook
MSSPs are expected to continue to experience elevated demand as a cost-effective solution to implementing
sophisticated cybersecurity capabilities, contributing to a projected market size of $46.4 billion by 2025 growing
at a compound annual growth rate of eight percent, according to Markets and Markets.11
Global MSSP Market Select MSSP Players
$70
$60
$50 $46.4
$43.0
$ in Billions
$39.8
$40 $36.9
$34.1
$31.6
$30
$20
$10
$0
2020 2021 2022 2023 2024 2025
Source: Markets and Markets Source: Gartner and Capstone Research
Zero-Trust Security Market Outlook
Demand for zero-trust security platforms have accelerated amid mounting and increasingly sophisticated cyber
attacks, lending to a forecasted growth rate of nearly 20% from 2019 to 2024, according to Markets and Markets.
Zero-Trust Security Market Select Zero-Trust Security Players
$50
$38.6
$40
$32.2
$ in Billions
$30 $26.8
$22.4
$18.7
$20
$15.6
$10
$0
2019 2020 2021 2022 2023 2024
Source: Markets and Markets Source: Forrester and Capstone Research
17Cybersecurity | April 2021
CYBERSECURITY REPORT CONTRIBUTORS
David Brinkley
Managing Director
dbrinkley@capstonepartners.com | 917-817-0375
David brings 20 years of experience executing over $1bn in strategic transactions for
middle market firms in the aerospace, defense and government sectors. David is widely
recognized for his industry expertise, which encompasses intelligence and national
security activities and applied advanced technologies. In addition, David holds unique
security credentials that enable him to advise on the most sensitive government
transactions. David also serves as a subject matter expert to the Office of the Secretary
of Defense on matters pertaining to the financial health of the U.S. defense industrial
base and on Pentagon-sponsored technology investments. Prior to joining Capstone
Partners, David founded Castellum Capital Advisors, a boutique investment bank
providing advisory services to middle market firms engaged in the national security
sector. Castellum Capital served as exclusive financial advisor on several high profile
transactions, including large scale corporate divestitures and niche intelligence
acquisitions. David is a Series 63 Registered Securities Representative and Series 79
Registered Banking Representative.
Tom McConnell
Managing Director
tmcconnell@capstonepartners.com | 303-951-7125
Tom joined Capstone Partners in 2011 and brings over 20 years of investment banking
experience for clients’ benefit. He has an impressive track record of completed
transactions with cyber security, physical security, compliance and risk management
related companies. Mergers, acquisitions, and capital raise engagements with founder-
owned, private equity-backed and public corporations across the United States and
internationally, demonstrate the depth of his sector knowledge and transaction acumen.
Throughout his career, Tom has also believed in the importance of giving back to the
community and has been recognized for his professional accomplishments and
leadership. He co-founded Colorado Cyber with the mission of connecting private and
public sector leaders in the cybersecurity ecosystem, stimulating discussion on critical
issues, and supporting economic growth. Tom has also served on numerous nonprofit
boards including the Breckenridge Outdoor Education Center, Griffith Centers for
Children, Supervisory Committee to the Board of Directors for Bellco Credit Union and
the Denver Advisory Board. He is a Series 63 Registered Securities Representative and
Series 79 Registered Banking Representative.
Connor McLeod
Research Associate
cmcleod@capstonepartners.com | 617-619-3319
Connor is a Research Associate at Capstone Partners primarily specializing in Building
Products & Construction Services, Healthcare, and Cybersecurity. Prior to joining
Capstone, Connor was a specialist with the Investor Services team at BlackRock where
he worked with mutual funds, closed end funds, and exchange traded funds and
communicated fund performance, relevant market dynamics, and facilitated trades for
shareholders, financial advisors, and institutional clients. Connor holds a BA in
Economics from Bates College and is a Series 7 Registered Securities Representative.
18Cybersecurity | April 2021
FIRM TRACK RECORD
Capstone Partners’ Cybersecurity practice leverages superior industry expertise to execute a spectrum of
strategic transactions in the middle market including mergers, acquisitions, recapitalizations, growth capital
and specialty high yield debt, and minority and majority equity investments. Capstone Partners provides its
clients with unique market perspectives and relationships with key decision makers among the cyber
industry’s most active acquirers and investors.
CONFIDENTIAL CONFIDENTIAL CONFIDENTIAL
CORPORATE SALE CORPORATE SALE CORPORATE SALE HAS BEEN ACQUIRED BY
NETWORKS SECURITY IT & ENGINEERING IT AND CYBERSECURITY
SOLUTIONS PROVIDER SOLUTIONS PROVIDER PRODUCTS PROVIDER
HAS BEEN ACQUIRED BY HAS BEEN ACQUIRED BY HAS BEEN ACQUIRED BY HAS BEEN ACQUIRED BY
HAS BEEN ACQUIRED BY HAS BEEN ACQUIRED BY HAS BEEN ACQUIRED BY HAS BEEN ACQUIRED BY
19Cybersecurity | April 2021
ENDNOTES
1. The Wall Street Journal, “Hack Suggests New Scope, Sophistication for Cyberattacks,” https://www.wsj.com,
accessed January 30, 2021.
2. Markets and Markets, “Zero-Trust Security Market by Solution Type (Data Security, Endpoint Security, API Security,
Security Analytics, Security Policy Management), Deployment Type, Authentication Type, Organization Size,
Vertical, and Region - Global Forecast to 2024,” https://www.marketsandmarkets.com/Market-Reports/zero-trust-
security-market-2782835.html, accessed February 2, 2021.
3. IMC Grupo, “COVID-19 News: FBI Reports 300% Increase in Reported Cybercrimes,”
https://www.imcgrupo.com/covid-19-news-fbi-reports-300-increase-in-reported-cybercrimes/, accessed
January 29, 2021.
4. Varonis, “134 Cybersecurity Statistics and Trends for 2021,” https://www.varonis.com/blog/cybersecurity-
statistics/, accessed January 29, 2021.
5. Cybersecurity Ventures, “Top 5 Cybersecurity Facts, Figures, Predictions, And Statistics For 2020 To 2021,”
https://cybersecurityventures.com/top-5-cybersecurity-facts-figures-predictions-and-statistics-for-2019-to-
2021/, accessed January 29, 2021.
6. Gartner, “Market Guide for Security Orchestration, Automation and Response Solutions,”
https://www.gartner.com/doc/reprints?id=1-24GXYQKN&ct=201027&st=sb%20, accessed January 28, 2021.
7. VMWare, “XDR (Extended Detection and Response),” https://www.vmware.com/topics/glossary/content/xdr-
extended-detection-and-response, accessed January 28, 2021.
8. Cision, “Atos completes the acquisition of Canada-based cybersecurity firm In Fidem,”
https://www.prnewswire.com/news-releases/atos-completes-the-acquisition-of-canada-based-cybersecurity-
firm-in-fidem-301211798.html#:~:text=PARIS%2C%20Jan.,forensics%20and%20cyber%20breach%20response.,
accessed February 3, 2021.
9. Entrust, “Entrust Acquires HyTrust, Expanding Encryption, Key Management and Security Posture Management for
Virtualized and Multi-Cloud Environments,” https://www.entrust.com/newsroom/press-releases/2021/entrust-
acquires-hytrust, accessed February 3, 2021.
10. Info Security Group, “FireEye Acquires Respond Software,” https://www.infosecurity-magazine.com/news/fireeye-
acquires-respond-software/, accessed February 3, 2021.
11. Markets and Markets, “Managed Security Services Market by Type (Managed IAM, Antivirus/Antimalware, SIEM, and
UTM), Deployment Mode, Organization Size, Vertical (BFSI, Government, Retail, Healthcare, Telecom, Utilities, and
Manufacturing), and Region - Global Forecast to 2025,” https://www.marketsandmarkets.com/Market-
Reports/managed-security-services-market-5918403.html, accessed February 2, 2021.
Common Goals. Uncommon Results.
Disclosure
This report is a periodic compilation of certain economic and corporate information, as well as completed and announced merger and
acquisition activity. Information contained in this report should not be construed as a recommendation to sell or buy any security. Any
reference to or omission of any reference to any company in this report should not be construed as a recommendation to buy, sell or
take any other action with respect to any security of any such company. We are not soliciting any action with respect to any security
or company based on this report. The report is published solely for the general information of clients and friends of Capstone
Partners. It does not take into account the particular investment objectives, financial situation or needs of individual recipients.
Certain transactions, including those involving early-stage companies, give rise to substantial risk and are not suitable for all investors.
This report is based upon information that we consider reliable, but we do not represent that it is accurate or complete, and it should not
be relied upon as such. Prediction of future events is inherently subject to both known and unknown risks and other factors that may
cause actual results to vary materially. We are under no obligation to update the information contained in this report. Opinions
expressed are our present opinions only and are subject to change without notice. Additional information is available upon request.
The companies mentioned in this report may be clients of Capstone Partners. The decisions to include any company in this report is
unrelated in all respects to any service that Capstone Partners may provide to such company. This report may not be copied or
reproduced in any form or redistributed without the prior written consent of Capstone Partners. The information contained herein should
not be construed as legal advice.
20Market Presence
With a long-established U.S. footprint, together with an international partner
platform, we provide clients with broad expertise and access to key market
relationships on a global basis. Our presence is backed by ~200 professionals in the
U.S. with 450+ professionals across 43 countries.
218 $12.5B 30% 6th
M&A transactions aggregate of our deals globally ranked for
completed in 2020 transaction value are cross- deals under $500m
border
$65.1M 51 65%
average deals involving foreign completed with a
transaction private equity firms European partner
value
United States International
170+ professionals 450+ professionals
12 offices 60+ offices in 43 countries
Boston · Chicago · Dallas · Asia: China · India · Japan · Thailand
Denver Detroit · Los Angeles · Africa: Congo · Egypt · Ghana · Ivory Coast · Mauritius · Morocco · Nigeria · Senegal · South Africa
New York Orange County · Americas: Toronto · Vancouver · Argentina · Brazil · Chile · Colombia · Mexico · Panama & Central
Philadelphia Richmond · San America · Peru
Diego · Tampa Europe: Belgium · Bosnia & Herzegovina · Croatia · Czech Republic · Finland · France · Germany ·
Hungary · Ireland
Italy · Netherlands · Poland · Portugal · Russia · Serbia · Slovakia · Slovenia · Spain · Sweden ·
United Kingdom
capstonepartners.comYou can also read
