Euro Security Watch with Mathew J. Schwartz

Cybersecurity , Data Breach

Why FireEye Snapped Up iSight Partners $200 Million Threat Intelligence Move Sees Cybersecurity Firm Growing
Why FireEye Snapped Up iSight Partners

With cybersecurity stocks having taken a dive in recent months, this week's announcement from cybersecurity heavyweight FireEye (FEYE), based in Milpitas, Calif., that it's acquired rival threat-intelligence firm iSight Partners, based in Dallas, shouldn't take anyone by surprise.

See Also: Faster Payments, Faster Fraud?

The acquisition looks like an attempt to make FireEye the biggest enterprise threat intelligence - to help to spot hacker reconnaissance and block attacks before they happen - as well as breach-response kid on the block, thus potentially squeezing out rivals. For iSight's stockholders, the deal gives them a cash-out strategy. And with the overall weak stock market and many cybersecurity companies' revenue forecasts going out of the window, some analysts suspect that more standalone threat-intelligence players will soon be snapped up (see Volatile Stock Market: Cybersecurity Fallout?).

"This deal satisfies FireEye's 'threat intelligence appetite.'" 

Of course, hack attacks and data breaches aren't going away - and breached organizations need someone to help them clean up the mess. Even so, many cybersecurity firms have been seeing declining demand for their products and services, according to many analysts, who think continuing market consolidation is likely.

Now, however, FireEye looks to be doubling down on threat intelligence - Mike Spanbauer, research vice president for NSS Labs, an independent network and testing and consulting firm based in Austin, says this deal satisfies FireEye's "threat intelligence appetite." Seeing a glut of stand-alone threat-intelligence vendors on the market, he too forecasts ongoing consolidation.

FireEye previously acquired incident-response firm Mandiant in 2014 for $1 billion, creating a breach-detection and investigation powerhouse (see FireEye Acquires Mandiant). Indeed, FireEye has reportedly been hired to handle breach assessment, mitigation and cleanup everywhere from Target, JP Morgan Chase and Sony Pictures Entertainment to Anthem, Affinity Gaming and VTech.

What $200M Buys in Threat Intelligence

FireEye announced its $200 million iSight acquisition deal on Jan. 20, noting the deal closed Jan. 14. Under the terms of the deal, FireEye will pay approximately $200 million in cash to the former iSight shareholders, who stand to earn up to $75 million more in cash if the firm hits unspecified threat-intelligence revenue targets on or before the end of FireEye's second quarter of 2018.

After the acquisition was announced, FireEye's stock gained 6 percent in after-hours trading, rising the same day that it hit an all-time low of $13.95, well below the 2013 IPO price of $20. The deal followed rumors last month that FireEye or Fortinet might be making a bid for Israeli cybersecurity firm CyberArk. Last week, meanwhile, rumors centered on Israeli firm Check Point Software Technologies pursuing CyberArk instead.

iSight Partners has long tracked multiple advanced persistent threat attack campaigns, including discovering the APT group known as the Sandworm Team, which appears to be tied to Russia. iSight currently sports about 350 employees, including 250 cyber-threat intelligence experts working across 17 countries and covering 29 languages, according to FireEye. It adds that iSight has invested almost $100 million in the past five years in its threat-intelligence capabilities. In April 2015, iSight Partners also acquired Idaho-based industrial control system threat-intelligence provider Critical Intelligence, three months after announcing that it had closed a $30 million round of funding with Bessemer Venture Partners.

"The biggest mistake most people make is thinking threat intelligence is a collection of virus definitions in a shared database," says Dave DeWalt, FireEye CEO and chairman of the board, in a statement. "As the cyber operations become integrated with physical, geopolitical and competitive conflict, an intelligence-led approach to security will be key in detecting the most sophisticated threats and responding to them quickly and effectively."

But citing increased competition from Palo Alto Networks and Check Point, analyst firm Piper Jaffray recently reduced its revenue forecast for FireEye, reports financial news site Bidness. The analyst firm also warned that FireEye's products were relatively pricey compared to the competition, thus leaving the cybersecurity firm vulnerable in the market.

Why iSight Agreed to Merger

The iSight sale price is worth less than the firm recently hoped to command. In August 2015, iSight Partners CEO John Watters said he hoped to take the company public for a valuation worth at least $1 billion. But he tells Reuters that he changed his mind after getting new investments grew more difficult. "Investors are more discerning," Watters says. "I thought our ability to execute alone was risky and would not give us the full leverage of what we could achieve through a merger."

Now FireEye will use the iSight acquisition to try to better differentiate itself from competitors, and it says that iSight-generated intelligence will immediately begin flowing to existing customers. "With higher quality alerts and the context to prioritize the most critical attacks with the response information at their fingertips, we solidify our role as an essential part of our customers' security infrastructure," says Michael Berry, FireEye's CFO, in a statement. "By delivering nation-state grade threat intelligence to commercial customers, we create new cross-sell opportunities that will drive new subscription revenue and increasing renewal value for existing customers."

The company this week also announced that it soon plans to begin selling intelligence subscriptions that cater to specific industry verticals, which will mirror a planned link-up with Visa that will target the financial services sector.

Life After a Friendlier China

At the same time, FireEye has reduced its full-year 2016 revenue projections from $821.6 million to $789.3 million, blaming shorter U.S. contracts, weak markets in Europe and a decline in the value of large deals.

The warning follows the company announcing lower-than-expected third-quarter earnings results in November 2015. At the time, FireEye's DeWalt controversially blamed the revenue shortfall on improved U.S.-China cybersecurity relations and a corresponding "reduction in the threat landscape."

But heads of many rival threat-intelligence firms targeted DeWalt's claims with extreme prejudice. "I don't know what planet he lives on," Orion Hindawi, CTO of FireEye competitor Tanium, told The Wall Street Journal. "I haven't seen any reductions in attack volume or severity."

Symantec Deal Takes $1B Bath

In other cybersecurity news, Symantec on Jan. 19 announced that the terms of its August 2015 deal to sell storage division Veritas to asset management firm The Carlyle Group for $8 billion in cash had been revised (see Security Sector Business Roundup).

Symantec says the deal changed "after uncertainties developed regarding the transaction," and that it now expects it to close the Veritas deal Jan. 29 with a revised purchase price of $6.6 billion in cash. To help make up some of the difference, Carlyle will double the amount of offshore cash in Veritas from $200 million to $400 million and also take a $400 million equity interest in Veritas, thus making the deal now worth $7 billion.

Michael A. Brown, Symantec's president and CEO, defended the revised deal, citing the current "difficult environment" and noting that it would finally allow his company to focus solely on cybersecurity. Symantec originally purchased Veritas for $13.5 billion in 2005, but was never able to convincingly blend the security and storage businesses.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the Executive Editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, amongst other publications. He lives in Scotland.

Around the Network