It’s funny how you suddenly remember random conversations from months ago at the strangest times. I recall having breakfast with some of my pals at TripWire at RSA 2012 (yes, 13 months ago), and them peppering me about the vulnerability management market. Obviously they were shopping for deals, but most of the big players then seemed economically out of reach for TripWire. And there was nothing economically feasible I could recommend for them in good conscience.
What a difference a year makes. It seems the Thoma Bravo folks have TripWire hitting on all cylinders, and they are starting to flex some of that cash flow muscle by acquiring nCircle, one of the 4 horsemen of Vulnerability Management (along with Qualys, Tenable, and Rapid7). Both are private companies, so we won’t hear much about deal value, but with alleged combined revenue of $140 million in 2012, the new TripWire is a substantial business.
As I wrote in Vulnerability Management Evolution, VM is evolving into more of a strategic platform and will add capabilities like security configuration management (as opposed to pure auditing) and things like benchmarking and attack path analysis to continue increasing its value. TripWire comes at this from the perspective of file integrity and security configuration management, but they are ultimately solving the same customer problem. Both shops help customers prioritize operational security efforts by poses the greatest risk – in concept, anyway. And for good measure, they both generate a bunch of compliance-relevant reports.
The video describing the deal talks about security as business value and other happy vision statements. That’s fine, but I think it undersells the value of the integrated offering. You see, TripWire has a very good business assessing and managing devices using a device-resident agent. nCircle, on the other hand, does most of its assessment via a non-persistent agent. We believe there will continue to be roles for both modalities over time, where the agent will be installed on important high-risk devices for true continuous monitoring, and the non-persistent agent handles assessment for less-important devices. It’s actually a pretty compelling combination, if they execute the technical integration successfully. But this isn’t our first rodeo – good technical integration of two very different platforms is very very hard, so we remain skeptical until we see otherwise.
In terms of market analysis, the deal provides continued evidence of the ongoing consolidation of security management. TripWire has said they will be doing more deals. Qualys has public market currency they will use to bring more capabilities onto their cloud platform. Tenable and Rapid7 both raised a crapton of VC money, so they can both do deals as well. As VM continues to evolve as a platform, and starts to overlap a bit with more traditional IT operations, we will continue to see bigger fish swallowing small fry to add value to their offerings.
Our contributor Gal brought up the myth of TripWire’s ecosystem and questioned the openness and accessibility of integration, given what they have accomplished to date. I’m more inclined to put every vendor’s ecosystem in the BS camp at this point. TripWire and nCircle will be tightly integrated over the next two years. They don’t have a choice, given the drive to increase the value of the combined company. Any other integration is either tactical (read: customer-driven) or for PR value (read purple dinosaur driven). Security companies pay lip service to integration and openness until they reach a point where they don’t have to, and can control the customer (and lock them in). To think anything else is, well, naive.
To wrap up, on paper this is a good combination. But the devil is in the integration, and we have heard nothing about a roadmap. We heard nothing about what the integrated management team will look like. Nor have we heard anything about go-to-market synergies. There is a lot of work to do, but at least it’s not hard to see the synergy. Even if it’s not obvious to Jeremiah.
Photo credit: “Circling the Wagons” originally uploaded by Mark O’Meara