Post on 15-Apr-2020
2
01
02
03
04
Introduction to Managed Security Services
Managed Security Services Landscape
Industry Trends
Transactions & Valuations Overview
04
07
26
34
3
The global Managed Security Services (MSS) market size was $15 billion in 2018, and is projected to grow to $23 billion by 2021 at a
compound annual growth rate (CAGR) of 15%
Growth momentum in segments such as Threat Intelligence, Research, Detection and Remediation (TIRDR) and Regulatory Compliance Management (RCM) is expected to drive future growth of the MSS market
Security Asset Management and Monitoring (SAMM), the largest revenue contributor at 50%, is expected to grow slower than the overall MSS market
The financial services and government sectors remain the top two revenue contributors to the global MSS market, with the manufacturing sector growing quickly due to digital transformation
Key factors influencing the growing adoption of MSS globally include increasing attack surface, sophistication of threat actors, economies of scale, and stringent regulations
M&A activity is primarily targeted at horizontal acquisitions to either acquire/expand technical
capabilities/portfolio of offerings, or enhance geographical presence
Key inhibitors to the growth of MSS include the lack of threat visibility and clarity on assessment of
return on investment
GlobalLandscape
SegmentalForecast
VerticalBreakup
Segmental Revenue
GrowthDrivers
GrowthInhibitors
Transactions
4
Introduction To Managed Security Services
5Source: Avendus Research, Gartner, IDC | SIEM1 = Security Information & Event Management
Defining Managed Security Services
Managed
Security Services
Benefits Of Managed Security Services
Global FootprintAccess to an MSSP’s global, round-the-clock SOCs for state-of-the-art security tools and intelligence
Cost EfficienciesAccess to a team of seasoned security experts at a fraction of the cost of building in-house
Market-Leading TechnologiesAdvanced monitoring, analysis, and investigation of threats to ensure best-in-class defense and operational optimization
Rapid Incident ResponseContinuous and unmatched enterprise security incident handling through the use of state-of-the-art digital forensics
SIEM1 & Log Management InsightsUsing SIEM systems to collect logs and other security-related documentation for analysis on a single platform
Security Asset Management ReliefMSSPs have a holistic view of the required security environment, and expertise in integrating the latest security technologies
Monitoring of Advanced ThreatSophisticated security technologies and the latest threat intelligence provides proactive monitoring and threat detection
Risk & Compliance ManagementStaying up-to-date with the constantly evolving regulatory framework to ensure that assets are well protected
Impact On Businesses
» Building and maintaining teams of people, established processes, and office locations in-house is increasingly expensive and time-
consuming
» While businesses benefit from MSSPs’ predictable outcome-based pricing and reduced exposure to operational risk, the benefits
extend beyond cost reduction
» Businesses are able to transform business critical processes, and take advantage of new, scalable innovative technology and
expertise from this long-term, tightly integrated partnership
Round-the-clock remote management or monitoring of IT security functions
IT or Network Security Services outsourced to a service provider
Delivered largely via remote security operations centers (SOCs)
6
2009 2011 2015 2020
Managed Security Service Technology Roadmap, Global, 2009-2020
Source: Frost & Sullivan, HfS | DDoS1 = Distributed Denial of Service
Hosted demand
emerging, but slower than
expected
Growth in managed
SIEM and log management
Increased demand for compliance
services
Enhanced threat
detection and remediation capabilities
DDoS1
mitigation becomes a
key industry driver
Advanced analytics solutions
become a key differentiator
MSS solutions move to the
endpoint
Need for combined services –
both security solutions and management
services
» Risks arising from specific threats and threat actors have increased
both in terms of absolute number and impact
» Analytics and cloud capabilities are non-negotiable components of
security services today, while the use of predictive analytics and
public cloud will be non-negotiable in the future
» Industry expertise has moved beyond understanding of vertical-
specific regulatory requirements and threats
» Scarcity of talent has increasingly complicated the security landscape
Key Notes
7
Managed Security Services Landscape
8
8
Source: Frost & Sullivan, IDC | UTM1 = Unified Threat Management, IDPS2 = Intrusion Detection & Prevention System, SVM3 = Storage Virtual Machine; SOC4 = Security Operations Center
BreachManagement Incident Response
Forensics
Architecture & Design Assessment
Compliance
COMPLEMENTARYSERVICES
DDoS Prevention
Managed SIEM
Identity Access Management
Managed Encryption
File Integrity Monitoring
Threat Intelligence
Web Application Scanning
Web Application Firewalls
Managed SOC4
Advanced Detection &
Analytics Techniques
ADVANCED SERVICES
Managed Endpoint –Antivirus, Managed
Firewalls, etc.
Managed UTM1
Managed IDPS2
Managed Content Security Managed SVM3
Managed Log Monitoring / Management
Patch Management
Network Access Control
CORE SERVICES
Security Asset Monitoring and
Management (SAMM)
Risk and Compliance Management (RCM)
ThreatIntelligence, Research,
Detection and Remediation (TIRDR)
Distributed Denial of Service(DDoS)
Advancedand Emerging
Managed Security Services
» Asset maintenance and upgrades» Security assets policy management» Event correlation, analysis, and
security alert notification» Customer premises equipment (CPE)
and hosted services
» Compliance audits and reporting (system segmentation)
» Vulnerability assessments and scanning, partner program management, and compliance support
» Research and forensics of threat actors and vulnerabilities
» Threat detection, analysis, and prediction of breaches
» Proactive attack remediation and incident abatement
» Detection of DDoS attacks and means to prevent
» Removal of malicious traffic through dedicated scrubbing centers or a hybrid of on-premise equipment and cloud-based services
» Identity and Access Management» Managed mobile endpoint security» Managed Data Loss Prevention (DLP)» Other next-generation managed
security services
Segments Of Managed Security Services Types Of Managed Security Services
9
SEC
UR
ITY
ASS
ET M
ON
ITO
RIN
G A
ND
MA
NA
GEM
ENT
(SA
MM
)
SIEM1 = Security Information & Event Management; MDR2 = Managed Detection & Response; PCI DSS3 = Payment Card Industry Data Security Standard; GDPR4 = General Data Protection Regulations; DRaaS5 = Disaster Recovery-as-a-ServiceSource: Avendus Research, CapIQ
1 Sub-Segments Of Managed Security Services
SIEM1 andMDR2
Application Security
DatabaseSecurity &
DRaaS5
Messaging& Email Security
Security Consulting& Services
» Real-time analysis of security alerts generated by applications and network hardware
» Threat hunting and immediate responses to breaches » Measures taken to improve the
security of an application – often by finding, fixing, and preventing security vulnerabilities
» Protection of databases from threats and vulnerabilities associated with interconnected computing
» Recovery of data in the event of a breach or disaster to the database
» A program that provides protection for companies' messaging infrastructure
» Programs include IP reputation-based anti-spam, pattern-based anti-spam, administrator defined block/allow lists, mail antivirus, zero-hour malware detection and email intrusion prevention
» Helps define strategy, identify threats, deploy technologies and ensure operational readiness
» This includes penetration testing, risk assessments, vulnerability assessments, PCI DSS3, GDPR4, and forensic analysis
Vendors
10Source: Avendus Research, CapIQ
2 Sub-Segments Of Managed Security Services
RIS
K A
ND
CO
MP
LIA
NC
E M
AN
AG
EMEN
T (R
CM
)
RiskAssessment &
Visibility
Digital Risk Management
Vulnerability Assessment &
Pen Testing
SecurityRating & Risk Analysis
Security Awareness &
Training
» Company-wide visibility of hazards, risks and risk assessments
» This allows enterprises to spot trends earlier, and to implement corrective and preventative actions quicker
» Identify and manage risk/compliance exposure to cybersecurity threats and third party vendors – both in terms of vulnerability and data privacy
» Simulations are conducted in a manner similar to how an attacker would attempt a breach
» To discover points of exploitation and test the IT system’s breach security
» Comprises of a comprehensive, outside-in view of a company's overall cybersecurity posture
» Continuous monitoring across risk factors including endpoints, applications, firewalls among others
» Ensures that knowledge and training is up-to-date
» Includes the protection of both the physical and informational assets of an organization
Vendors
11
DD
oS
4
Source: Avendus Research, CapIQ | NGFW = Next Generation Firewall
Sub-Segments Of Managed Security Services3
TIR
DR
NGFW1,Network Analysis &
Forensics
Threat Intelligence
Fraud &Transaction
Security
Software Defined Networking (SDN)
DDoSProtection
» Monitoring and analysis of computer network traffic to gather information, legal evidence, or detect intrusions
» Evidence-based knowledge, including context, mechanisms, indicators, implications, and action-oriented advice about an existing or emerging threat to assets
» Detecting and preventing fraudulent transactions –when a merchant account is used without the intention of operating a legitimate business transaction
» Model where the information security of a computing environment is implemented, controlled, and managed by security software
» A set of techniques/tools to mitigate the impact of distributed DDoS attacks on networks attached to the internet by protecting the target and relay networks
!
Vendors
12Source: Avendus Research, CapIQ
Sub-Segments Of Managed Security Services
AD
VA
NC
ED A
ND
EM
ERG
ING
MA
NA
GED
SEC
UR
ITY
SER
VIC
ES
AdvancedThreat Protection & Cloud Security
Identity Access Management (IAM)
End PointSecurity
Data Encryption, Privacy & Loss Protection
Security Operations &
IncidentResponse
» Security solutions that defend against sophisticated malware or hacking-based attacks that target sensitive data
» Solutions to identify, authenticate, and authorize individuals utilizing IT resources
» This also includes the hardware and applications that employees need to access» Protecting the corporate
network when accessed via remote devices such as laptops or other wireless and mobile devices
» Each device with a remote connection to the network creates a potential entry point for security threats » Detects potential data breaches/data
ex-filtration transmissions» Prevention by monitoring, detecting,
and blocking sensitive data while in-use, in-motion, and at-rest
» Processes, resources and solutions that prevent, detect and respond to cyber attacks and privacy/security incidents – including security analytics, incident response, and applicable threat intelligence
5 Vendors
13
» Security posture needs
assessment and
execution
» Application and
infrastructure security
implementation /
integration
» Support for board level
security discussions
STRATEGY, ARCHITECTURE AND
INFRASTRUCTURE
RISK AND THREAT AND PREVENTION
RISK AND THREAT MONITORING
INCIDENT DETECTION AND REPORTING
REMEDIATION
» Threat intelligence
» Application and
infrastructure testing
for security issues
» Process changes to
embedded security in
business operations
» Ongoing monitoring of
systems and logs,
including updates
based on changing
security needs
» Analytics for trends,
patterns and behaviors
» Reporting and analysis
of detected incidents /
threats
» Support for board level
discussions of detected
incidents
» Recommendations and
actions to address
threats and incidents
» Recommendations for
ways to enhance future
responses
SERVICE-ENABLING TECHNOLOGIES
Digitization & Robotic Automation | Analytics | Mobility | Social Media | Cognitive Computing | Artificial Intelligence
SECURITY TECHNOLOGIES AND PLATFORMS
Firewalls | Endpoint Protection | Network Monitoring | Intrusion Detection | Application Security | Device Security | Data Protection | Identity and Access Management | Mobile Security | Threat Intelligence | Predictive Analytics | Anti-virus | Log Management
Source: Avendus Research, HfS, Frost & Sullivan | VARs1 – Value Added Resellers; SIs2 – System Integrators; ISPs3 – Internet Service Providers
MSSPs
End Users
VARs1,SIs2, ISPs3
DirectSales
5% 95%
14Source: Avendus Research, Frost & Sullivan
Annual contract sizes range from
hundreds of thousands of
dollars to several million dollars
Service Level Agreements
(SLAs)
Degree of Involvement
DeliveryMode
Contract LengthGeographic Coverage
Integrationof Other Managed Services
Complexity of IT
Infrastructures
`
SLAs vary according to different service packages offered by MSSPs, and are broadly defined by parameters such as average response time to security events and average response time to service failures
Higher guaranteed service parameters lead to in higher contract values
Customers’ geographical footprint — be it global, regional, or local — and the corresponding requirements regarding regulatory compliance and the possibility of off-shoring affect the annual contract size
Other factors such as the length of subscription service and integration with other services—managed, professional/technical security, or system integration—affect annual contract size
Contracts with longer time spans often have lower annual contract value – on average, 3-year contracts are preferred, but the length of the contract can vary from 1 to 10 years
Several MSSPs reported that organizations requiring particular procedures to collect, store, and manage log data (such as to comply with a local regulation) often yield higher contract values
Average annual value of an MSS contract is ~$280,000
One-time set-up fees are often included in the annual contract – either calculated per site or per device
Integration with other services, and greater volumes of monitored/managed devices often result in price discounts
15Source: Frost & Sullivan | *Others = Admin, Agriculture, Construction, Education, Management, Real Estate, Retail, Trade, Transportation, and Utilities
73%
27%
Enterprise
SMB
22%
16%
14%
48%
Financial Services
Government
Manufacturing
Others*
39% 39% 39% 39%
38%37%
36%36%20%
20%
21%
21%
4%
4%
4%
4%
$15
$18
$20
$23
2018 2019E 2020E 2021E
Latin America
Asia Pacific
Europe, Middle East and Africa
North America
$15 Bn
$15 Bn
» The global MSS market is expected to grow at a CAGR of 15% from 2018 to 2021
» Organizations are experiencing a growing complexity when protecting their infrastructure from targeted attacks, driving
consistent adoption of managed security services across regions
» Compliance with regulatory requirements is an important driver, particularly in EU and NA
» Another critical market driver is the increase in cyber attacks, making organizations vulnerable to sudden loss of revenue
and reputation
» Revenue from Small and Medium Sized Business (SMB) customers is expected to increase due to higher adoption rates
and subsequent cost reductions experienced
Key Notes
Global Forecasted MSS Revenue ($ Bn) 2018-21 2018 Revenue Breakdown by Vertical
2018 Revenue Breakdown by Client Type
17Source: Identity Theft Research Center (ITRC) End of Year Data Breach Report 2018, Verizon: 2018 Data Breach Investigations Report
536
446
338
304
146
132
109
101
71
33
Healthcare
Others
Accomodation
Public
Financial
Professional
Information
Education
Manufacturing
Entertainment Breaches111
140
145
171
276
308
324
327
414
Payment Card Skimmers
Crimeware
Lost and Stolen Assets
Cyber-Espionage
Privilege Misuse
Others
Point of Sale
Miscellaneous Errors
Web Applications
Breaches
Year 2015 2016 2017 2018Average cost of a data breach in
2018 was ~$3.5MnNo. of data breaches in the US 780 1,030 1,632 1,244
The increasing complexity and frequency of attacks are due to well funded and technologically sophisticated threat actors
Advanced Persistent Threats (APTs) and Zero-day attacks are growing in frequency
Investments in security appliances and software highlight the need for technical services around these investments to manage effectively
Enterprises often lack access to cross-industry and cross-border security intelligence needed for effective threat visibility
Enterprises lack a full view of the threat landscape and knowledge of security intelligence to sufficiently detect and prevent these attacks in a timely manner
143
330
347
736
2,106
3,930
4,850
8,846
10,611
21,409
Payment Card Skimmers
Point of Sale
Cyber-Espionage
Others
Miscellaneous Errors
Lost and Stolen Assets
Web Applications
Crimeware
Privilege Misuse
Denial of Service
Incidents
22,788
19,208
7,188
1,040
750
598
540
536
368
292
Public
Others
Entertainment
Information
Healthcare
Financial
Professional
Manufacturing
Accomodation
Education Incidents
Global Breaches & Incidents By Sector Global Breaches & Incidents By Pattern
18Source: AlienVault, CyberSecurity Insiders
55%
42%
32%
32%
30%
30%
Cybersecurity Skills Shortage In-House
Lack of Security Coverage
Speed Of Incident Response Issues
Cost And Complexity Of Building In-HouseTeam
Lack Of Detection And Response Capabilities
No Visibility Into Overall Security Posture
Percentage of Organisations Struggling With The Specific Factors
9%
23%
32%
24%
12%Not At All Confident
Not Confident
Somewhat Confident
Confident
Extremely Confident
Percentage Of Organizations Driven To MSS Because Of The Following Factors
26%
30%
32%
33%
42%
44%
47%
Meeting Regulatory Compliance Mandates
Lack Of Security Domain Expertise In-house
Speed Of Response To Incidents
Breach Protection
Cost Savings
Moving to 24x7 Security Coverage
Lack Of Internal Security Personnel / Expertise
Percentage Of Organizations Driven To MSS For
77%
75%
67%
56%
45%
Rapid Identification & Remediation OfAttacks
24x7 Monitoring & Analysis
Security Posture Reports To IdentifyVulnerabilities & Risks
Security Policy & Controls Management
Ensuring Regulatory Compliance
Percentage Of Organizations Driven To MSS For
» Organizations continue to struggle with
security skills gap – more than half of
enterprises identified a shortage of in-
house cybersecurity skills as the biggest
security operations challenge
» Almost 80% of the organizations allocate
25% or less of their security budgets to
managed security – this trend is changing
quickly with the increase in sophistication
of attacks and the ever-evolving threat
landscape
» Only 36% of organizations are confident
of their in-house security team’s ability to
maintain the right security skills and
competencies
» The remaining 64% are somewhat
confident that in-house security
operations are able to keep up with the
continuously evolving threats landscape
and keep the operations of the firm well
defended
» More than half of organizations will
increase their budget for managed
security by an average of 14% over the
next 12 months
Key NotesSecurity Operations Challenges Faced By Organizations Factors Responsible For Switch From In-House To MSS
Confidence With In-House Security Prioritization Of Security Capabilities
19Source: Avendus Research, EuGDPR.org, CAPrivacy.org
Growing number of environments and devices to protect
Scarcity of qualified information security
professionals
Continued growth of compliance regulations
» The General Data Protection Regulation (GDPR) is designed to enhance the protection of individuals residing in the EU, as well as address the export of “personal data” outside the EU » It applies to all organizations doing business in the EU, and any organization outside the EU handling EU citizens’ personal data» The definition of “personal data” includes genetic, mental, cultural, economic, social identity and online identifiers (IP addresses, cookies)
GDPR Requirements
The GDPR went into effect on 25th
May 2018Penalties: 4% of revenue or €20 Mn (whichever is greater)
Users may request a copy of personal data in a portable format
To demonstrate enforcement of customer consent for personal data collection
Controllers must comply with breach notification windows
To satisfy customer data portability support, and enable the right to be forgotten and erased from records
Implement adequate technical and organizational measures to protect persons’ data and systems
Privacy risk impact assessments will be required where privacy risks are high
Appointment of a data protection officer (DPO) will be mandatory for companies processing high volumes of personal data
In June 2018, California’s state legislature unanimously passed a new data privacy bill instituting stringent regulations that are entirely new to the United States. This bill set a significant precedent in the US, following GDPR’s activation in May 2018, and during a time when data privacy continues to be heavily discussed in the media and with lawmakers. The bill will become operative on January 1, 2020, and affects organizations that serve or employ California residents
CCPA
General Data Protection Regulations (GDPR) California Consumer Privacy Act (CCPA)
Scope EU personal data processed California resident’s personal data collected
Right To Access Right to access all EU personal data processed Right to access California personal data collected in last 21 months
Right To Portability Must export and import certain EU personal data in a user-friendly format All access requests must be exported in user-friendly format but there are no import norms
Right To Correction Right to correct errors in EU personal data processed Not included in CCPA
Right To Stop Processing Right to withdraw consent or otherwise stop processing EU personal data Right to opt-out of selling personal data only; must include opt-out link on website
Right To Stop Auto Decision-making Right to require human to make decisions that have a legal effect Not included in CCPA
Right To Stop Third-Party Transfer Right to withdraw consent for data transfers involving second purposes of categories of data Right to opt-out of selling personal data to third parties
Right To Erasure Right to erase EU personal data, under certain conditions Right to erase personal data collected, under certain conditions
Right To Equal Services And Price At most, implicitly required Explicitly required
Private Right Of Action Damages No floor or ceiling Floor of $100 and ceiling at $750 per customer per incident
Regulator Enforcement Penalties Ceiling of 4% of global annual revenues No ceiling – $7,500 per intentional violation, $2,500 per negligent violation
20Source: Aberdeen, Alien Vault, Cybersecurity Insiders, Frost & Sullivan | Annual Cost Not Avoided = Average Number of Security-related Incidents experienced in the last 12 months * Average total cost per incident
540
980
300
310
Security Monitoring 24x7x365(Managed Service)
Security Monitoring 24x7x365(In-House)
Annual Investment ($'000/year) Annual Cost Not Avoided ($'000/year)
MSSPs generates savings of approximately 35% for large enterprises over in-house implementations every year
15%
45%
27%
6% 7%
<10% 10-25% 26-50% 51-75% >75%
Per
cen
tage
of
Org
aniz
atio
ns
Savings
15%
15%
16%
17%
18%
21%
37%
Security Posture Issues
Availability & Business Continuity Issues
Performance Issues
Agility Issues
Lack of Integration
Efficiency Issues
Cost Issues
Percentage of Organizations
Buyers are apprehensive of MSS largely due toassociated recurring costs
» Enterprises need to balance the need for
qualified experts with minimizing the
associated costs to fit within the allotted
security budget – managed security
services that drive cost-efficiencies in
addition to their primary roles are
favored
» The average MSS contract size is
approximately $280,000, compared to
the upwards of $980,000 investment into
internal set-ups – presenting a significant
cost advantage for enterprises to make
the switch
Key NotesCost Implications Of Outsourcing Security Challenges Faced While Outsourcing Security Services
Expected Savings From Outsourcing Security Services Average Annual Contract Size
USD$280,000
21Source: Gartner, DBS Bank, Ericsson Mobility Report, IDC Worldwide IoT Spending Report | Note: IoT spending for 14 technologies across 20 vertical industries in nine regions and 53 countries through 100 use cases
19%
18%
17%
16%
15%
12%
Consumer
Insurance
Healthcare Provider
Government
Contruction
Others
RISE OF IOT DEVICES 2018 2030E
Total IoT units installed base (Bn) 11 125
Consumer devices (Bn) 7 75
Consumer devices as % of total devices 63% 60%
Connected devices per person 2 15
World population (Bn) 7.7 8.5
IoT adoption rate 18% 176%
1,200 Mn devices in 2018
473 Mn devices in 2018
473 Mn devices in
2018
65 Mn devices in 2018
125 Mn devices in 2018
441 Mn devices in 2018
IoT drives convergence of
verticalsR
ate
of
Ad
op
tio
n
100%
90%
80%
70%
60%
50%
40%
30%
20%
10%
0%
Blockchain
Internet of ThingsAugmented Reality
ArtificialIntelligence
AugmentedReality
Artificial Intelligence
IoT to reach tipping point of 18-20% in 2019
2030
2017Blockchain
Technology
» The US connected car market is predicted
to reach $514B, and add-on sales of IoT
devices for vehicles are predicted to grow
to $18B in 2021
» Spending on IoT Endpoint Security
solutions will grow to $631M in 2021, at
a CAGR of 21%
» As a result, worldwide IoT security spend
is expected to increase to $3B in 2021, at
a CAGR of 28%
» By 2023, the average CIO will be
responsible for managing more than
three times the number of endpoints
compared to 2018 – new business
models and respective revenue streams
will lead to a new wave of supporting IoT
networks and sensor devices
» Businesses, governments, and consumers
are projected to invest nearly $1.6 trillion
to install IoT solutions up to 2020
» Software and application development
are predicted to be the majority of
investments, giving rise to the demand
for MSSPs to manage activity
Key Notes5-Year CAGRs Of Top Industries Spending On IoT
(2017-2022)
22Source: Avendus Research, Frost & Sullivan, MSP Benchmarking Research 2017 by Kaspersky | RMM* = Remote Monitoring & Management
35%
44%
51%
46%
58%
50%
62%
47%
53%
54%
58%
60%
61%
64%
No apparent value in providing managed security
Lack of integration with RMM* tools
Difficulties with remote deployment and management
Low margin from security services
Lack of security experts for hire
Lack of interest from customers
High cost of the solutions
MSSPs with SMB Clients MSSPs with Enterprise Clients
MSSPs, serving both SMB and Enterprise level clients, identified that the cost of cybersecurity solutions available on the market is the number one challenge faced
Many enterprises still do not believe that they are vulnerable to an attack, thereby are slow to adopt – surveys show that while awareness is on the rise, many still do not have full visibility and appreciation of the threat landscape and its potential impact on operations
There is an inherent difficulty in showing the exact return on investment from hiring an MSSP, with the benefits clear only when the enterprise has been the subject of a target attack
Data center locations matter to enterprises when choosing services providers, and given that not all MSSPs can afford to have multiple cross border data centers, it poses a major hindrance to the adoption plans
Outsourcing of these security services often relies on internal IT teams’ qualified opinions, and initial resistance comes from the instinct of self preservation
The average MSS contract value is $280,000, out of reach for most small and medium sized businesses, although there is a rising trend in MSSPs focused on SMBs – offering both flexible and acceptable price points to encourage adoption
Top Managed Security Challenges Faced By MSSPs
24Source: Gartner – Included vendors with a threshold revenue of $50 Mn in 2018, besides geographic presence, devices managed and clients servedForrester – Included vendors with more than 120 incident responses and 20 tabletop exercises in the last 12 months and evaluated them against 11 criteria grouped into three categories of Current Offerings, Strategy and Market Presence
CHALLENGERS LEADERS
NICHE PLAYERS VISIONARIES
COMPLETENESS OF VISION
AB
ILIT
IY T
O E
XEC
UTE
Stro
nge
r C
urr
ent
Off
erin
gW
eake
r C
urr
ent
Off
erin
g
Weaker Strategy Stronger Strategy
Market Presence
Challengers Contenders Strong performers Leaders
Forrester Wave 2019Gartner Magic Quadrant 2019
25Source: Frost & Sullivan | Note: Base year is 2017; Market share by revenue
IBM7%
Verizon7%
BT Global Services5%
AT&T4%
Atos SE3%
HP3%
Dell SecureWorks3%
Symantec3%
Orange Business Services3%
Telefonica2%
Others60%
Others
26
Industry Trends
27Source: IDC, Frost & Sullivan | CPE1 = Customer Premise Equipment; SP2 = Service Provider; FW3 = Firewalls; ID4 = Incident Detection; SIEM5 = Security Information and Event Management
Move To Provide Beyond Managed Devices
Move to provide threat detection and response capabilities, beyond the traditional on-premise equipment solutions
Investments In The CloudMovement to providing cloud security and working with cloud providers, creating better visibility for hybrid IT environments
Emerging Technologies
Simplifying The Customer Experience
Enhancing the customer relationship, unifying platforms, and creating new pricing models
Acquire & Retain TalentContinued investments in educational initiatives and retention of employees to provide expertise as a core differentiator
Leveraging emerging technologies such as AI/ML, big data analytics, threat intelligence, and advanced automation platforms
Vis
ibili
ty a
nd
Un
de
rsta
nd
ing
Advanced and Skilled
Simple Security Team and Skill SetCPE1-basedHosted-/Cloud-Based
FW3, IDs4, Logs
SIE
Big Data Analytics, Incident
Response AI, Cognitive
TISS, Threat
Services, MSS 2.0
Next Gen SPs2
SIEM5
Tier 1 Tier 2- 3 Analysts
Protect / Compliance
Co-Managed / Outsourced SIEM;
MSSP
Iterative & Hybrid SP
AutomatedResponse, Develop Security Plans,
Investigate, Pursue,Threat
Hunting
NextGen: Analyze,
Automate Predict
Analyze & Prevent
Detection
Monitor & Alert
28Source: Frost & Sullivan | 1Asia Pacific: India, China, Taiwan, Hong Kong, Japan, ASEAN, Australia and NZ; 2Latin America: Brazil, Caribbean and Central America, Mexico, and Andean Region
$6$7
$8
$9
2018 2019E 2020E 2021E
$6$7
$7$8
2018 2019E 2020E 2021E
$3$4
$4$5
2018 2019E 2020E 2021E
$0.6$0.7
$0.8$0.9
2018 2019E 2020E 2021E
North America (USA and Canada) Europe, Middle East and Africa
Asia Pacific1 Latin America2
» All four regional markets are expected to
experience double digit growth
» APAC is expected to grow the fastest at a
CAGR of 17.7%, and North America is
expected to grow the second fastest at a
CAGR of 16%
» Total MSS revenue in NA is expected to
exceed that of EMEA in 2018 to form the
largest component of global MSS
Key Notes
Worldwide Forecast of MSS Revenue 2018-21 ($ Bn)
29
01
Source: Frost & Sullivan
North America(USA & Canada)
The North American MSS market is projected to increase at
double-digit rates for the next 3 years. Market demand is driven
by the increasing volume, diversity, and sophistication of cyber
threats aimed at a broadening exposure footprint. This is
compounded by outdated security practices, plus challenges of in-
house staffing and adaptation.
05Latin America (Brazil, Caribbean and Central America,
Mexico, the Southern Cone, and the Andean Region)
The Latin American MSS market size was $619 million in 2018, and is expected grow at a
CAGR of 15% to $935 million by 2021, at a CAGR of 15%. Brazil is the largest at 39%,
followed by Mexico at 21%. In Latin America, security asset management and monitoring
holds the largest share of the market at 71%, followed by threat intelligence, research,
detection, and remediation with 18%.
02Europe, Middle East & Africa(EMEA)
The MSS market in EMEA has grown at a double-digit YoY rate since 2015. The financial services and government
sectors remain the top 2 industries in EMEA’s MSS market in terms of revenue. Europe’s manufacturing sector will
likely contribute a significant portion of overall MSS growth, due to increased digital transformation leading to greater
MSS demand. The top 3 countries for MSS in terms of revenue are the United Kingdom, Germany, and France.
Asia Pacific (APAC) –India, China, Taiwan, Hong Kong, Japan,ASEAN, Australia & NZ
The APAC MSS market crossed revenue of $3
billion in 2018 – with Japan (31%), and Australia
and New Zealand (24%) holding the largest
market shares. South Korea remained the 5th
largest MSS market with growth rate of 10%.
CPE-based services held the largest revenue at
70% while hosted security services (HSS)
contributed the rest. Growth is set to continue
due to the increasing adoption of cloud services
and the shift from capex to opex-centric
budgeting.
03
04India
The RCM and AEM markets in India were valued at $33 million and $16 million respectively in 2017. The latter is expected to grow faster given the
higher uptake of managed identity and access management (IAM), managed endpoint security, and managed data loss prevention.
30Source: Frost & Sullivan
Secureworks, 14%
Verizon, 10%
AT&T, 10%
Trustwave, 6%
IBM, 5%
CenturyLink, 5%
Symantec, 5%Alert Logic, 4%
Others, 41%
$6$7
$8
$9
2018 2019E 2020E 2021E
» Government contractors are
increasingly pivoting into the
commercial segment and strategically
adding to their MSS portfolios
» Consulting firms are also expanding
their MSS portfolios
» Communication service providers
continue to leverage their strategic
network locations and
vendor/technology agnosticism as a
means to deliver reliable built-in,
always-on security
» On technology trends, the most
significant is the escalating development
and use of advanced analytics to
transform the ever-growing data lakes
of cybersecurity telemetry into
actionable intelligence and move clients
from a reactive/victim state to an
proactive/anticipatory state
» Automation and unification will also be
growing technology waves as client IT
environments continue down the
dispersion pathway (i.e., hybrid IT) and
attention grows on the cyber risks and
their bearing on business risk in Internet
of Things (IoT) and Operational
Technology (OT)
Key Notes
End Users
ChannelPartners
9%
Web1%
Direct Sales90%
Revenue Forecast ($ Bn), 2018-21 Distribution Channel Analysis
Market Share, NA 2017
Others
MSSPs
31Source: Frost & Sullivan
40%
60%
2018
Cloud-based SAMM CPE Hosted SAMM
$6 Bn
Others, 15%
Utilities, 6%
Technology, Media & Entertainment,
10%
Healthcare, 14%
Manufacturing, 15%
Government, 15%
Financial Services, 24%
17% 17% 17% 17%
17% 17% 17% 17%12%12%
12%12%
8%8%
8%8%33%
33%33%
33%
4%
4%
4%
4%
9%
9%
9%
9%
$6
$7$7
$8
2018 2019E 2020E 2021E
Middle East & Africa
Central Eastern Europe
Rest of Europe
Benelux
France
Germany
UK
BT, 8%
Orange, 7%
IBM, 5%
HP Enterprise, 5%
Atos, 5%
Telefonica, 5%
T-Systems, 5%
Verizon, 4%
Others, 57%
44%
56%
2021E
$6 Bn
$8 Bn
» 19% of the market share is
held by the top 3 companies
» Average contract period for
MSS is 3.3 years
» Average renewal rate is 90%
» Average product
development time is 9
months
» The top 3 countries for MSS
in terms of revenue are the
UK, Germany and France
Key Notes
Revenue Forecast ($ Bn) and Geographical Breakup (%), 2018-2021
Revenue Forecast by Delivery Mode, EMEA 2018-2021
Others
Revenue Share by Verticals, EMEA 2018
Market Share, EMEA 2017
32Source: Frost & Sullivan
10%
9%
9%
24%7%
41%
Others
Government
Healthcare
IT/ITeS
Manufacuring
BFSI86%
85%85%
84%
84%14%
15%
15%
16%
16%
$298
$357
$437
$548
$699
2018 2019E 2020E 2021E 2022E
SMBs Large Enterprises $298 Mn
» The MSS market in India is projected to grow from $298 mn in CY2018, to $699 mn by the end of CY2022, growing at a CAGR of 24%
» Growth drivers would largely be: scarcity of in-house expertise and human talent, evolving regulatory and compliance requirements, increased awareness of reputational risks and revenue losses associated with sensitive
data breaches, and increasing complexity of targeted attacks
» On the vulnerability scale, government and banking, financial services, and insurance (BFSI) have faced the most number of cyber attacks in the recent past
» Mega campaigns such as Smart Cities Initiative, Digital India, and Make In India are likely to drive MSS growth in the country; technological trends like virtualization, Bring Your Own Device (BYOD), cloud, and Big Data are
likely to be the differentiators
» BFSI and IT/IT-enabled services (ITeS) are the strongest adopters of MSS in India; expectations are high from the healthcare sector
» Large enterprises contribute to 86% of the overall market revenue
» Within the MSS market, security asset monitoring and management (SAMM) has the highest market share at 65%, followed by threat intelligence, research, detection, and remediation (TIRDR) at 16%, risk and
compliance management (RCM) at 13%, and advanced and emerging MSS (AEM) at 6%
Key Notes
Revenue Share by Verticals, 2018Revenue Forecast of MSSPs in India ($ Mn), 2018-2022
33Source: Frost & Sullivan | SI1 = System Integrators; TSP2 = Traditional Service Provider; OEM3 = Original Equipment Manufacturer
Reliance Communications
1%
TCL3%
IBM4%
HP4%
TCS4%
Wipro12%
HCL11%
Paladion5%
Tech Mahindra4%
CSC2%
Dimension data3%
Others47%
» The Indian MSS market is highly segmented, with several types of service providers
contributing to the market – this includes SIs1, TSPs2, and OEM3 vendors
» Wipro is the current market leader, with 12% of the market share – Wipro uses
standardized tools, automation, processes, platform, and framework to reduce errors
and increase efficiency within the threat detection and remediation process
» HCL stands second, with 11% of the market share but has decided to limit its focus on
the India market due to lower margin vis-à-vis markets overseas
» In recent quarters, Symantec has increased focus on the India market – opening the
largest Symantec SOC in Chennai to work closely with Indian customers
Key Notes
Market Share, 2018
Others
Advanced Persistent Threat (APT)
Society forWorldwideInterbank Financial Telecommunication (SWIFT) Attacks
Until 2013 2015 2016 2017 Onwards
Shift from Signature-based to Non-signature-based Cyber Attacks
Malware
Trojan Virus
Signature Based Attacks
DDoS
Phishing/Spear
Phishing
Non-signature-based Attacks
Spyware
Man-in-the-middle (MTM)
Attacks
Non-signature-based Attacks
Zero-Day Target Attacks
PoS Attack
Botnet
Typ
e o
f A
ttac
ks
Cross-site Scripting
Ransomware
Interception of Payments
Advanced DDoS
Non-Signature-
Based Attacks
34
Valuation & Transactions Overview
35
8.9x
4.7x
6.6x
4.1x
15.6x
12.9x
6.7x
18.4x 17.7x
13.8x
20.6x
12.9x
15.0x
Trading Comparables(Indian Large IT Services)
Trading Comparables(Global Large IT Services)
Trading Comparables(Indian Mid IT Services)
Trading Comparables(US Mid IT Services)
Trading Comparables(Pure-play Security Players)
Transaction Comparables(Strategic Transactions)
Transaction Comparables(PE Transactions)
VALUATION COMPARABLES SUMMARY TABLE EV / REVENUE (LTM) EV / EBITDA(LTM)
Lower Bound Upper Bound Median Lower Bound Upper Bound Median
Trading Comparables (Indian Large IT Services) 1.6x 4.9x 2.2x 8.9x 18.4x 10.8x
Trading Comparables (Global Large IT Services) 1.0x 2.9x 1.8x 4.7x 17.7x 10.5x
Trading Comparables (Indian Mid IT Services) 1.1x 2.6x 2.0x 6.6x 13.8x 12.0x
Trading Comparables (US Mid IT Services) 0.3x 2.5x 1.3x 4.1x 20.6x 12.5x
Trading Comparables (Pure-play Security Players) 3.5x 36.6x 7.1x 15.6x 42.3x 15.6x
Transaction Comparables (Strategic Transactions) 0.8x 19.9x 2.1x 12.9x 12.9x 12.9x
Transaction Comparables (PE Transactions) 1.3x 1.3x 1.3x 6.7x 15.0x 10.9x
Source: CapIQ, Merger Markets
40.2x
Valuation Comparables Football-field Analysis – EBITDA Multiple
36
INDIAN LARGE IT SERVICES
Company HQ
LTM Operating Metrics Trading Multiples
Market Cap ($ Mn)
EV ($ Mn)Revenue ($ Mn)
EBIT ($ Mn) EBITDA ($ Mn) Gross Margin EBIT Margin EBITDA MarginEV / Rev EV / EBITDA P/E
LTM NTM LTM NTM LTM NTM
TCS Mumbai 112,569 107,457 21,817 5,527 5,829 45.0% 25.3% 26.7% 4.9x 4.6x 18.4x 17.2x 24.0x 23.0x
Infosys Bengaluru 49,101 46,665 12,099 2,670 2,959 32.8% 22.1% 24.5% 3.9x 3.6x 15.8x 14.6x 22.2x 20.4x
Wipro Bengaluru 23,481 18,992 8,607 1,504 1,752 29.9% 17.5% 20.4% 2.2x 2.1x 10.8x 10.9x 17.5x 17.2x
HCL Noida 20,060 19,258 8,632 1,683 1,990 35.0% 19.5% 23.1% 2.2x 1.9x 9.7x 8.3x 13.9x 12.8x
Tech Mahindra Pune 8,872 7,971 5,014 756 900 36.1% 15.1% 17.9% 1.6x 1.5x 8.9x 8.1x 14.3x 13.2x
Median 3.0x 2.7x 12.7x 11.8x 18.4x 17.4x
Mean 2.2x 2.1x 10.8x 10.9x 17.5x 17.2x
GLOBAL LARGE IT SERVICES
Company HQ
LTM Operating Metrics Trading Multiples
Market Cap ($ Mn)
EV ($ Mn)Revenue ($ Mn)
EBIT ($ Mn) EBITDA ($ Mn) Gross Margin EBIT Margin EBITDA MarginEV / Rev EV / EBITDA P/E
LTM NTM LTM NTM LTM NTM
IBM USA 132,668 164,830 77,858 11,678 16,668 46.9% 15.0% 21.4% 2.1x 2.1x 9.9x 8.7x 15.2x 10.8x
Accenture Ireland 124,128 119,785 41,244 6,187 6,786 31.7% 15.0% 16.5% 2.9x 2.6x 17.7x 15.7x 26.5x 25.0x
Cognizant USA 37,533 35,476 16,323 2,683 3,183 38.7% 16.4% 19.5% 2.2x 2.1x 11.1x 10.6x 18.6x 16.6x
CGI Canada 21,251 22,500 8,808 1,319 1,494 30.4% 15.0% 17.0% 2.6x 2.3x 15.1x 12.7x 23.4x 20.4x
DXC Technology USA 15,089 19,925 20,753 2,463 4,228 28.0% 11.9% 20.4% 1.0x 1.0x 4.7x 4.4x 12.0x 6.9x
Capgemini France 20,816 22,331 15,110 1,585 1,930 27.1% 10.5% 12.8% 1.5x 1.4x 11.6x 9.4x 24.9x 16.5x
NTT DATA Japan 18,295 21,880 19,526 1,333 2,759 25.2% 6.8% 14.1% 1.1x 1.1x 7.9x 7.5x 21.7x NA
Atos France 9,260 14,759 14,035 1,238 1,878 15.3% 8.8% 13.4% 1.1x 1.1x 7.9x 8.1x 12.8x 8.9x
Median 1.8x 1.7x 10.7x 9.6x 19.4x 15.0x
Mean 1.8x 1.7x 10.5x 9.1x 20.1x 16.5x
Source: CapIQ, figures as of July 18th, 2019
37
INDIAN MID IT SERVICES
Company HQ
LTM Operating Metrics Trading Multiples
Market Cap ($ Mn)
EV ($ Mn)Revenue ($ Mn)
EBIT ($ Mn) EBITDA ($ Mn) Gross Margin EBIT Margin EBITDA MarginEV / Rev EV / EBITDA P/E
LTM NTM LTM NTM LTM NTM
L&T Mumbai 3,972 3,716 1,417 253 270 23.4% 17.9% 19.0% 2.6x NA 13.8x NA 18.1x NA
Mphasis Bengaluru 2,529 2,358 1,116 180 187 44.4% 16.1% 16.8% 2.1x 1.9x 12.6x 10.7x 16.3x 14.7x
Mindtree Mumbai 1,650 1,547 1,046 119 146 30.5% 11.4% 14.0% 1.5x 1.4x 10.6x 9.7x 16.5x 15.6x
Hexaware Mumbai 1,562 1,438 702 100 108 23.2% 14.3% 15.4% 2.0x 1.7x 13.3x 11.0x 18.4x 16.3x
NIIT Gurugram 1,205 1,051 531 76 88 40.6% 14.2% 16.6% 2.0x 1.7x 12.0x 9.8x 20.7x 17.3x
Zensar Pune 794 788 572 60 71 25.0% 10.4% 12.4% 1.4x 1.2x 11.1x 9.0x 17.5x 14.8x
Persistent Pune 676 527 486 62 80 32.0% 12.7% 16.4% 1.1x 1.0x 6.6x 5.9x 13.3x 11.9x
Median 1.8x 1.5x 11.4x 9.3x 17.3x 15.1x
Mean 2.0x 1.5x 12.0x 9.7x 17.5x 15.2x
US MID IT SERVICES
Company HQ
LTM Operating Metrics Trading Multiples
Market Cap ($ Mn)
EV ($ Mn)Revenue ($ Mn)
EBIT ($ Mn) EBITDA ($ Mn) Gross Margin EBIT Margin EBITDA MarginEV / Rev EV / EBITDA P/E
LTM NTM LTM NTM LTM NTM
Virtusa Westborough 1,340 1,614 1,248 70 97 29.1% 5.6% 7.8% 1.3x 1.2x 16.6x 12.0x 83.0x 14.8x
Perficient St Louis 1,168 1,283 511 42 62 36.1% 8.1% 12.2% 2.5x 2.3x 20.6x 14.2x 43.8x 18.7x
Presidio New York 1,145 2,056 3,047 129 220 20.4% 4.2% 7.2% 0.7x 0.7x 9.3x 8.8x 28.7x 8.3x
Unisys Blue Bell 518 875 2,812 174 212 23.5% 6.2% 7.5% 0.3x 0.3x 4.1x 1.8x 33.4x 2.5x
Hackett Group Miami 496 501 261 36 40 37.9% 13.7% 15.4% 1.9x 1.8x 12.5x 9.8x 21.0x 14.1x
Median 1.3x 1.2x 12.6x 9.3x 42.0x 11.7x
Mean 1.3x 1.2x 12.5x 9.8x 33.4x 14.1x
Source: CapIQ, figures as of July 18th, 2019
38Source: CapIQ, figures as of July 18th, 2019 | A limiting range of 0-50x and 0-75x for EV/EBITDA and P/E respectively, has been used for normality | NM = Not Mentioned
Company HQ
LTM Operating Metrics Trading Multiples
Market Cap($ Mn)
EV ($ Mn)Revenue ($ Mn)
EBIT($ Mn)
EBITDA($ Mn)
Gross Margin EBIT Margin EBITDA MarginEV / Rev EV / EBITDA P/E
LTM NTM LTM NTM LTM NTM
Verisign USA $25,601 $26,141 $1,222 $782 $830 84.5% 64.0% 67.9% 21.4x 21.0x 31.5x 29.1x 41.9x 40.7x
Palo Alto USA $21,336 $19,861 $2,752 $6 $146 71.8% 0.2% 5.3% 7.2x 6.0x NM 23.0x NM 35.7x
Check Point Israel $17,794 $16,035 $1,936 $906 $924 89.5% 46.8% 47.7% 8.3x 8.0x 17.4x 15.7x 21.9x 18.9x
Okta USA $15,827 $15,701 $441 ($142) ($139) 71.8% (32.2%) (31.6%) 35.6x 26.9x NM NM NM NM
Fortinet USA $14,762 $13,000 $1,875 $249 $307 75.1% 13.3% 16.4% 6.9x 6.0x 42.3x 22.8x 42.3x 37.6x
Symantec USA $14,218 $16,627 $4,731 $621 $1,000 77.8% 13.1% 21.1% 3.5x 3.5x 16.6x 8.1x NM 13.0x
Zscaler USA $10,352 $9,999 $273 ($24) ($15) 80.3% (8.7%) (5.6%) 36.6x 27.0x NM NM NM NM
Cyberark USA $5,273 $4,806 $367 $57 $68 86.2% 15.6% 18.5% 13.1x 11.1x NM 43.1x NM 64.3x
Avast Czech Republic $4,108 $5,207 $808 $249 $333 70.2% 30.8% 41.2% 6.4x 6.0x 15.6x 10.9x 17.0x 13.4x
FireEye USA $3,249 $3,183 $842 ($181) ($105) 67.2% (21.5%) (12.5%) 3.8x 3.5x NM 21.5x NM 70.0x
Rapid7 USA $3,046 $2,993 $263 ($45) ($33) 71.7% (17.3%) (12.7%) 11.4x 9.0x NM NM NM NM
MimeCast UK $3,013 $2,978 $340 $1 $31 73.3% 0.2% 9.0% 8.7x 7.1x NM 41.8x NM NM
Varonis USA $2,070 $1,963 $273 ($36) ($31) 89.3% (13.0%) (11.3%) 7.2x 7.0x NM NM NM NM
SailPoint USA $1,853 $1,810 $261 $8 $19 78.2% 3.0% 7.4% 6.9x 6.3x NM NM NM NM
CarbonBlack USA $1,327 $1,193 $220 ($77) ($70) 77.9% (35.1%) (31.7%) 5.4x 4.7x NM NM NM NM
Median 7.9x 6.8x 15.6x 29.3x 17.0x 49.2x
Mean 7.1x 6.7x 15.6x 31.6x 17.0x 64.3x
39
BUYER DEAL RATIONALETARGET
The acquisition worth $950 Mn will enable Cisco customers to easily and securely connect users to any application on any networked device. It will extend Cisco’s intent-based networking into multi-cloud environments and also expand its endpoint visibility coverage
Source: CapIQ, Merger Market, Avendus Research
May-19
TARGET DESCRIPTIONCOUNTRY
Provider of mobile security technology
May-19
Feb-19
Feb-19
Sep-18
Aug-18
Aug-18
Jul-18
Mar-18
Provider of cybersecurity services for enterprises using cloud-based solutions
The acquisition worth $576 Mn will enable Orange to strengthen its position in the European cybersecurity industry. The combined entity will explore synergies and provide complex security services needed by its customers globally
Operates an automation and collaboration platforms for security operations centers that provides automated incident response workflows
Palo Alto is a provider of network security solutions and applications to enterprises, service providers and government entities and has acquired Demisto for $560 Mn to expand its incident response portfolio
Provider of cybersecurity consultancy and solutions
Carbonite has acquired Webroot for $618 Mn in line with its growth strategy to enhance its stronghold in the data protection market by adding Webroot’s MSP channel to its Value-Added-Reseller channel, thereby increasing its overall service offerings to include the endpoint backup and recovery services
Provider of cloud-based internet threat detection solutions for consumers, businesses, and enterprises
Ensign InfoSecurity has co-acquired Accel for $88 Mn to optimize their operations, accelerate both of their growth rates and advance its overall expertise across Asia
Provider of managed internet security services for micro, small, and mid-sized businesses
ADT has acquired Secure Design in line with its strategy to extend its security solutions to protect small business, networks and the critical data. It will help ADT to provide real time services to internet risks and behaviors. It will also help Secure Designs to expand its business into other region of the country
Provider of information security consultancy services The acquisition worth $184 Mn will enhance L3’s abilities, increase its responsiveness and augment its position as a leading C6ISR (Command, Control, Communications, Computers, Cyber-Defense and Combat Systems, and Intelligence, Surveillance and Reconnaissance) service provider.
Provider of managed security solutions to organizations
Provider of cyber security services to the private sector and government agencies
Corsica Technologies through EDTS will now offer 24x7x365 security monitoring, threat prevention, assessments, incident response, and consulting services as well as increase their footprint to include 7 additional locations in the Southeast
ATA’s technology will provide competitive differentiation to Critical Start in the MSSP/MDR services market. The combination of Critical Start’s CyberSOC team and ATA’s platform is expected to create synergies. It will also provide a white label offering for value added resellers and managed service providers wanting to offer differentiated solutions to their clients
40
INVESTOR
Source: CapIQ, Merger Market, Avendus Research | TV1 = Transaction Value
TV1 (MN)
$182
$950
$17
$75
$295
$200
$100
$120
$1,351
Dec-18
Nov-18
Sep-18
Sep-18
Sep-18
Jun-18
Jun-18
Nov-17
Aug-17
TARGET DESCRIPTION
Provider of a cloud-based application security platform
Engaged in providing network security products and services to governments and businesses
Managed and maintenance services provider for traditional, IP and converged voice and data networks
Provider of cloud computing, disaster recovery, colocation and other IT services
Provider of Software-as-a Service (SaaS) based next-generation endpoint protection platform
Engaged in providing online privacy and security solutions for Internet users, advertisers, and publishers
Provider of security, application delivery and data protection solutions
Provider of endpoint protection solutions with artificial intelligence
Provider of managed security solutions to help guard the intellectual property and infrastructure of enterprises
COMPANY COUNTRY
41Source: CapIQ, Merger Market
Date Target HQ Target Description Bidder Deal Value
(Mn)EV/Revenue EV/EBITDA
May-19 DeliverySlip USA Provider of email encryption, e-signatures and secure file sharing solutions Zix Corporation $14 NA NA
May-19 SecureLink NV Netherland Provider of cybersecurity services for enterprises using cloud-based solutions Orange SA $576 2.1x NA
May-19 Meta Networks Israel Provider cloud native networking and security solutions for enterprises Proofpoint $120 NA NA
Apr-19 Cognigo Israel Provider of cybersecurity services for enterprises using cloud-based solutions NetApp $60 NA NA
Apr-19 Hyundai IT South Korea Provider of information technology system integration and outsourcing services Lotte Data $47 1.2x 12.9x
Feb-19 nCipher UK Provider of cryptographic IT security solutions Entrust Datacard $397 3.5x NA
Feb-19 Demisto IsraelOwns and operates an automation and collaboration platforms for security operations centers that provides automated incident response workflows
Palo Alto $560 NA NA
Feb-19 Webroot USA Provider of cloud-based internet threat detection solutions for consumers, businesses, and enterprises Carbonite $619 2.9x NA
Jan-19 DHA Group USA Provider of mobility, cybersecurity, cloud, and IT services ECS Federal $46 0.9x NA
Dec-18 Sandz Singapore Engaged in the provision of IT infrastructure solutions and managed IT services Kronologi Asia Berhad $18 0.8x NA
Dec-18 4Degrees Colocation Canada Engaged in operating data centers Vantage Data Centers $193 NA NA
Dec-18 CIPHER USA Supplier of security information systemsProsegur Compania de Seguridad
NA NA NA
Dec-18 Danal USA Provider of software for mobile identity and authentication solutions Boku $101 19.9x NA
Dec-18 G2 USA Provides solutions to collect, target, store, analyze, and defend digital information Huntington Ingalls NA NA NA
Nov-18 Vidder USA Provides solutions to enable cloud and virtualized VPN security Verizon NA NA NA
Nov-18 SecurityMatters BV Netherland Cyber Resilience company focused on ICS/SCADA network resilience ForeScout $113 NA NA
42
Date Target HQ Target Description Bidder Deal Value
(Mn)EV/Revenue EV/EBITDA
Nov-18 BlueLine USA Provider of consulting, staffing, and managed services ThreeBridge NA NA NA
Nov-18 Spear USA Provider of IT solutions, cybersecurity, and data analytics services CALIBRE Systems NA NA NA
Nov-18 Appthority USAEngaged in developing application security solutions that help businesses identify the risks hidden inside mobile applications
Symantec NA NA NA
Nov-18 Javelin USA Provides cyber security services Symantec NA NA NA
Oct-18 tCell.io USA Provider of web application threat defense and monitoring services Rapid7 $14 NA NA
Oct-18 Hivint Australia Engaged in cybersecurity consultancy services Singtel Optus $17 NA NA
Oct-18 CorreLog USA Provider of real-time security management software and solutions BMC Software NA NA NA
Oct-18GRM Information Management
ChinaEngaged in providing management services, data protection and recovery services, and information destruction services
Iron Mountain $34 NA NA
Oct-18 Beijing BIH Tech China Engaged in providing IDC, cloud computing, and internet access solutions. Hangzhou Dacheng $19 NA NA
Sep-18 Accel Systems Singapore Provider of cybersecurity consultancy and solutions Ensign InfoSecurity $203 NA NA
Aug-18 Secure Designs USA Provider of managed Internet security services for micro, small, and mid-sized businesses The ADT $1,400 NA NA
Aug-18 Cal Net USA Provider of outsourced information technology, cloud, security, and unified communications solutions Nexus NA NA NA
Aug-18 Beijing Ruian Tech China Provider of information security product and big data service Addsino $212 NA NA
Aug-18 Duo Security USA Provider of mobile security technology Cisco $950 NA NA
Jul-18Dependable Global Solutions
USA Engaged in providing cyber security, intelligence services, and mission assurance services Integrity Applications NA NA NA
Jul-18 ScaleFT USAProvider of zero trust security solutions which helps to improve overall security posture, eliminates static credentials, device to resource visibility, improves personal security practices, and protects information
Okta NA NA NA
Source: CapIQ, Merger Market
43
Date Target HQ Target Description Bidder Deal Value
(Mn)EV/Revenue EV/EBITDA
Jul-18 Linchpin Australia Provider of information security consultancy services L3 Technologies $184 NA NA
Jul-18 Ataata USA Provider of cyber security training and awareness platform Mimecast $25 NA NA
Jun-18 Elastic Beam USA Offers artificial intelligence-based cyber security solutions Ping Identity NA NA NA
Jun-18 Icebrg USA Provider of cybersecurity services Gigamon $100 NA NA
Jun-18 Carvir USA Provider of cybersecurity and general IT services Continuum NA NA NA
Jun-18 Mi3 USA Engaged in providing security and anti-virus software for mobile applications Zimperium NA NA NA
Jun-18 Leidos USA Provides cybersecurity services Capgemini SA NA NA NA
Jun-18 Bradford USA Provider of network security solutions that minimize the risk and impact of cyber threats Fortinet $17 NA NA
May-18 Lumeta USA Developer of network intelligence and security software FireMon NA NA NA
May-18 Red Sky USA Provider of cybersecurity solutions in IT security services Presidio $41 NA NA
May-18 Sage Data USA Provider of information security services Tyler Technologies $12 NA NA
Apr-18 Fortscale USA Provides customers with new user and entity behavioral analytics RSA NA NA NA
Mar-18 Secure Thingz UK Provider of advanced security solutions for embedded systems in the Internet of Things (IoT) IAR Systems Group AB $27 NA NA
Mar-18Advanced Threat Analytics
USA Provider of managed security solutions to organizations Critical Start NA NA NA
Mar-18 Bluelock USA Provider of Disaster Recovery-as-a-Service (DRaaS) and cloud hosting solutions InterVision Systems NA NA NA
Mar-18 Evident.io USA Engaged in providing cloud security services Palo Alto $293 NA NA
Source: CapIQ, Merger Market
44
Date Target HQ Target Description Bidder Deal Value
(Mn)EV/Revenue EV/EBITDA
Feb-18 Phantom Cyber USA Provider of cyber security services Splunk $304 NA NA
Feb-18 Zenedge USA Engaged in developing web application security and distributed denial of service protection platform as a service Oracle $30 NA NA
Feb-18 Skyport USA Developer of Hyper-Secured Infrastructure that ensures the security of mission-critical IT and corporate assets Cisco NA NA NA
Feb-18 ThreatTrack USA Develops and delivers cyber security solutions that expose, analyze, and eliminate malicious threats j2 Global NA NA NA
Feb-18 Online Tech USA Provider of secure, compliant hybrid cloud, colocation, disaster recovery and data protection service Schurz NA NA NA
Feb-18 Lieberman USA Cyber security software company BeyondTrust NA NA NA
Jan-18 Sqrrl Data USA Provides a big data analytic tool for detecting, investigating, and visualizing advanced cybersecurity threats Amazon NA NA NA
Jan-18 Aware USAProvides managed wireless infrastructure solutions, security and support across the hospitality, retail, restaurant, grocery, enterprise, healthcare and education industries
SageNet NA NA NA
Jan-18 PhishLine USA Provider of software for social engineering simulation and training and enterprise level security Barracuda $25 NA NA
Median 2.1x 12.9x
Mean 4.5x 12.9x
Source: CapIQ, Merger Market
45
Date Target HQ Target Description Bidder Deal Value
(Mn)EV/Revenue EV/EBITDA
Apr-19 Verisure Sweden Provider of security service and solutions for residential and commercial marketsCorporacion Financiera Alba SA
$625 NA NA
Feb-19 Cogeco Peer 1 Canada Provider of various IT services like co-location, network connectivity, managed hosting, cloud, and managed services Digital Colony $546 NA NA
Feb-19 ShiftLeft USA Cybersecurity company Thomvest $20 NA NA
Dec-18 RegEd USA Provider of compliance software and solutions for financial services firms Gryphon NA NA NA
Dec-18 4iQ USA Identity-focused cyber intelligence company Benhamou $18 NA NA
Dec-18 360 Enterprise China Engaged in providing network security products and services to governments and businesses Alphax $182 NA NA
Nov-18 Venafi USA Cybersecurity company that develops software to secure and protect cryptographic keys and digital certificates Technology Crossover $100 NA NA
Nov-18 Raptor USA Developer of security software solutions JMI Equity NA NA NA
Nov-18 TRG Screen USA Provider of enterprise subscription management software Pamlico NA NA NA
Nov-18 Veracode USA Provider of a cloud-based application security platform Thoma Bravo $950 NA NA
Oct-18 Sygnia Israel Cyber technology company provide consulting and incident response support services Temasek $250 NA NA
Sep-18 AnchorFree USA Engaged in providing online privacy and security solutions for Internet users, advertisers, and publishers Accel $295 NA NA
Sep-18 Conapto AB Sweden Provider of cloud computing, disaster recovery, colocation and other IT services Segulah $17 1.3x 6.7x
Aug-18 Tyto Athene USA Managed and maintenance services provider for traditional, IP and converged voice and data networks Arlington $75 NA NA
Aug-18 SecurView USA Cybersecurity solutions provider RAG-Stiftung NA NA NA
Jul-18 Quantum Xchange USA Encryption security services company New Technology $10 NA NA
Source: CapIQ, Merger Market
46
Date Target HQ Target Description Bidder Deal Value
(Mn)EV/Revenue EV/EBITDA
Jul-18 CyberMDX USA Provider of medical cybersecurity solutions that delivers threat prevention for medical devices and clinical networks Pitango $10 NA NA
Jul-18 A-LIGN USA Provider of cybersecurity and compliance solutions FTV $55 NA NA
Jul-18 Centrify UK Provider of security and compliance solutions for on-site and cloud-based systems Thoma Bravo NA NA NA
Jul-18 Global Switch UK Provider of data center, data storage and disaster recovery services Strategic IDC $2,765 NA NA
Jun-18 CrowdStrike USA Provider of Software-as-a Service (SaaS) based next-generation endpoint protection platform General Atlantic $200 NA NA
Jun-18 Cylance USA Provider of endpoint protection solutions with artificial intelligence Blackstone $120 NA NA
Apr-18 Sayers USA Provider of data center infrastructure and enterprise security products and other IT solutions Mosaic $295 NA NA
Apr-18 SiteLock USA Website security solutions company ABRY NA NA NA
Feb-18 HelpSystems USA Provider of systems and network management, business intelligence, and security and compliance solutions H.I.G. $1,200 NA 15.0x
Feb-18Skout Secure Intelligence
USA Provides cyber security services RSE $30 NA NA
Jan-18 Aspect Security USA Cybersecurity consulting firm EY $11 NA NA
Jan-18 Cyberinc USA Identity and access management business of Cyberinc KPMG NA 1.3x NA
Median 1.3x 10.9x
Mean 1.3x 10.9x
Source: CapIQ, Merger Market
47
Abbreviation Full term
AEM Advanced and Emerging MSS
APAC Asia Pacific
APT Advanced Persistent Threats
BFSI Business, Financial Services, and Insurance
CCPA California Consumer Privacy Act
CPE Common Platform of Enumeration
DDoS Denial of service
DRaaS Disaster Recovery-as-a-Service
EMEA Europe, Middle East, and Africa
GDPR4 General Data Protection Regulation
IDPS Intrusion detection and prevention systems
IDS Intrusion detection system
IoT Internet of Things
IP Internet Protocol
ITeS Information Technology enabled Services
MDR Managed Threat and Response
MSS Managed Security Service
Abbreviation Full term
MSSP Managed Security Service Provider
NA North America
OEM Original Equipment Manager
OT Operational Technology
PCI DSS3 Payment Card Industry Data Security Standard
RCM Risk and Compliance Management
SAMM Software Asset Monitoring and Management
SI Security Intelligence
SIEM Security Information and Event Management
SLA Service Level Agreement
SMB Small and Medium Sized Businesses
SOC Security Operations Center
SVM Support Vector Machine
TIRDR Threat Intelligence, Research, Detection, and Remediation
TISS Threat Intelligence Services Spending
TSP Total Services Provider
UTM Unified Threat Management
48
www.avendus.com
49
Kolkata
PS Arcadia, 7th Floor, Unit 7B, 4A Camac Street, Kolkata – 700016
London
Avendus Capital (U.K.), Private Limited33, St James's Square, London SW1Y 4JS
New York
Avendus Capital Inc., 445 Park Avenue, 19th Floor, New York, NY 10022
Mumbai
IL&FS Financial Centre, C & D Quadrant - 6th Floor Bandra-Kurla Complex, Bandra (East), Mumbai -400 051
Delhi
901-B, Time Tower, M.G.Road,Gurgaon, Haryana – 122002
Bengaluru
The Millennia Tower, A - 10th Floor, No 1 & 2, Murphy Road, Ulsoor Bangalore - 560 008
Hyderabad
Office No. 180, Regus-Level 1,Midtown, Road No 1, Banjara Hills,Hyderabad – 500034
Copyright © 2018 Avendus. All rights reserved. Avendus Capital Private Limited : CIN : U99999MH1999PTC123358 | SEBI Registration no. : Merchant Banking - INM000011021 Avendus Wealth Management Private Limited : CIN : U67120MH2008PTC179931 | SEBI Registrationno.: PMS - INP000005257 | RIA no: INA000006527 | SEC- USA : CRD No. 156771 Avendus Capital, Inc: FINRA-USA: CRD No. – 150160 | Avendus Capital(UK) Private Limited: FCA-UK: 493919 Authorised and regulated by the Financial Conduct Authority (FRN 493919) | AvezoAdvisors Pvt. Ltd.: CIN: U74120MH2014PTC255373 | SEBI Registration No. Portfolio Manager - INP000004607 | Manager to SEBI registered Category -I Alternative Investment Fund - Zodius Technology Fund - IN/AIF1/14-15/0126 | Manager to SEBI registered Category IIIAlternative Investment Fund- Avendus India Opportunities Fund III - IN/AIF3/12-13/0033 Avendus Capital Public Markets Alternate Strategies LLP - LLP Identification no.- AAI-3806 | Investment Manager to SEBI Registered Category – III Alternative Investment Fund – AvendusAlternate India Fund - IN/AIF3/16-17/0304. |Manager to SEBI registered Category III Alternative Investment Fund- Avendus Equity Opportunities Fund – IN/AIF1/17-18/0360.
Office No. 180, Regus-Level 1,Midtown, Road No 1, Banjara Hills,Hyderabad – 500034
Ahmedabad
50
This document is being furnished to you by Avendus Capital Private Limited for itself and its affiliates strictly on a confidential basis. The document is for informational purposes only and
should not be regarded as an offer to sell, or offer for subscription, or as a solicitation of an offer to buy the securities or other investments mentioned in it. This information profile has been
provided to its recipient upon the express understanding that the information contained herein, or made available in connection with any further investigation, is strictly confidential and is
intended for the exclusive use of its recipient and shall at all times be considered as proprietary and/or legally privileged. It shall not, either directly or indirectly, be photocopied, printed,
reproduced and/or distributed to any third party in any manner at any time without prior written consent.
This document is neither a prospectus nor an invitation to subscribe to securities or other investments. Nothing in this document is intended to constitute legal, tax, securities or investment
advice, or opinion regarding the appropriateness of any investment, or a solicitation for any product or service. The information herein is subject to change without notice. Avendus Capital
Private Limited does not represent, either express or implied, that any information, including any third party information, is accurate or complete and it should not be relied upon without
proper investigation on the part of the investor/s.
Neither Avendus Capital Private Limited nor its affiliates nor any of its officers or employees accept any liability whatsoever for any loss arising from any use of this document or its
contents. The recipient of this document should rely on their own investigations and take their own professional advice. While we endeavor to update on a reasonable basis the information
discussed in this material, there may be regulatory, compliance, or other reasons that prevent us from doing so. Any review, dissemination, distribution or copying of the information of this
document or taking any action in reliance on the contents of this document by person(s) or entities other than intended recipient is strictly prohibited and unlawful.
Investments in securities/equity related instruments are subject to market risk. These risks could be security specific or market specific and arising from company, industry, political,
economic (both domestic and global), etc, factors. Investor/s should carefully read all disclosure documents before investing and shall not make Avendus Capital Private Limited and/or its
associates/employees liable for any risks/losses pertaining to any product/scheme offered by them from time to time.
Past performance does not indicate the future performance of any current or future fund or strategies advised or managed by Avendus Capital Private Limited or its affiliates.
Distribution of this document in some jurisdictions may be restricted or prohibited by law and regulation, and accordingly recipients of this document represent that they are able to receive
it without contravention of any unfulfilled registration requirements or any other legal or regulatory restrictions. Recipients of this document in such jurisdiction should fully inform
themselves about and observe all applicable legal or regulatory requirements and Avendus Capital Private Limited and its affiliates, directors, shareholders, managers, officers,
employees, agents and advisors, do not accept any liability to any person in relation thereto.
For the purposes of distribution within the United Kingdom, this communication is exempt from the financial promotion restriction in Section 21 of the Financial Services and Markets Act,
2000 relating to the communication of an invitation or inducement to engage in investment activity on the grounds that it is made to those persons falling within the following Articles of the
Financial Services and Markets Act 2000 (Financial Promotion)Order 2005, as amended: Article 19 (Investment Professionals) and Article 49 (High Net Worth Companies). Any investment
to which this communication relates is only available to investment professionals and high net worth companies.
If you have received this document erroneously, please immediately and permanently delete all copies from your system(s) and notify Avendus Capital Private Limited or any of its
affiliates by telephone or email.