You are on page 1of 211

Eric McAlpine

Managing Partner
eric@momentumcyber.com
Michael Tedesco
Managing Partner
michael@momentumcyber.com
Keith Skirbe
Director
keith@momentumcyber.com
Dino Boukouris
Director
dino@momentumcyber.com
Jeremy Isagon
Associate
jeremy@momentumcyber.com
Jay Keswani
Analyst
jay@momentumcyber.com

Special Contributors:
Dave DeWalt, Bob Ackerman (AllegisCyber),
Yoav Leitersdorf & Ofer Schreiber (YL Ventures)
Cybersecurity Almanac | 2018
Cybersecurity Almanac | 2018 v1.0
Momentum Cyber Is Pleased To Release Its Inaugural 2018 Almanac.

▪ We are dedicated to consistently providing valuable insights on the fast growing and rapidly evolving Cybersecurity landscape
Purpose ▪ We publish the Almanac with the sole purpose of sharing the document with the growing Cybersecurity ecosystem to create awareness around
key industry topics and trends

▪ The 2018 Almanac takes a deep dive into the year that was and puts focus to key topics on the year ahead
▪ This year’s edition is our most in-depth industry review compared to prior years as we present you a detailed view on key industry trends,
private and public market activity, major news and events, and all things “Cyber”. Some key highlights include:
- A revamped copy of our often referenced CYBERscape to accurately capture the continuously evolving industry taxonomies
- An examination of the past 10 years of Cybersecurity transactions (M&A and VC / PE) to provide valuable insights, identify key industry
Background trends, and 2017 competitive performance
- Profiled some of the year’s high-profile data breaches and provided a rich summary and timeline of events
- Focused on key regulatory changes as well as industry sectors that are center stage with higher than average strategic activity
- Spotlighted leading, Cyber-focused investors that increasingly play an integral role in the industry’s most innovative startups
- Highlighted key M&A and financing transactions as well as IPOs and public market performance

▪ We maintain the industry leading proprietary M&A and Financing Transaction Database – unrivaled in its accuracy, quality, and scale
Disclaimer ▪ We complement our proprietary database with data from various industry leading databases and research publishers, primarily from North
America and around the world, representing millions of data points and decades of institutional industry knowledge and experience

1
Key Cybersecurity Trends & Predictions
Trends & Predictions – Looking Back And Ahead.

Key Trends | 2017 Key Predictions | 2018

Large Tech Vendors Will Look To Break Into Cybersecurity


Another Milestone Year for M&A and Financing Activity
Via M&A – Playing Catch-Up With Incumbents

2017 Was The Year Of Ransomware While High Profile Automation Will Be More Widely Adopted As Skills Shortage
Data Breaches Continued To Make Headlines Is Exacerbated; Emphasis On Efficacy of Big Data Analytics

Public Markets Were Active and Performed Well – 3 IPOs, Consolidation Will Accelerate Across Highly Fragmented &
Strong Stock Performance & Increased Valuations Competitive Sectors Including Endpoint & Authentication

Attack Surface Continued To Increase, More Than Doubling Stricter Compliance Requirements Will Bring Data Centric /
Vulnerabilities – Driven by Migration To The Cloud & IoT Privacy Assets Into Focus – GDPR Is Approaching

MSSP Consolidation Reached New Heights And Was Stock Market Momentum And Strong IPO Pipeline Will Lead
The Most Active Sector To A Robust Cybersecurity IPO Market, Surpassing 2017

Private Equity Continued Its ‘Love Affair’ With Cybersecurity AI vs AI – We Will See A Rise In AI-Based Attacks With
Cybercriminals Leveraging Machine Learning For Attacks

2
Looking Back…A Snapshot of 2017
Records Are Meant To Be Broken – Another Banner Year For Cybersecurity.

in potential costs from WannaCry


$4.0B ransomware attack that infected
Category 5 breach compromises
$20.4B Total M&A Volume
200k computers in over 150
countries including
145.5M $5.1B Total VC Investments

7 ≥ $100M
consumers’ data
$6.5B Physical crosses over
to Cyber 145.5M 209.0K
Capital raises

Private Equity ‘s acquires


$125M $100M $100M
Names, Addresses, Credit Card
Social Security Numbers
Cybersecurity Numbers $125M $100M $150M $100M

4.4x
Cybersecurity multiples continue to rise

101% 83% 49%


3 IPOs $1.4B
acquisition of
EV / Rev 35% 34% 32% Cyber IPO market rebounded to form by

26
MSSP M&A
Transactions 5 Acquisitions
Completed
$6.9B bid tops
Barracuda goes private
led all
acquirers
$5.0B bid for again after 12 quarters
as a public company
…..2nd largest cyber transaction in history
About The Authors
Momentum Cyber Is Pleased To Release Its Inaugural Cybersecurity Almanac For 2018.

Momentum Cyber About Us

Momentum Cyber is the premier trusted advisor to the Cybersecurity industry providing 2018 33 $14B 200+ $200B+
bespoke high-impact advice combined with tailored senior-level access. The firm was Year Founded After Highly Successful Cybersecurity M&A Transactions & Total Deal Total M&A Transactions & Deal
Wall Street & Cybersecurity Executive Value Executed By Team Members Since 2002 Value As A Team Since 1994
founded by world-class operators and advisors and caters to the unique needs of both Careers
earlier stage Founders, CEOs, & Boards as well as the complexity of later stage & public
companies throughout their lifecycle – Incubation to Exit. $433M $140M $20B+ 70+
Average & Median Cybersecurity Value Creation To Shareholders As Combined Years In Cybersecurity As
M&A Deal Value CEO, Board, & Investor World-Class Operators & Advisors
The Founders
World Class Operators & Advisors

Cyber Exit Savvy – Deep Expertise Selling Unparalleled Access Across the Unrivalled Thought Leadership Through
to Strategic & Financial Buyers Cybersecurity Ecosystem with Executives, Insightful Research, Market Reviews, &
Board Members, Investors, & CISOs Speaker Engagements

ADVICE ACCESS EXECUTION


Dave DeWalt Michael Tedesco Eric McAlpine Dino Boukouris Keith Skirbe INCUBATION EXECUTIVES SELLSIDE M&A
Founder & Founder & Founder & Founding Member Founding Member
Chairman Managing Partner Managing Partner & Director & Director OPERATIONS ENTREPRENEURS BUYSIDE M&A
CORPORATE FINANCE BOARD MEMBERS DIVESTITURES

200+ Deals $200+ Billion MANAGING GROWTH


STRATEGY & CORP DEV
INVESTORS
POLICY INFLUENCERS
JOINT VENTURES
VALUATIONS
MERGERS & ACQUISITIONS CHIEF SECURITY OFFICERS CORPORATE DEVELOPMENT

41%
$433M Average 19% Selected Transaction Experience
Strategics PE / VC
59%
47%
34%
$140M Median
Buyside Sellside <$100M $100M - $400M >$400M

4
Special Contributors
We Would Like To Thank Our Special Contributors.

Dave Robert Yoav Ofer


DeWalt Ackerman Jr. Leitersdorf Schreiber

Dave has spent over 30 years in the Technology Bob founded Allegis in 1996 after a successful Yoav, Managing Partner at YL Ventures, Ofer is Partner and Head of the Israeli
industry holding a series of leadership positions in career as a serial entrepreneur, with a mission to has been a successful tech entrepreneur office at YL Ventures and has broad
some of the industry’s most innovative and build a seed and early-stage venture firm that would and investor for 25 years. He founded YL responsibilities across deal sourcing,
successful companies. He is a Founder & Chairman combine operational experience with an Ventures, which invests in early stage investment due diligence and portfolio
at Momentum Cyber and is a Managing Director at entrepreneurial spirit and a focus on forging true cyber and technology companies and company value-add.
Allegis Cyber where he conducts his early and partnerships with portfolio companies to build accelerates their evolution via strategic
growth stage investing activities. successful and sustainable cybertechnology advice and Silicon Valley-based Ofer currently serves as a board observer
companies. He has been recognized as a Fortune operational execution. of Medigate, Axonius, Karamba Security
Dave has been a successful CEO for 17 years, with 100 cybersecurity executive and also as one of and Twistlock. He served as a board
his most recent stint as FireEye’s Chief Executive “CyberSecurity’s Money Men” Yoav currently serves on the boards of observer of Hexadite until it was acquired
Officer from November 2012 to June 2016 and five YL Ventures portfolio companies: by Microsoft and FireLayers until it was
Chairman of the Board from June 2012 to January As an entrepreneur, Bob was the President and CEO Medigate, Axonius, Karamba Security, acquired by Proofpoint. Prior to YL
2017. Dave was President and Chief Executive of UniSoft Systems, a global leading UNIX Systems Twistlock, and Upstream Commerce. Ventures, he was at IVC Research Center
Officer of McAfee, from 2007 until 2011 when House and the Founder and Chairman of InfoGear Yoav's expertise and work has been where he spent nearly three years
McAfee was acquired by Intel Corporation. Technology Corporation, a pioneer in the original featured in The Wall Street Journal, researching and analyzing the technology
integration of web and telephony technology and Bloomberg Businessweek, Fortune, and venture capital industry specializing
Dave was named one of the 25 most influential creator of the original iPhone. Wired, TechCrunch, Re/code, in telecommunications, internet and
executives in high technology by the readers of the VentureBeat, InformationWeek and SC mobile sectors and also conducted
industry publication CRN. He has spoken at the Outside of Allegis, Bob teaches New Venture Magazine. research related to investment firms.
World Economic Forum on the issue of cyber Finance in the MBA program at the University of
security and keynoted at several technology industry California, co-manages his family’s small Napa
conferences including Interop and Software 2008 Valley winery – Ackerman Family Vineyards, and
and RSA. enjoys fly fishing.

5
Table of Contents
A Comprehensive Review Of The Cybersecurity Strategic Landscape In 2017.
I. Executive Summary 7
▪ Cybersecurity Market Year In Review ▪ A Summary of Strategic Activity | 2017
▪ The Cybersecurity Dashboard ▪ CYBERscape
II. Cybersecurity Industry Perspectives 12
▪ Private Equity Continues To Cybersecurity ▪ The Cybersecurity Skills Shortage
▪ Private Equity By The Numbers ▪ Data Privacy
▪ The State of Israel’s Cybersecurity Market ▪ Cloud Security
▪ CYBERscape | Israel ▪ Sector Focus: Cloud Infrastructure, Managed Detection & Response, Continuous Security Assessment, Security
▪ Data Breach Tracker: As of December 31, 2017 Analytics, Strategic Next-Gen MSSP
▪ A Tale of Two Breaches: Equifax & Uber ▪ Investor Spotlight: Cybersecurity Start-up Studios, Highly Specialized Cyber Investors, Corporate VCs
▪ The Cybersecurity Mega Cycle Aftermath ▪ Major Industry Conferences | 2018
▪ Cybersecurity Automation Is Coming To The Rescue
III. Public Company Trading Analysis 34
▪ Cyber Multiples Continue To Increase ▪ The Correlation Of Value To Growth & Profitability Continues To Rise…
▪ Significant Growth in Public Cyber Companies | 2010 to 2018 YTD ▪ …While The Correlation To Growth Alone Remains Weak
▪ Cybersecurity IPO Insights: Three Cybersecurity IPOs In 2017 ▪ Trading Multiples: High Growth & Low Growth
▪ Cybersecurity Sector vs Benchmark Performance ▪ Public Company Trading Analysis & Operating Metrics
▪ Public Cybersecurity Companies Stock Performance ▪ 2017 IPO Cybersecurity Profiles (SailPoint, ForeScout, Okta)

IV. M&A Activity In Cybersecurity 57


▪ Cybersecurity M&A Activity | 2010-2017 ▪ Cybersecurity M&A: A Closer Look At Deal Value & Multiples
▪ Closer Look at Recent Cybersecurity Exits | Part 1 ▪ Notable Cybersecurity M&A Transactions | 2016 to 2017
▪ Closer Look at Recent Cybersecurity Exits | Part 2 ▪ Backup Data For Transaction Stats

V. Financing Activity In Cybersecurity 82


▪ Financing Activity Since 2010
▪ Notable Cybersecurity Financing Activity | 2016 – 2017
▪ Cybersecurity Startups & Investors
▪ Backup Data For Transaction Stats
▪ Cybersecurity Funding By The Numbers
VI. Transaction Profiles 106
▪ Selected Momentum M&A Transactions ▪ Highlighted M&A & Fundraising Activity
VII. About Momentum Cyber 234
▪ Momentum Cyber: Lifecycle Advisory For Cybersecurity ▪ Tremendous M&A Track Record In Cybersecurity
▪ About The Firm ▪ M&A In Cybersecurity | A CEO’s Unique Perspective
▪ The Launch of Momentum Cyber ▪ Momentum’s Vast Cybersecurity Network & Reach
▪ Balanced & Highly Experienced Advisors ▪ Thought Leadership In Cybersecurity

6
I. Executive
Summary
Cybersecurity Market Year In Review
Deal Activity Including IPO, VC / PE Financings, & M&A Surpassed 2016 Across The Board.
Records Are Meant To Be Broken – Another Banner Year for Cybersecurity
▪ The Cybersecurity market continued its torrid and record pace in 2017 with public and private market strategic activity reaching new heights – yet again!
▪ The acceleration of deal activity was driven by an ever-evolving threat landscape that resulted in…
- A number of high profile and unprecedented data breaches (e.g., Equifax and Uber) that levied significant personal impact
- As well as ransomware (e.g., WannaCry and NotPetya) that locked customers out of their data and shut down some organizations across the globe costing billions in damages

I. Public Market Valuations II. IPO Activity III. M&A Activity IV. Financing Activity
Still Off The “Peak” But Well Riding The Wave Of Interest Another Record Year, Led By Another Record Year, Mega
Above the “Trough” In Cybersecurity Increased Deal Velocity Rounds Led The Way
▪ Valuation multiples for our public Cybersecurity ▪ Turning the page from 2016 where there was only 1 ▪ A record 178 M&A transactions were completed ▪ A record 326 transactions and $5.1B in transaction
company universe continued to increase during 2017 Cybersecurity IPO (Secureworks), 2017 saw 3 totaling $20.4B in transaction volume, compared to volume compared to 278 transactions and $4.5B in
and have increased 43% from the “Trough” back in Cybersecurity IPOs (Okta, Forescout, and SailPoint). 158 transactions and $21.0B in volume in 2016 volume in 2016
June 2016 The last time we had as many IPOs was 2015 when
▪ 46% of deals with disclosed values were >$100M in ▪ YoY distribution of number of deals by stage was
Sophos, Rapid7, and Mimecast entered the public
▪ The Cybersecurity HACK index increased 19% during 2017 compared to 29% in 2016 relatively unchanged with 60% of deals Seed / Early
markets
2017, in-line with the S&P 500 at 18%, albeit Stage to Series A and the remaining 40% Series B+.
▪ Symantec continued its acquisition spree and was the
considerably below the NASDAQ at 27%. ▪ We expect to see as many, if not more, IPOs in 2018 Median deal sizes were unchanged across stages,
most active acquirer in 2017 completing 5
Momentum’s High Growth public Cybersecurity with a strong IPO pipeline – Zscaler (confidentially except for Series C+ which increased 27% YoY
acquisitions totaling $464M in disclosed transaction
company index on the other hand outpaced all filed 10/26/17), Carbon Black (confidentially filed
volume ▪ 30 companies raised $40M or more totaling $2.3B in
indices, increasing 35% 10/3/16), Tanium, Darktrace, Pindrop Security,
transaction volume, nearly 50% of volume for the year
Illumio, Cloudflare, and Avast
▪ The top stock price performance movers during 2017
($6.9B) ($1.4B) ▪ 7 companies raised $100M or more
were: ▪ Okta, Forescout and SailPoint have all outperformed
since their IPOs with each currently trading above
their IPO price as of January 25th, 2018 ($614M) ($548M)

118% 86% 64% $150M $100M $125M


($1.5B) ($325M)

60% 55% 53% $100M $100M $89M


(NA) ($1.2B)
55% 80% 42%
44% 28% 25% (~$150M) ($225M) $88M $75M $40M

8
The Cybersecurity Dashboard
$5.1 Billion 326 $20.4 Billion 178
2017 Financing Volume 2017 Financing Transactions 2017 M&A Volume 2017 M&A Transactions

Notable Financing Transactions Financing Activity Monthly Deal Count Pulse Financing M&A
M&A Activity Notable M&A Transactions
$21.0 $20.4 Target Acquirer Amount ($M)
Date Company Amount ($M) $5.1
$4.5 30
12/01/17 $211 25 $6,885
20
10/25/17 150 1,603
15
06/07/17 125 10 1,405
5
08/04/17 125 1,329
2016 2017 Jan-16 Mar-16 May-16 Jul-16 Sep-16 Nov-16 Jan-17 Mar-17 May-17 Jul-17 Sep-17 Nov-17 2016 2017
06/21/17 100 Deal Value ($B) Deal Value ($B) 1,150
Public Comps Cyber M&A Volume Distribution
Max 8.6x 2016 2017 178
06/06/17 100 326 Max 7.9x 158 950
278 Website Security
12% 14%
Median 4.4x 24% 614
05/25/17 100 8%
10%
Median 3.4x 42%
05/17/17 100 548
Min 1.5x
Min 1.3x 17% 13%
04/05/17 89 41% ~400
19%
2016 2017 2016 2017 2016 2017
09/05/17 88 (EV / 2016E Rev) (EV / 2017E Rev) 325
Deal Count Multiple as of 12/31/16 Multiple as of 12/31/17 $0-$25M $25M-$50M $50M-$250M $250M-$1B $1B+ Deal Count

MSSP Financing Activity M&A Activity


Identity & Access Management
15 6 20 9 9 4
Risk & Compliance
18 25 19 44 7 19 6 6 26
Fraud Prevention / Transaction Security 5 9 7
Web Security 16 28 2 7
Specialized Threat Analysis & Protection 30 7 21
17 28 10
Network Security
2016 2017 5 2016 2017 25
Data Security 16 17
12 Total: 278 Total: 326 Total: 158 11 Total: 178
Threat Intel / SecOps / IR
6 6 26 9
Messaging Security 7
8 24 11
Endpoint Security
32 5 17
Industrial / IOT Security 33 35
39 16 12
Mobile Security 12
Application Security 32 15 22 21 8 7 7 12 12
Cloud Security

Note: All Financing data does not include deals with disclosed values of less than $1M. Financings include primary & secondary transactions.
A Summary Of Strategic Activity | 2017
Strategic Activity Continued A Robust Pace In 2017.

Selected Acquisition Activity Selected Financing Activity Public Equity


(Date: Implied Enterprise Value) (Date: $ Raised / Funding Stage) (Date: $ Raised)

12/17: $6.9B 11/17: $1.4B 11/17: NA 11/17: $60M 10/17: $150M / PE 10/17: $70M / D 10/17: $50M / C Filed Confidentially Filed Confidentially
on 10/26/17 on 9/30/16

11/17: NA 11/17: $110M 10/17: $548M 10/17: ~$400M 9/17: $27M / B 9/17: $26M / C 9/17: $88M / D
11/17: IPO: $240M
11/14: PE Buyout

10/17: $1.3B 10/17: $1.3B 9/17: $350M 9/17: $225M 8/17: $125M / PE 7/17: $35M / A 7/17: $75M / D
10/17: IPO: $116M
1/16: Series G: $80M
1/15: Series F: $30M
1/08: Series E: $4M
8/17: ~$150M 8/17: $950M 7/17: $245M 7/17: $200M 7/17: $28M / C 6/17: $125M / D 6/17: $100M / E 10/07: Series D: $14M $159M
3/03: Series C: $10M
12/01: Series B: $12M
9/00: Series A: $9M

7/17: $225M 7/17: $42M 5/17: $100M 4/17: $215M 6/17: $100M / D 5/17: $100M / Venture 5/17: $100M / D

4/17: IPO: $187M


9/15: Series F: $75M
4/17: NA 3/17: $350M 3/17: $614M 2/17: $105M 4/17: $89M / F 3/17: $12M / B 3/17: $15M / D 6/14: Series E: $75M
9/13: Series D: $27M $229M
12/12: Series C: $25M
8/11: Series B: $17M
2/10: Series A: $10M
2/17: $325M 2/17: $120M 1/17: $1.6B 1/17: $1.2B 2/17: $40M / C 1/17: $70M/ C 1/17: $45M / C

Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Capital IQ, 451 Group, Crunchbase, and TechCrunch.
10
scape v2.5
Network & Infrastructure Security Web Security Endpoint Security Application Security
Advanced Threat Protection ICS + OT Endpoint Prevention WAF & Application Security

NAC SDN DDoS Protection DNS Security

Vicarius
Network Analysis & Forensics Endpoint Detection & Response
Application Security Testing

Network Firewall

Deception

MSSP Data Security Mobile Security


Traditional MSSP MDR Encryption DLP Data Privacy Other

Risk & Compliance Security Ops & Incident Response Threat Intelligence IoT Messaging Security
Risk Assessment & Visibility Security Ratings SIEM IoT Devices

Automotive
Pen Testing & Breach Simulation GRC Security Awareness & Training

Connected Home

Security Incident Response

Identity & Access Management Digital Risk Management Security Consulting Blockchain
Authentication

Fraud & Transaction Security


IDaaS Security Analytics

Privileged Management
Cloud Security
Infrastructure CASB
Identity Governance Container

Consumer Identity
II. Cybersecurity
Industry
Perspectives
II. Cybersecurity Industry Perspectives
Section Content.

i. Private Equity Continues To Cybersecurity 14

ii. Private Equity By The Numbers 15

iii. The State of Israel’s Cybersecurity Market 16

iv. CYBERscape | Israel 17

v. Data Breach Tracker: As of December 31, 2017 18

vi. A Tale of Two Breaches: Equifax & Uber 19

vii. The Cybersecurity Mega Cycle Aftermath 20

viii. Cybersecurity Automation Is Coming To The Rescue 21

ix. The Cybersecurity Skills Shortage 22

x. Data Privacy 23

xi. Cloud Security 24

xii. Sector Focus: Cloud Infrastructure, MDR, Continuous Security Assessment, Security Analytics, Strategic Next -Gen MSSP 25-29

xvii. Investor Spotlight: Cybersecurity Start-up Studios, Highly Specialized Cyber Investors, Corporate VCs 30-32

xviii. Major Industry Conferences | 2018 33

13
Private Equity Continues To Cybersecurity
The Highly Fragmented Cybersecurity Market Lends Itself To the PE Platform / Roll-Up Playbook.

PE Firm Platform Add-Ons Exit Recent Cybersecurity PE Activity

($2.4B / NA) ($4.7B / 7.9x) Target

None
($971M / 2.7x) ($1.9B / NA) Acquirer

($550M / 1.9x)
Beep Science ($890M / 2.0x)
EV $119M ~$150M NA $325M $1.9B $1.3B $488M $1.5B NA

(NA / NA) ($710M / 6.0x)


▪ These companies and their sponsors are expected to utilize M&A to complement organic growth
(NA / NA) ($1.9B / 2.0x)
Late Stage / Pre-IPO Activity

(NA / NA)


(NA / NA)
Series A Series D PE / PE Series D Series D Series F Series B Series G / PE
None ─ $180M $100M $150M / $96M $100M $125M $75M $250M $148M / $100M
($1.4B / 3.7x)


($600M / NA)


($4.2B / NA)
Series D Series F Series E Series D Series D Series C Series D Series C
─ $110M $89M $100M $100M $75M $70M $88M $70M
(NA / NA)


(NKA )
▪ PE / late stage and public / cross-over investors have strong appetite for break-out cybersecurity
None ─ stories that could exit via an IPO in 12 – 24 months
($1.3B / 4.4x)
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Capital IQ, 451 Group, Pitchbook, and Crunchbase.
14
Private Equity By The Numbers
Private Equity Activity Has Increased Significantly in Cybersecurity.

M&A Activity By Type of Buyer | 2007 M&A Activity By Type of Buyer | 2017
Private Equity Private Equity

Strategic Strategic

11% 32%
4% 19%
68%

81%
89%
96%

Total Deal Count: 73 Total Amount Spent: $6,126 Total Deal Count: 178 Total Amount Spent: $20,392

Cyber Private Equity Universe Cyber Private Equity Universe

Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Capital IQ, 451 Group, Pitchbook, and Crunchbase.
15
The State of Israel’s Cybersecurity Market
Israel’s Cybersecurity Industry Continues Its Tremendous Growth.

Yoav Leitersdorf Ofer Schreiber


Managing Partner Partner

Second only to the U.S., in terms of cybersecurity investment 2017 was another excellent year
for Israeli cybersecurity startups, with dozens of companies being formed, breaking fundraising
records and producing solid exits. The 2017 data also suggest that the Israeli cybersecurity
industry is maturing, as we see a shift in funding towards later stage companies.

In 2017 we witnessed 60 newly founded cybersecurity startups emerge in Israel, a 28% decrease
from the 83 companies founded in 2016. Conversely, the average 2017 seed round increased
16% YoY, growing from $2.85 million to $3.3 million. This is Israel’s fourth consecutive year of
increasing round sizes at the seed stage – a trend that we are observing and contributing to as
we write larger checks to invest in great cybersecurity entrepreneurs.

The global cybersecurity incursions of 2017 illuminate the continuing role that innovation plays
in information security and defense. Looking forward to 2018, we believe Israeli startups will
continue to leverage the immense pool of local talent to build comprehensive solutions
addressing global markets. As the local industry matures, we anticipate that recent trends will
continue in 2018, with fewer startups forming, while large amounts of capital pour into later
rounds to fuel growth and expansion.

Source: Tech Crunch: The State of Israel’s Cybersecurity Market..


16
s c a p e | Israel v1.0
Network & Infrastructure Security Web Security Endpoint Security Application Security
Advanced Threat Protection ICS + OT Endpoint Prevention WAF & Application Security

NAC SDN DDoS Protection DNS Security

Vicarius

Network Analysis & Forensics Endpoint Detection & Response


Application Security Testing

Network Firewall

Deception

MSSP Data Security Mobile Security


Traditional MSSP MDR Encryption DLP Data Privacy Other

Risk & Compliance Security Ops & Incident Response Threat Intelligence IoT Messaging Security
Risk Assessment & Visibility Security Ratings SIEM IoT Devices

Automotive
Pen Testing & Breach Simulation GRC Security Awareness & Training

Connected Home

Security Incident Response

Identity & Access Management Digital Risk Management Security Consulting Blockchain
Authentication

Fraud & Transaction Security


IDaaS Security Analytics

Privileged Management
Cloud Security
Infrastructure CASB
Identity Governance Container

Consumer Identity
Data Breach Tracker: As of December 31, 2017
After A Record Year For Hackers In 2015, The Pace Followed In 2016, & 2017 Set Record Again.

Median Time of Compromise to Discovery


Australian
MySpace
Friend Finder UBER Verizon
Immigration

ClixSense
Equifax
Department
Carefirst
164,000,000 All Mandiant External Internal
57,000,000
AshleyMadison.com British
Airways
145,500,000 Network Wendys Investigations Notification Discovery
Experian / T- 415,000,000 US Office of 99 days 107 days 80 days
mobile Hacking
Banner Health Team
IRS MSpy Weebly
Personnel

CarPhone Premera TalkTalk


Management
Red Cross Source: 2017 Mandiant M-Trends Report
3,700,000 Warehouse
Telegram
Slack Mail.RU
US Office of
Personnel How Compromises Are Being Detected
Staples 25,000,000
Community Securus
Zomato Health Technologies Management
Sony Pictures
Services
JP Morgan (2nd Breach)
Internal Notification 47% 53%
Ebay Chase
of Breach
Anthem Dominios
145,000,000 Wonga
80,000,0
Pizzas (France)
76,000,000 External Notification
Twitch.tv of Breach
European
Central Yahoo Waterly Target
Mozilla
DaFont Bank
3,000,000,000 70,000,000
Japan Airlines
Scribd More than…
UPS
MacRumuors.com
Korea Credit
140 Countries
D&B, Altegrity
Bureau NASDAQ PayAsUGym
Facebook
New York Interpark
AOL Advocate
Taxis have some level of cyber weapon
2,400,000
Medical
Group Home Depot Cellebrite ssndob.ms development program
Apple 56,000,000 Living Social Neiman
Marcus Source: fortune.com
50,000,000 UbiSoft
Adobe
Dropbox
Yahoo Twitter
36,000,000 average cost of a data breach
1,000,000,000
$3.62 Million
decreased 10% over the past year
Year 2015 2016 2017
Source: 2017 Study Ponemon institute

# of U.S. Breaches 780 1,093 ( 40%) 1,579 ( 44%)


Source: Information is Beautiful: World's Biggest Data Breaches and Identity Theft Resource Center (ITRC): 2017 Annual Data Breach Year-End Review.
18
A Tale of Two Breaches: &
High Profile Breaches Continue To Make Headlines, Increasing Awareness & Demand For Improved Security.

Equifax UBER
Timeline of Key Events Timeline of Key Events
▪ Vulnerability in Apache Struts is identified and disclosed ▪ Initial breach occurs
Mar 2017
by U.S. CERT; Equifax's Security organization is aware
▪ Hack started at GitHub, a leading software
Updated estimate of U.S. 145.5M ▪ Company internally instructed personnel to install a fix Initial estimate of global 57.0M development platform where developers can go to host
consumers affected: (as of Oct 2, 2017) Mar 9, 2017 to Apache Struts , application which supports users affected: (as of Nov 21, 2017) Oct 2016 and review each other's code
U.S. online dispute portal ▪ Hackers found the usernames and passwords on
Level of Breach: Category 5 Level of Breach: Category 2 GitHub to access Uber user data stored in an Amazon
May 13, 2017 ▪ Initial breach occurs server

▪ Security team observes suspicious network traffic


Point of Entry: Apache Struts Jul 29, 2017 associated with its U.S. online dispute portal web Point of Entry:
application ▪ Senior legal and security executives arrange a deal of
Time from Breach Discovery to ▪ Additional suspicious activity is caught Time from Breach Discovery to Nov 2016 $100,000 to payoff hackers to destroy stolen
~40 days Jul 30, 2017 ~1 year information
Public Announcement: ▪ Web application is taken offline Public Announcement:

▪ Three senior executives dispose of $1.8 million in


>$140 Million Aug 1, 2017
Initial Estimated Cost: Equifax stocks Initial Estimated Cost: Undisclosed
(as of Nov 10, 2017)
▪ Engages Mandiant to conduct comprehensive forensic ▪ Newly appointed CEO, Dara Khosrowshahi, is informed
Third-party Security Aug 2,2017 Third-party Security Sept 2017
review of breach
Services Hired: Services Hired:
▪ Equifax publicly announces breach
Data Accessed / Stolen Sept 7, 2017 ▪ States investigation is substantially complete Data Accessed / Stolen
▪ Sends support packages to consumers
145M ▪ Names ▪ Publicly announces breach


Social Security Numbers
Birth Dates
Sept 8, 2017 ▪ Equifax’s shares plunge 13.7%; triples call center team
57M ▪ Names
▪ CEO instructs a thorough investigation
▪ Announces Susan Mauldin, CSO and David Webb, CIO ▪ Email Addresses ▪ Matt Olsen is brought in to consult on structure of
▪ Addresses security teams and processes going forward
are retiring and appoints Mark Rohrwasser as interim ▪ Mobile Phone Numbers Nov 11, 2017
▪ Driver’s Licenses (In Some Sept 15, 2017
CIO and Russ Ayres as interim CSO ▪ Engages Mandiant to help with security monitoring
Instances)
▪ Shares declined 34.9% from Sept 7 th close
▪ Joe Sullivan, CSO and Craig Clark, legal director of
209K ▪ Credit Card Numbers Sept 26, 2017
▪ Announces Richard Smith is retiring and appoints
Paulino Rego Barros, Jr. as interim CEO
security and law enforcement are released

▪ Announces an additional 2.5 million consumers had 600K ▪ Drivers Licenses


182K ▪ Dispute Documents with
Personal Identifying Oct 2, 2017
been stolen. Discloses technology officials failed to
implement patch for Apache Struts
Nov 23, 2017
▪ FTC is looking into the data breach and Uber's
subsequent mishandling of the situation
Information ▪ Shares declined 24.5% from Sept 7 th close

Source: Company Press Releases, Public Press Releases, “Categorizing Data Breach Severity with a Breach Level Index.”.
19
The Cybersecurity Mega Cycle Aftermath
“During The Past Decade, We have Witnessed A Virtual Explosion In The Cybersecurity World.” – Dave DeWalt

Virtual Explosion in the Cybersecurity World “Great Chinese IP War” What About Cyber Defenses?

20 military agencies have attacked and


stolen IP from more than… ▪ Most western organizations have increased their
Cybersecurity spending
- Defense-in-depth became the prevailing

Dave DeWalt General (Ret.) David Petraeus ...5,570 based companies from 2008 to 2017 ▪
strategy
Hundreds of security vendors deployed point
solutions to counter the changing threat landscape
▪ During the past decade, we have witnessed a ▪ Chinese military agencies have fed this IP to state-owned enterprises - With each security vendor producing
virtual explosion in the Cybersecurity world (SOEs) to close the gaps in China’s innovation relative to the hundreds or thousands of alerts on average per
▪ While serving as CEO of McAfee and FireEye, and western world day
a U.S. Army commander and CIA director, - The typical organization now has to monitor
respectively, we have lived through and witnessed “Great Russian Information War” and respond to millions of alerts daily; just
first-hand exponential growth in: needs to miss one to be breached
2007 2017 ▪ Compounding the monitoring and response
problem, the hundreds of security companies
Threat Actors <50 >1,000
Threat Types <50 >1,000,000 - Often don't share intelligence
Alerts / Day (Average Per Firm) <1,000 >1,000,000 - Don't integrate their products
Security Vendors <100 >2,300 ▪ Russian military and intelligence agencies have attacked, - Infrequently cooperate when responding to
VC Investments <$500M >$6B manipulated and successfully altered information and could cause threats
Security Spending <$3B >$80B issues for decades
▪ In addition, there is insufficient government and
▪ Outlook
commercial cooperation, a lack of security
– The situation is dire by any measure standards and many outdated regulatory
– The western world is contending with ▪ Hundreds of major breaches of social media platforms, news compliance requirements
significant cyber threats on both its eastern and outlets, political organizations, email providers, telecommunication
western fronts – a virtual cyber sandwich systems and satellite providers have created a very challenging ▪ Collaboration is key; breaches are inevitable, and
situation the consequences are increasing in severity
– The “offense” is clearly winning

Source: Dave DeWalt: The Cyber Security Mega Cycle Aftermath, and General (Ret.) David Petraeus.
20
Cybersecurity Automation Is Coming To The Rescue
Organizations Are Turning To Automation & Analytics To Aid Cyber Specialists & “Force Multiply” The Effective Size Of Cyber Staffs.

Robert Cybersecurity Automation Was Predictable


Ackerman Jr. In the case of cybersecurity, the role of automation boils down to better and far faster management of complexity. Bigger
networks, mobile devices and multiple cloud services are making the workload for IT teams unmanageable. This becomes a crisis
during a cyberattacks, when time is of the essence.
When a data breach occurs, organizations must respond immediately. Credentials are compromised in minutes, and typically
most of an organization’s critical data or intellectual property is lost within the first day. Verizon’s 2016 Data Breach Investigation
Report highlights this sad realty. It found that 82% of organizations surveyed said that a compromise took only minutes to infiltrate
company systems, and 68% said associated data was breached within days.

Threat Detection Must Be Rapid Cyber Automation


The obvious upshot is that a threat detection solution that Humans are still best at identifying previously unknown threats. Cybersecurity automation must be woven into
cannot detect and remediate threats in near real-time is of little use. the fabric of a team; it is not a stand-alone solution and probably never will be.
This is where cybersecurity automation enters the picture. It doesn’t
replace cyber specialists. Rather, it massively extends their reach.
A good automated cybersecurity system detects an alert Cybersecurity Automation Inevitable
immediately and assesses it for legitimacy and severity. Real threats In any case, there is really no alternative but to embrace automation. Statista, a statistics portal, estimates there
are prioritized and steps are taken to address the problem. If the were 23 billion connected devices in 2016 – a number that it adds will grow to 50 billion by 2020, reflecting an
incident can be resolved automatically, without the need for human avalanche of Internet of Things (IoT) devices. In addition, there is an urgent need to reduce the time it takes to spot
input, it will be. and contain organizational breaches – commonly 200 days-plus to spot them and another 69 days to contain them,
Typically, customizable and scalable automated incident according to Ponemon Institute. The longer the timeframe, typically the worse the financial consequences.
response “playbooks” are built and deployed. Their development is Not far away will be the application of artificial intelligence to automation. Human analysts, however, will go
usually based on real-life scenarios and actual incidents, enhancing nowhere. They know their own environment, and they have intuition about how their system operates, making it
their effectiveness in detecting and resolving legitimate incidents relatively easy to distinguish between what is normal and what is questionable. Humans are also good at quickly
quickly. Automated incident response helps substantially reduce the adapting to rapidly changing conditions and, unlike software, are usually good communicators.
time it takes to resolve an issue from weeks and sometimes months What humans cannot do, of course, is scale, and they often make mistakes. They are relatively slow, too. This is
to hours and sometimes even minutes. why they need to team up with cutting-edge software. The best cybersecurity systems are a union of analyst and
machine.

Source: RSA Blog (September 2017): Cybersecurity Automation Is Coming to the Rescue (Robert Ackerman Jr).
21
The Cybersecurity Skills Shortage
A Cybersecurity Talent Gap Exists Across The Entire Country.

Nationwide Cybersecurity Job Postings National Level Cybersecurity Job Market

Total Cybersecurity Job Openings 285,681

Total Job Postings Total Employed Cybersecurity Workforce 746,858

123-595
Nationwide Job Postings By Category
596-1,417
Operate & Maintain
1,418-1,765 6%

Securely Provision 11% 26%


1,766-3,016

3,017-7,059 Protect & Defend


16%
7,060-10,405 Analyze

10,406-33,454 Oversee & Govern 25%


16%
No MSA
Collect & Operate

Top Cybersecurity Job Titles

Risk Manager / Analyst Systems Administrator IT Auditor Cyber Security Engineer Software Developer / Engineer Network Engineer /
Architect
Cyber Security Manager / Administrator Systems Engineer Cyber Security Analyst / Specialist Vulnerability Analyst / Penetration Tester
Source: Cyber Seek: Cybersecurity Supply / Demand Heat Map.
22
Data Privacy
The EU General Data Protection Regulation (GDPR) Is Driving Growth In Software-Based Privacy Solutions.

What is GDPR? Companies Addressing GDPR


▪ GDPR is a regulation designed to enhance the protection of individuals residing in the EU as well as address
the export of “personal data” outside the EU Artificial intelligence, machine learning, automation, identity
▪ It applies to all organizations that do business in the EU and any organization outside the EU handling EU intelligence and big data expertise are key components of Data
citizens’ personal data Privacy platforms
▪ It broadens the definition of “personal data” and includes identifiers such as genetic, mental, cultural,
economic, social identity and online (IP addresses, cookies) Amount Raised
Company Founded HQ CEO
($M)
GDPR Requirements
2015 San Francisco, CA -- Nimrod Luria
Demonstrate
Penalties: 4% of revenue Users may request a Controllers must comply
25 May 2018: GDPR enforcement of customer
or €20M (whichever is copy of personal data in with breach notification
goes into effect consent for personal data 2016 New York, NY 2.1 Dmitri Sirota
greater) a portable format windows
collection
Satisfy customer data portability Implement adequate technical Appointment of data protection 2016 Seattle, WA 3.0 Kristina Bergman
Privacy risk impact assessments
support and enable right-to-be- and organizational measures to officer (DPO) will be mandatory
will be required where privacy
forgotten and erased from protect persons’ data and for companies processing high
risks are high
records systems volumes of personal data 2013 San Jose, CA 7.0 Stuart Lacey

What Is Required Of Companies To Comply? Are Companies Prepared?


2011 New York, NY -- Todd Feinman

organizations that will fully comply by


<50% May 25, 2018 2016 San Francisco, CA -- Balaji Ganesan

of companies did not have a definitive


Know your
data
What data
exists?
Where is the
data held?
How is data
managed?
Who has
access to data? 97% strategy ready in October 2016 2016 London, UK -- Simon Loopuit

of companies expect sanction or


Existing technology stacks alone cannot meet the mandates handed down by
GDPR 23% remedial action on May 25, 2018
2016 Atlanta, GA -- Kabir Barday

Companies must be able to automatically discover and map all personal of recent Gartner client inquiries on
information across networks (unstructured and structured) and apply policies to
the information
70% privacy relate to GDPR
2017 Washington, DC -- Justin Antonipillai

Source: Gartner, Company Websites, IT Governance, and EUGDPR.org.


23
Cloud Security
Global Cloud Security Market Will Be Worth $9B In 2020, Up 21% In 2017 At $5.9B.

Why Cloud-Based Security Vendors Are On The Rise Worldwide Cloud-Based Security Services Forecast by Segment (Millions of Dollars)

The security gap is widening as traditional endpoint + perimeter


$8,924
based security solutions are no longer enough to protect digital data CAGR: 16.5%
which resides in email, file sharing services, and numerous $7,809 $340
endpoints (mobile, tablet, laptop) $607
$6,863 $310 $571
$512
$873
$5,851 $280 $514
Most companies don't have the know how or budgets to deploy, $430
manage and operate enterprise grade, state of the art, on-premise $4,840 $456 $812 $971
$250
security solutions $359 $752 $873
$221 $397
$287 $703 $786 $2,140
$341
As more organizations and consumers migrate to cloud based services $708 $1,788
$655
and infrastructure (AWS, G Suite, Office 365) there is an increased $1,609
$636
need to secure cloud services in addition to endpoints $1,334
$1,051
$3,422
$3,000
Increasing security threats, operational and cost benefits and staffing $2,550
$2,100
$1,650
pressure continue to drive growth of cloud-based service providers,
affording companies with cost effective security solutions
2016 2017 2018 2019 2020

SIEM, IAM and emerging technologies such as cloud-based malware IAM, IDaaS, User Authentication Other Cloud-Based Security
sandboxes, cloud-based data encryption and web application firewalls Secure Web Gateway Secure Email Gateway
are fastest growing cloud-based security services segments Application Security Testing SIEM
Remote Vulnerability Assessment

Source: Gartner: Gartner Forecasts Worldwide Cloud-Based Security Services to Grow 21 Percent in 2017 (2017).
24
Sector Focus: Cloud Infrastructure Security
A New Breed Of “Cloud Security” Vendors, Providing Both Visibility And Protection.

▪ The migration to the cloud significantly increased the attack surface, spawning a new breed of Cloud Infrastructure Security vendors, who provide
visibility across workloads, applications, processes, containers, machines, and / or users
▪ Advanced analytics, breach detection, and seamless deployment underpins some of the leading vendors in the space
▪ Compliance across multiple cloud infrastructure environments drives additional adoption and growth in the sector

▪ Lacework brings automation, speed and scale to cloud ▪ RedLock platform dynamically discovers cloud infrastructure
security, eliminating manual, repetitive tasks and enabling changes, correlates them with configuration, network and
security teams to keep up with DevOps user data, and applies machine learning to create a visual
map for risk visibility, policy monitoring, and incident
▪ Specifically designed for the cloud, the Lacework security response
Founded: 2015 platform monitors workloads, applications, processes, Founded: 2015
containers, machines, users and accounts to automatically ▪ It provides ease of use with frictionless deployment; instant
HQ: Mountain View, CA HQ: Menlo Park, CA visibility by getting a view into all activity across all of a
surface anomalous behaviors out of billions of events per hour
company’s cloud infrastructure environments; continuous
Amt Raised: $8.4M ▪ Lacework provides unprecedented visibility, automates breach Amt Raised: $11.3M monitoring of all workloads regardless of where they are
detection, delivers one-click investigation and simplifies cloud deployed; and easy auditing and investigation tools for
CEO: Stefan Dyckerhoff compliance
CEO: Varun Badhwar
security and compliance teams

▪ Evident.io provides cloud infrastructure security and


compliance automation designed to proactively manage
public cloud security risk
▪ The Evident Security Platform (ESP) enables organizations of all
Founded: 2013
sizes to proactively manage public cloud security risk —
minimizing attack surface and improving overall security
Others
HQ: Pleasanton, CA posture, all from a single dashboard
Vendors
▪ ESP continuously monitors an organization’s entire public
Amt Raised: $49.1M cloud footprint, identifying and assessing security risks,
providing security staff with expert remediation guidance, and
CEO: Timothy Prendergast
enabling painless security auditing and compliance reporting

Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Pitchbook, and Company Website.
25
Sector Focus: Managed Detection & Response
New Entrants To MDR Space Are Targeting Smaller Midsize Organizations.
Leading MDR
Companies

▪ HQ: Scottsdale, AZ ▪ HQ: Houston, TX ▪ HQ: Ontario, Canada ▪ HQ: Lake Mary, FL ▪ HQ: Sunnyvale, CA ▪ HQ: Cincinnati, Ohio ▪ HQ: Reston, VA
▪ CEO: Michael Malone ▪ CEO: Gray Hall ▪ CEO: J. Paul Haynes ▪ CEO: Paul Perkinson ▪ CEO: Brian NeSmith ▪ CEO: Brian Minick ▪ CEO: Rajat Mohanty
▪ Offering: Datashield Managed ▪ Offering: Cloud Defender, ▪ Offering: eSentire Managed ▪ Offering: Virtual SOC Service, ▪ Offering: AWN CyberSOC: ▪ Offering: Morphick Managed ▪ Offering: Paladion Managed
Detection & Resposne, Log Manager, Threat Manager, Detection & Response Automated Threat Intelligence Managed Threat Detection Detection & Response Detection & Response,
ShieldVisionTM ActiveWatch Platform Security Consulting & Testing

MDR: A Catalyst To The Transition To ASOC Where MDR Service Providers Sit In Relation To Traditional MSSPs

MDR BENEFITS

ASOC
ADVANCED SECURITY

MSSP MDR
Leverages intelligence Focuses on people, process, OPERATIONS CENTER Enables 24x7 security Communicates patterns and
analysts versus vendor and & technology in collaboration Coverage without requiring trends rather than event-by-
alert reaction full time staffing event analysis
Automated Threat
Knowledge
Intelligence
Management
Incident
Analysis Intelligence Reporting
Threat Gathering Incident
Monitoring Response

Incident
▪ MDR services are still focused at the enterprise and upper-
Analysis
Reporting midmarket customer, but new entrants are targeting smaller
Activity
Monitoring
midsize organizations

SOC
Incident
SECURITY
Response
OPERATIONS
CENTER ▪ By 2020, 15% of midsize and enterprise organizations will be
using services like MDR, up from less than 1% today

▪ By 2020, 50% of worldwide MSSPs will offer MDR


Intelligence Analysts Empowered Autonomy Meaningful Metrics Knowledge Management Countermeasure Capabilities
Training

Source: Momentum Cyber, Gartner, and Lockheed Martin Corp.


26
Sector Focus: Continuous Security Assessment
Automation Enables Security Risk Assessments At Scale And Eliminates Limitations Of Point-In-Time Snapshots.

▪ Automated, evidence-based security ratings ▪ Discover and manage internal and external ▪ Continuous security validation and automated
▪ Some quantify cyber risks in terms of attack paths to valuable network assets penetration testing, at scale
probabilities and dollars, utilizing internal data ▪ Contextualize threat intel and business criticality ▪ Simulations utilize real-world breach methods
Founded: 2011 Founded: 2015 Founded: 2014
Headquarters: Cambridge, MA Headquarters: Albuquerque, NM Headquarters: Sunnyvale, CA
Raised: $94M Raised: $14M Raised: $19M

Founded: 2013 Founded: 2012 Founded: 2013


Headquarters: New York, NY Headquarters: San Francisco, CA Headquarters: San Diego, CA
Raised: $63M Raised: $25M Raised: $9M

Founded: 2014 Founded: 2001 Founded: 2014


Headquarters: San Mateo, CA Headquarters: San Francisco, CA Headquarters: Reston, VA
Raised: Acquired by Guidewire Raised: $31M Raised: $13M

Founded: 2013 Founded: 2011 Founded: 2014


Headquarters: San Francisco, CA Headquarters: Chicago, IL Headquarters: Haifa, Israel
Raised: $6M Raised: $26M Raised: $6M

Founded: 2014 Founded: 2004 Founded: 2000


Headquarters: Ann Arbor, MI Headquarters: Sunnyvale, CA Headquarters: Boston, MA
Raised: Acquired by FICO Raised: $99M Market Cap: $1.0B

Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Capital IQ, and Pitchbook.
27
Sector Focus: Security Analytics
The Security Analytics Sector Has Finally Begun To Consolidate After Months of Speculation.

Transaction & Target Overview Transaction Rationale Other Leading Analytics Candidates
“The LightCyber team’s vision to bring automation and machine
▪ HQ: San Mateo, CA
Date: 2/28/2017 learning to bear in addressing the task of identifying otherwise ▪ Amt Raised ($M): $23.0
▪ CEO: Idan Tendler
undetected and sophisticated attacks inside the network is well-
HQ: Ramat Gan, Israel aligned with our approach. This technology will complement the
acquires existing automated threat prevention capabilities of our platform to ▪ HQ: Redwood City, CA
▪ Amt Raised ($M): $23.7
Founded: 2011 help organizations improve & scale their security protections” ▪ CEO: Matt Jones
– Mark McLaughlin, Chairman & CEO of Palo Alto Networks
CEO: Gonen Fink “With LightCyber added to our platform, it can further prevent ▪ HQ: San Francisco, CA
command-and-control activity and data exfiltration by detecting ▪ Amt Raised ($M): $31.0
$105 Million anomalous behavior.” – Palo Alto Networks Press Release
▪ CEO: Feris Rifai

“Integrating Niara’s advanced behavioral analytics with ClearPass is a ▪ HQ: Los Angeles, CA
Date: 2/1/2017 natural extension that will now deliver network-wide, real time ▪ Amt Raised ($M): $29.0
▪ CEO: Sachin Nayyar
visibility and predictive assessment of potential risks inside the
HQ: Sunnyvale, CA enterprise.” – Sriram Ramachandran, CEO & Co-Founder of Niara
acquires ▪ HQ: San Mateo, CA
“Niara integrates with Aruba’s ClearPass network security portfolio ▪ Amt Raised ($M): $68.0
Founded: 2013 within the wired & wireless network infrastructure market for ▪ CEO: Nir Polak

traditional & IoT devices…After an incident is discovered by Niara, a


CEO: Sriram Ramachandran ClearPass network access policy can be automatically triggered to ▪ HQ: Ottawa, Ontario
isolate or disconnect the user or device from the network .” ▪ Amt Raised ($M): $36.1
▪ CEO: Mark Smialowicz
$40 Million . – HPE Press Release

Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Capital IQ, 451 Group, and Pitchbook.
28
Sector Focus: Strategic Next-Gen MSSP
A Market Poised For Significant Strategic Activity Ahead.

Other Leading Next-Gen MSSPs


Date: 08/21/2017 Date: 04/28/17

▪ HQ: Reston, VA
HQ: Cambridge, Ontario HQ: Zurich, Switzerland ▪ Amt Raised ($M): $9.6
acquires majority stake in acquired ▪ CEO: Rajat Mohanty

Founded: 2011 Founded: 1990

CEO: J. Paul Haynes CEO: Martin Bosshardt ▪ HQ: Houston, TX


▪ Amt Raised ($M): Backed
By Welsh, Carson (WCAS)
▪ CEO: Gray Hall
$150 Million Undisclosed

Strategic / Investor Interest In Next-Gen MSSP At All-Time High


Date: 11/14/2017 ▪ Next-gen MSSP / MDR continues to attract strategic ▪ HQ: Toronto, Canada
interest from traditional MSSPs and is attracting new ▪ Amt Raised ($M): NA
HQ: Scottsdale, AZ entrants to the space including IT service providers, ▪ CEO: Robert Herjavec

acquired professional services / consulting firms, and other global


players with no current presence in the security services
Founded: 2009
sector

CEO: Michael Malone ▪ Mid-market and enterprise organizations are increasingly ▪ HQ: Sunnyvale, CA
finding the need for managed and monitored threat ▪ Amt Raised ($M): $43.3
▪ CEO: Brian NeSmith
hunting solutions that address their threat detection and
Undisclosed response use cases

Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Capital IQ, 451 Group, and Pitchbook.
29
Investor Spotlight: Cybersecurity Startup Studios
U.S. / Maryland (DataTribe) & Tel Aviv (Team8).

DataTribe, is an innovative StartUp Studio, co-building the next generation of commercial Team8, Israel’s leading cybersecurity think tank and company creation platform, develops
Cybersecurity, Analytics and Big Data products with game-changing technology and teams disruptive companies that challenge the biggest problems in cybersecurity and give
coming out of the Intelligence Community and research labs in the Washington, D.C. area. organizations the advantage over cyber attackers. We work with innovation leaders and
Overview Overview
The team is a mixed team of Silicon Valley & Intelligence Community founders, investors & entrepreneurs alongside a research group with intimate knowledge of cybersecurity, access
entrepreneurs. Unlike a VC firm or an incubator, DataTribe co-builds a small number of to the best cyber talent and a cyber syndicate of leading global brands that provide access
companies each year and work alongside each one to boost the chances of success. to customers, partners and key influencers.

Team Team
Bob Ackerman Dave DeWalt Mike Janke Steven Witt Wes Blackwell Yonald Chery
Co-Founder & Investment Board Co-Founder & Co-Founder & Fellow CTO Yuval Shachar Nadav Zafrir Israel Grimberg Liran Grinberg Assaf Mischari
Investment Board Investment Board Investment Board Executive Chairman Co-Founder & CEO Co-Founder & CIO Co-Founder & CMO Head of Research

Locations Fulton, Maryland; San Francisco, California Locations New York, New York; Tel Aviv, Israel

Strategic
Investors
Partners

Portfolio Portfolio
Companies Companies

Source: Company Websites.


30
Investor Spotlight: Highly Specialized Cyber Investors
Deep Domain Expertise, Decades of Successful Cyber Operating & Investing Experience, and Extensive Cyber Networks.

Selected Specialized Cybersecurity Focused Venture Capital Groups

HQ: Palo Alto, California HQ: Palm Beach, Florida HQ: Boston, Massachusetts HQ: San Mateo, California

Partners: Bob Ackerman Jr., David DeWalt, Pete Partners: Jay Leek, Alex Weiss, Peter Kuper, and Partners: Alex Doll and Mark Hatfield Partners: Alberto Yépez, Sean Cunningham, Ken
Bodine, and Spencer Tall Patrick Heim Gonzalez, and Donald Dixon
Latest Fund Size: $200M+
Latest Fund Size: $200M-$400M (Target) Latest Fund Size: $300M (Target) Fund Size: $300M
Overview: TenEleven Ventures is a venture capital
Overview: AllegisCyber is a venture capital firm that Overview: ClearSky is a venture capital / growth firm that invests in Cybersecurity companies and is Overview: Trident Capital Cybersecurity is a venture
specializes in seed / early-stage investments. It seeks equity firm that has been operating since 2012. dedicated to helping them thrive. The firm invests capital fund dedicated solely to cybersecurity early
to invest in banking, retail, consumer, financial ClearSky is currently investing through two funds: globally and specializes in early and growth-stage stage investing. It is a spin-out of Trident Capital and
services, industrial, manufacturing, healthcare, cyber ClearSky Power & Technology and ClearSky investments. TenEleven Ventures has a joint prefers to invest in the internet of things, secure
security and its applications in emerging technology Security. ClearSky Security invests in companies investment alliance with KKR payments and fraud, next-generation identity
markets with a focus in the related areas including that offer transformative solutions for cybersecurity, platforms, behavioral analytics and privacy and
big data analytics, Internet of things (IoT) and industrial security and critical infrastructure security security
virtualization

Selected Investments Selected Investments Selected Investments Selected Investments

Source: Firm Press Releases, Capital IQ, Pitchbook and Company Websites.
31
Investor Spotlight: Corporate VCs
A Number of Notable Large Cap Companies Announced A Cybersecurity Focused Corporate Venture Fund.

Selected Corporate VCs

$100 Million $20 Million Corporate VC Balance Sheet $100 Million

HQ: Menlo Park, CA HQ: Palo Alto, California HQ: Mountain View, California HQ: Tokyo, Japan

Partners: Murray Graingers Partners: Chad Kinzelberg (PANW), Jim Goetz Partners: Ken Schneider Partners: Eva Chens

Focus: Early Stage High-Growth (Sequoia), Asheem Chandna (Greylock) Focus: Early Stage Focus: Early Stage

Type: Companies that are strategically Focus: Early Stage & Growth Type: Companies that are strategically Type: Emerging technology markets,

relevant or disruptive to Honeywell Type: Innovative Security Applications for the relevant or disruptive to Symantec especially the IoT market

Other: The group will concentrate on PANW Next-Gen Security Platform Other: Startups will be given access to Other: Portfolio startups will gain access to

partners where Honeywell can accelerate Other: The fund will collaborate with Greylock Symantec’s technology as well as threat the company’s technology and its channel of

their growth through its global presence, Partners and Sequoia Ventures to identify and intelligence data, used for product testing, more than 28,000 partners

access to proven technologies and installed evaluate innovative security applications for validation, machine learning algorithm

base of customers and channels potential strategic co-investment training, and AI system creation

Source: Firm Press Releases, Capital IQ, Pitchbook and Company Websites.
32
Major Industry Conferences | 2018
Momentum Cyber Will Be Speaking At A Number of Cybersecurity Conferences Worldwide.

▪ Cybertech is the most significant ▪ Cyber Week brings together international


conference and exhibition of cyber Cyber Week cybersecurity experts and enthusiasts,
January 29-31, 2018 technologies outside of the United States, June 17-21, 2018 Cyber Week provides the opportunity to
Tel Aviv, Israel bringing together global corporates, SMBs, Tel Aviv, Israel gain insight into the latest global
Tel Aviv Convention Center start-ups, investors, experts, and clients Tel Aviv University developments in cybersecurity

▪ RSA Conference provides an opportunity ▪ Black Hat is the world's leading information
to learn about new approaches to info security event, providing attendees with the
April 16-20, 2018 security, discover the latest technology and August 4-9, 2018 very latest in research, development and
San Francisco, CA interact with top security leaders and Las Vegas, NV trends, including four days of technical
Moscone Center pioneers Mandalay Bay training followed by a two-day conference
▪ Cyber Investing Summit is an all-day ▪ Structure Security highlights the best
conference focusing on the financial practices used to protect the world's largest
May 15, 2018 opportunities, trends, challenges, and September 2018 companies & institutions, and examines the
New York, NY investment strategies available in the high South San Francisco, CA future of security products, services, and
Convene – Financial District South SF Conference Center the threats that aim to take them down
growth cyber security industry

Gartner Security & Risk ▪ Gartner Security & Risk Management ▪ SINET Showcase provides a platform to
Management Summit Summit provides you with proven practices SINET Showcase identify and highlight “best-of-class”
June 4-7, 2018 and strategies needed to maintain cost- November 7 & 8, 2018 security companies that are addressing the
National Harbor, MD effective security and risk programs to Washington DC most pressing needs and requirements in
Gaylord Convention Center support digital businesses National Press Club Cybersecurity

33
III. Public Company
Trading Analysis
III. Public Company Trading Analysis
Section Contents.

i. Cyber Multiples Continue To Increase 36

ii. Significant Growth in Public Cyber Companies | 2010 to 2018 YTD 37

iii. Cybersecurity IPO Insights: Three Cybersecurity IPOs In 2017 38

iv. Cybersecurity Sector vs Benchmark Performance 39

v. Public Cybersecurity Companies Stock Performance 40

vi. The Correlation Of Value To Growth & Profitability Continues To Rise… 41

vii. …While The Correlation To Growth Alone Remains Weak 42

viii. Trading Multiples: High Growth & Low Growth 43

ix. Public Company Trading Analysis & Operating Metrics 44-45

x. 2017 IPO Cybersecurity Profiles (SailPoint, ForeScout, Okta) 46-56

35
Cyber Multiples Continue To Increase
Public Market Valuations For Cybersecurity Continue To Increase Since Their Rapid Decline From ‘The Peak.’
Min % Change Median % Change Max % Change Company EV / 2016E Revenue EV / 2017E Revenue % Change
The Peak 2.4x 8.5x 14.8x
56.2% 63.5% 51.0% 3.8x 6.9x 83.6%
The Trough 1.0x 3.1x 7.3x
4.6x 8.5x 82.7%
2016 2017
3.4x 5.0x 49.1%
Max 8.6x
2.8x 3.7x 34.5%
Max 7.9x 6.4x 8.6x 34.3%
9.4% Increase
2.6x 3.4x 32.3%

3.3x 4.3x 27.8%

5.2x 6.5x 25.1%

2.7x 3.4x 24.4%


Median 4.4x 1.5x 1.7x 9.7%

7.8x 8.3x 6.2%


Median 3.8x
15.5% Increase
2.9x 3.1x 5.9%

4.3x 4.4x 2.2%

2.1x 2.1x 0.4%

7.9x 7.7x 3.1%

6.7x 6.3x 6.8%


12.9% Reduction 3.9x 3.1x 20.0%
Min 1.5x Min 1.3x 1.7x 1.3x 23.4%
EV / 2016E Revenue EV / 2017E Revenue
Multiple as of 12/31/16 Multiple as of 12/31/17 5.9x 4.5x 23.5%

Note: The Peak shows EV / 2015E Revenue Multiple as of 6/23/15, The Trough shows EV / 2016E Revenue Multiple as of 6/30/16. Excludes figures for OKTA, Sailpoint, and ForeScout given all three companies completed IPOs in 2017.
36
Significant Growth in Public Cyber Companies | 2010 to 2018 YTD
Public Cyber Markets Are Thriving.

Explosive
Public Company Stats | 2010 Public Company Stats | 2018 YTD 210%
Growth in Market
Growth Market Market Capitalization
$42.2B $129.7B
in Public Capitalization ($B) Capitalization ($B)

Cybersecurity 182%
Companies Number
of Companies 11
Number
of Companies
31
Growth in Number of Public
Cybersecurity Companies

Public Cyber Companies | 2010 Public Cyber Companies | 2018 YTD

Source: Capital IQ.


Note: Only includes companies with a market capitalization of greater that $200M as of January 16, 2018. Market Cap for McAfee represents implied equity value at time of TPG transaction. 37
Cybersecurity IPO Insights: Three Cybersecurity IPOs In 2017
All 3 Cybersecurity IPOs For 2017 Are Performing Considerably Above Their IPO Price.

Implied Multiple At IPO 5 ‘Take Private’ Deals from 2016-2017 IPO Backlog

(Multiple: EV / LTM Revenue) Acquirer Target EV EV / LTM Revenue


Raised: $183M Raised: $274M
Confidentially Filed: Confidentially Filed:
$1.3B 3.5x
10/26/17 10/03/16

$1.5B 3.4x
PE Backed Raised: $182M
$0.5B 3.8x
Raised: $184M Raised: $268M
$1.3B 4.4x
17.7x
$1.4B 3.8x Raised: $133M Raised: $407M

11.2x 11.5x

8.3x
5.6x 6.2x
Current Median: 6.5x
3.6x 3.1x 4.5x 3.7x 4.8x 4.2x 3.5x
3.5x 2.9x 3.1x Median: 4.4x

*
IPO Timing 2012 2013 2014 2015 2016 2017

Stock
Performance 440% 669% 274% 431% 103% 23% 53% 55% 173% 189% 43% 221% 31% 80% 54% 42%
(since IPO)
EV / LTM Rev
(Current)
10.4x 9.2x 7.2x 9.6x 4.0x 3.7x 3.5x 1.8x 5.1x 7.7x 4.9x 7.9x 1.5x 12.5x 6.1x 8.9x

Total Raised
(In IPO)
$230M $82M $260M $91M $128M $304M $64M $100M $86M $554M $103M $78M $112M $187M $116M $240M

Source: Capital IQ. Stock performance and valuation multiples as of January 25th, 2018.
Note: All IPO figures exclude overallotment shares exercised and associated net cash proceeds. *All figures shown related to Gigamon are as of 12/26/2017 as all financial data was no longer available thereafter.
38
Cybersecurity Sector vs Benchmark Performance
High Growth Performance Out Grows All 3 Indices While Low Growth Out Grows S&P 500 & HACK Indices.

Benchmark 3 Months 6 Months 12 Months


145
High Growth 8.9% 21.0% 34.9%

Low Growth (4.0%) 3.2% 26.6%

NASDAQ 5.9% 12.4% 27.2%

135 S&P 500 5.7% 10.3% 18.4% 34.9%


HACK* 4.3% 5.4% 18.7%

27.2%
125 26.6%

18.7%
18.4%
115

105

95
Jan-17 Feb-17 Mar-17 Apr-17 May-17 Jun-17 Jul-17 Aug-17 Sep-17 Oct-17 Nov-17 Dec-17

High Growth Low Growth S&P 500 NASDAQ HACK

Source: Capital IQ. Public Market Data as of December 31, 2017.


Note: *PureFunds ISE Cybersecurity ETF. 39
Public Cybersecurity Companies Stock Performance
2017 Stock Performance By Growth %.

118% 86% 64% 60% 55% 52% 51% 45%


$7 $65 $33 $85 $60 $20 $32
$32
$60 $31 $80 $19
$30
$6 $29 $55 $30
$18
$55 $75
$27 $28
$5 $50 $17 $28
$50 $25 $70
$16 $26
$23 $26
$4 $45 $65 $45 $15
$21 $24 $24
$40 $60
$19 $14
$3 $40
$35 $55 $22 $22
$17 $13
$2 $30 $15 $50 $35 $12 $20 $20
J F M A M J J A S O N D J F M A M J J A S O N D J F M A M J J A S O N D J F M A M J J A S O N D J F M A M J J A S O N D J F M A M J J A S O N D A M J J A S O N D O N D

44% 28% 25% 22% 20% 16% 16% 16%


$19 $35 $16
$45 $29 $119
$95 $18
$43 $114 $155 $33
$27 $17 $15
$41 $90
$25 $109 $16 $145 $31
$39
$23 $85 $104 $15
$37 $135 $29 $14
$14
$21 $99
$35 $80 $13 $27
$125
$19 $94 $13
$33 $12
$75 $25
$31 $17 $89 $11 $115

$29 $15 $70 $84 $10 $23 $12


$105
J F M A M J J A S O N D J F M A M J J A S O N D J F M A M J J A S O N D J F M A M J J A S O N D J F M A M J J A S O N D J F M A M J J A S O N D N D
J F M A M J J A S O N D

11% 6% 3% 2% 9% 16%
$53 $7
$5 $16 $13
$51 $55
$7 $16
$49 $15 $53 $12
$6
$47 $15 $51
$6
$45 $14 $49 $11
$4 $5 $14
$43 $47
$5 $13 $10
$41 $45
$13
$39 $4 $43
$12 $9
$37 $4 $41
$12
$35 $3
$3 $11 $39 $8
J F M A M J J A S O N D J F M A M J J A S O N D
J F M A M J J A S O N D J F M A M J J A S O N D J F M A M J J A S O N D J F M A M J J A S O N D

Source: Capital IQ. Public Market Data as of December 31, 2017.


Note: Charts pertaining to Okta (April 2017), ForeScout (October 2017), & SailPoint (November 2017) reflect monthly stock prices from their respective IPO dates. 40
The Correlation Of Value To Growth & Profitability Continues To Rise…
Public Markets Today Value A Balance Of Growth & Profitability – Back To Basics.

R2
10.0x 4Q17: 62.4% 3Q17: 50.7%

2Q17: 41.1% 1Q17: 54.1%


$12,993 mn
$16,993 mn
:8.2%, 8.6x
$2,415 mn
8.0x :29.3%, 6.7x
:4.5%, 4.7x
$4,177 mn $4,485 mn
Okta, SailPoint, & ForeScout have
been excluded from R^2
EV / Revenue 2018E

6.0x $14,452 mn
$1,839 mn
$7,684 mn

$1,004 mn
4.0x $1,478 mn $16,833 mn

$2,846 mn $7,897 mn
$758 mn
2.0x $389 mn $1,454 mn $1,515 mn
$588 mn
$782 mn

0.0x
0% 10% 20% 30% 40% 50% 60% 70%
2018E Revenue Growth + 2018E Operating Margin

Source: Capital IQ. Public Market Data as of December 31, 2017.


Note: Size of the bubble indicates Market Cap. In USD. % represents 2018E Revenue Growth + 2018E Operating Margin; the multiple represents EV / 2018E Revenue. 41
…While The Correlation To Growth Alone Remains Weak
Public Markets Today Value A Balance Of Growth & Profitability – Back To Basics.

10.0x

$16,993 mn
$2,415 mn

8.0x
$12,993 mn
$4,177 mn
$14,452 mn
$4,485 mn
EV / Revenue 2018E

6.0x
$16,833 mn
$7,684 mn

$7,897 mn $1,839 mn
R2
$2,846 mn
4Q17: 28.7% 3Q17: 18.0%
4.0x $1,515 mn
2Q17: 14.3% 1Q17: 16.7%
$758 mn
$1,004 mn
$1,478 mn :32.4%, 8.6x

$1,454 mn :24.5%, 6.7x


2.0x $588 mn
:20.5%, 4.7x
$389 mn
$782 mn Okta, SailPoint & ForeScout have
been excluded from R^2

0.0x
0% 5% 10% 15% 20% 25% 30% 35%

2018E Revenue Growth

Source: Capital IQ. Public Market Data as of December 31, 2017.


Note: Size of the bubble indicates Market Cap. In USD. % represents 2018E Revenue Growth; the multiple represents EV / 2018E Revenue. 42
Trading Multiples: High Growth & Low Growth
Valuation Multiples For High Growth & Low Growth Cybersecurity Companies.

EV / 2017E Revenue EV / 2018E Revenue

11.4x
9.7x
9.2x
8.6x 8.3x 8.6x
8.3x Median: 7.8x 7.8x 7.7x 7.9x 7.8x
7.3x 6.7x 6.7x
6.8x 6.4x
5.7x 5.9x 5.7x Median: 6.3x
4.8x 4.7x 4.5x 4.7x
4.2x 4.4x 4.1x 4.1x
4.6x 3.7x 3.5x 3.5x Median: 4.0x 3.9x
3.1x 3.8x 3.4x 3.3x Median: 3.7x
2.9x 2.8x
2.3x 2.1x
1.8x 1.5x 1.6x 1.4x

OKTA SPLK PFPT SAIL MIME PANW FSCT RPD QLYS CHKP SOPH CYBR TREND FTNT SYMC FEYE CUDA IMPV FSC1V VDSI MOBL SCWX OKTA SPLK SAIL PFPT MIME PANW FSCT RPD QLYS CHKP SOPH TREND SYMC CYBR FTNT FEYE CUDA IMPV FSC1V VDSI MOBL SCWX

2016-2017E Revenue Growth 2016-2018E Revenue Growth

58%
32%
30%
39% 25% 24%
36% 24% Median: 24%
22%
31% 31% 30% Median: 31% 21% 21% 20% 19%
17% 16%
27% 26%
22% 14%
19% 17%
16% 10% 9% 8%
14% Median: 9%
8%
12% 8% 8% 7% 7%
8% 7% 7% 6% Median: 8% 6%
4% 3%
-2%
OKTA MIME PFPT SAIL SPLK FSCT RPD PANW IMPV CYBR FTNT QLYS SOPH TREND SCWX FSC1V CUDA CHKP MOBL FEYE VDSI OKTA PFPT SPLK SAIL MIME RPD FSCT PANW SOPH CYBR IMPV QLYS FTNT FSC1V VDSI SCWX FEYE TREND MOBL CUDA CHKP SYMC

High Growth Low Growth High Growth Low Growth


Source: Capital IQ. Public Market data as of January 25th, 2018.
Note: High Growth represented by companies with >20% revenue CAGR; Low Growth represented by companies with <20% revenue CAGR. 43
Public Company Trading Analysis
High Growth & Low Growth Cybersecurity.
Revenue Growth EV / Revenue EV / EBITDA P/E
LTM Price Market Enterprise
Stock Price
Performance Cap ($M) Value ($M) 2016-2017E 2017E-2018E 2018E-2019E LTM CY 2017E CY 2018E CY 2019E LTM CY 2017E CY 2018E CY 2019E LTM CY 2017E CY 2018E CY 2019E

High Growth Cybersecurity (>20% CAGR)


Palo Alto Networks $157.28 7.6% $14,452 $13,480 25.8% 20.4% 16.5% 7.2x 6.8x 5.7x 4.9x NM 28.6x 22.0x 17.9x 54.2x 51.4x 41.7x 35.0x
Splunk $91.85 56.8% 12,993 12,012 30.7% 25.5% 27.4% 10.4x 9.7x 7.7x 6.1x NM NM 57.1x 38.1x NM NM NM 71.7x
Proofpoint $100.03 23.8% 4,485 4,406 35.7% 30.0% 27.5% 9.2x 8.6x 6.7x 5.2x NM 67.4x 48.6x 34.4x NM NM 97.0x 64.1x
Okta* $30.52 79.5% 3,111 2,887 57.8% 32.4% 32.7% 12.5x 11.4x 8.6x 6.5x NM NM NM NM NM NM NM NM
Mimecast $32.08 46.7% 1,839 1,750 39.5% 24.1% 18.4% 7.9x 7.3x 5.9x 5.0x NM NM 57.2x 46.0x NM NM NM NM
SailPoint* $17.05 42.1% 1,459 1,441 31.3% 24.5% 25.2% 8.9x 8.3x 6.7x 5.3x 80.6x 66.2x NM 67.0x NA NM NM NM
ForeScout* $33.98 54.5% 1,288 1,240 30.2% 20.5% 21.6% 6.1x 5.7x 4.7x 3.9x NM NM NM NM NM NM NM NM
Rapid7 $22.87 79.5% 1,004 920 27.4% 19.7% 17.7% 4.9x 4.6x 3.8x 3.3x NM NM NM NM NM NM NM NM
Mean 34.8% 24.6% 23.4% 8.4x 7.8x 6.2x 5.0x 80.6x 54.1x 46.2x 40.7x 54.2x 51.4x 69.4x 56.9x
Median 31.0% 24.3% 23.4% 8.4x 7.8x 6.3x 5.1x 80.6x 66.2x 52.8x 38.1x 54.2x 51.4x 69.4x 64.1x
Low Growth Cybersecurity (<20% CAGR)
Symantec $27.15 (0.4%) $16,833 $21,016 NM 3.4% 6.0% 4.6x 4.2x 4.1x 3.9x 35.3x 9.2x 8.1x 6.8x 20.4x 18.7x 14.4x 13.2x
Check Point Software $103.97 7.6% 16,993 15,483 6.7% 6.3% 6.4% 8.4x 8.3x 7.8x 7.4x 17.0x 14.9x 14.1x 13.1x 27.7x 19.8x 18.2x 16.7x
Trend Micro $55.89 51.3% 7,684 6,381 11.8% 7.6% 5.7% 4.7x 4.7x 4.4x 4.1x 13.1x 14.1x 12.6x 11.6x 31.4x 32.3x 28.7x 26.4x
Fortinet $45.41 38.4% 7,897 6,621 16.6% 13.9% 12.8% 4.6x 4.5x 3.9x 3.5x 39.0x 21.5x 17.8x 14.8x NA 44.7x 37.8x 31.5x
Sophos $8.94 171.2% 4,177 4,413 13.6% 21.5% 22.3% 7.7x 7.8x 6.4x 5.2x NM NM 67.6x 45.8x NM NM 74.5x 71.0x
FireEye $15.42 18.4% 2,846 2,738 4.0% 7.7% 8.5% 3.7x 3.7x 3.4x 3.2x NM 31.3x 27.0x 20.1x NA NM NM 94.9x
Qualys $63.70 76.0% 2,415 2,113 16.1% 16.4% 14.8% 9.6x 9.2x 7.9x 6.9x 37.2x 25.0x 21.6x 18.9x 65.0x 60.5x 54.4x 47.3x
CyberArk $43.62 (16.1%) 1,515 1,241 18.6% 19.2% 17.5% 5.1x 4.8x 4.1x 3.4x 42.3x 22.1x 17.6x 14.4x NM 39.5x 33.1x 26.8x
Barracuda Networks $27.54 15.9% 1,478 1,300 7.0% 7.2% 18.3% 3.5x 3.5x 3.3x 2.8x 40.4x 19.9x 16.3x 12.8x 35.8x 38.1x 31.3x 24.8x
Imperva $42.75 3.9% 1,454 1,111 21.7% 17.2% 15.8% 3.6x 3.5x 2.9x 2.5x NM 25.7x 20.1x 14.7x 57.0x 46.0x 41.8x 32.6x
Secureworks $9.64 (9.3%) 782 682 8.4% 8.4% 10.7% 1.5x 1.5x 1.4x 1.2x NM NM NM 29.1x NM NM NM NM
F-Secure $4.84 34.6% 758 657 8.2% 9.6% 10.3% 3.2x 3.1x 2.8x 2.5x 29.6x 28.1x 18.9x 13.0x 38.7x 48.4x 36.7x 22.9x
VDSI $14.75 (2.3%) 588 430 (1.7%) 9.0% 5.7% 2.3x 2.3x 2.1x 2.0x 41.3x 22.5x 20.1x 15.5x 52.7x 38.3x 37.5x 32.8x
MobileIron $4.05 (8.0%) 389 307 6.3% 7.3% 9.4% 1.8x 1.8x 1.6x 1.5x NM NM NM NM NM NM NM NM
Mean 10.6% 11.1% 11.7% 4.6x 4.5x 4.0x 3.6x 32.8x 21.3x 21.8x 17.7x 41.1x 38.6x 37.1x 36.7x
Median 8.4% 8.7% 10.5% 4.2x 4.0x 3.7x 3.3x 37.2x 22.1x 18.3x 14.7x 37.2x 38.9x 36.7X 29.2x

Source: Capital IQ. Market data as of January 25th, 2018.


Note: NM – Not Meaningful, NA – Not Available. *Price performance from IPO price. Symantec ’16-’17 Revenue Growth Not Meaningful (NM) due to acquisition spree in 2016. 44
Public Company Trading Analysis: Operating Metrics
High Growth & Low Growth Cybersecurity.
Revenue ($M) Revenue Growth (%) EBITDA ($M) EBITDA Margin (%)
Company
LTM 2017E 2018E 2019E 16-’17E 17E-’18E 18E-’19E LTM 2017E 2018P 2019E LTM 2017E 2018E 2019E

High Growth Cybersecurity (>20% CAGR)


Palo Alto Networks $1,869 $1,971 $2,372 $2,765 25.8% 20.4% 16.5% ($81) $471 $613 $754 (4.3%) 23.9% 25.8% 27.3%
Splunk 1,158 1,242 1,558 1,985 30.7% 25.5% 27.4% (255) 146 210 315 (22.1%) 11.8% 13.5% 15.9%
Proofpoint 477 510 663 845 35.7% 30.0% 27.5% (34) 65 91 128 (7.1%) 12.8% 13.7% 15.2%
Okta 231 253 335 444 57.8% 32.4% 32.7% (105) (65) (71) (29) (45.5%) (25.8%) (21.2%) (6.4%)
Mimecast 222 239 296 351 39.5% 24.1% 18.4% 8 22 31 38 3.5% 9.0% 10.3% 10.8%
SailPoint 163 174 216 271 31.3% 24.5% 25.2% 18 22 15 22 11.0% 12.5% 6.8% 7.9%
ForeScout 204 217 262 318 30.2% 20.5% 21.6% (63) 45) (37) (7) (30.7%) (20.5%) (14.1%) (2.2%)
Rapid7 188 201 240 282 27.4% 19.7% 17.7% (40) (21) (14) 8 (21.1%) (10.4%) (5.8%) 2.8%

Low Growth Cybersecurity (<20% CAGR)


Symantec $4,571 $4,945 $5,113 $5,423 NM 3.4% 6.0% $596 $2,290 $2,602 $3,087 13.0% 46.3% 50.9% 56.9%
Check Point Software 1,835 1,857 1,973 2,100 6.7% 6.3% 6.4% 912 1,040 1,100 1,178 49.7% 56.0% 55.7% 56.1%
Trend Micro 1,360 1,358 1,461 1,544 11.8% 7.6% 5.7% 487 454 506 552 35.8% 33.4% 34.6% 35.7%
Fortinet 1,441 1,487 1,695 1,912 16.6% 13.9% 12.8% 170 308 373 449 11.8% 20.7% 22.0% 23.5%
Sophos 571 569 692 846 13.6% 21.5% 22.3% 7 48 65 96 1.2% 8.5% 9.4% 11.4%
FireEye 734 743 800 868 4.0% 7.7% 8.5% (139) 87 102 136 (19.0%) 11.8% 12.7% 15.7%
Qualys 220 230 268 307 16.1% 16.4% 14.8% 57 85 98 112 25.8% 36.8% 36.5% 36.3%
CyberArk 246 257 306 360 18.6% 19.2% 17.5% 29 56 70 86 12.0% 21.8% 23.0% 24.0%
Barracuda Networks 373 372 398 471 7.0% 7.2% 18.3% 32 65 80 102 8.6% 17.5% 20.0% 21.6%
Imperva 309 322 377 436 21.7% 17.2% 15.8% (7) 43 55 76 (2.1%) 13.5% 14.7% 17.3%
Secureworks 466 465 504 558 8.4% 8.4% 10.7% (28) (21) (7) 23 (5.9%) (4.6%) (1.4%) 4.2%
F-Secure 208 214 235 259 8.2% 9.6% 10.3% 22 23 35 50 10.7% 10.9% 14.8% 19.5%
VDSI 186 189 206 218 (1.7%) 9.0% 5.7% 10 19 21 28 5.6% 10.1% 10.4% 12.7%
MobileIron 173 174 187 205 6.3% 7.3% 9.4% (53) (18) (8) (3) (30.6%) (10.2%) (4.3%) (1.5%)

Source: Capital IQ. Market data as of January 25th, 2018.


Note: NA – Not Available. Symantec ’16-’17 Revenue Growth Not Meaningful (NM) due to acquisition spree in 2016. 45
2017
Cybersecurity IPOs
1

20,000,000 Shares 5,280,000 Shares 11,000,000 Shares

Common Stock Class A Common Stock Class A Common Stock

$12.00 Per Share $22.00 Per Share $17.00 Per Share

$240,000,000 $116,160,000 $187,000,000

November 17, 2017 October 27, 2017 April 7, 2017


IPO
November 17th, 2017
SailPoint Was The 3rd Cybersecurity IPO of 2017.

20,000,000 Shares Business Overview Customer Highlights


SailPoint provides enterprise identity solutions to govern the digital identities of employees, contractors &
825 Customers 39 Countries
business partners. Its open identity platform provides organizations with critical visibility into who currently has
access to which resources, who should have access to those resources, and how that access is being used
Focus On Large & Mid-Market
Common Stock
Enterprise Businesses
Compliance Controls Password Management
$12.00 Per Share Access certification and identity policies Reset passwords automatically while
critical to achieving continual compliance enforcing corporate policy Insurance
$240,000,000 Finance Health Care & Gov’t
Pharmaceutical

Access Request & Automated Provisioning Data Access Governance Top Customers Include:

Ensure the right people have the right access Govern access to all data; 80% of
to the right applications at the right time corporate data is unstructured

Key IPO Statistics Summary Financials Stock Performance Since IPO


Headquarters: Austin, Texas Exchange: NYSE
$16.45
Founded: 2004 Stock Price ($): $17.05 $16.50
$15.83 $16.09$16.12
Employees: 765 52 W High / Low ($): $17.75 / $12.82 $15.80
$15.62
Ticker: SAIL Market Cap (USD $M): $1,458.7 $15.50 $15.44
$15.04 $15.02
Listing Date: November 17, 2017 Net Debt ($M): ($17.3) $14.83 $14.60
$14.50
Shares Offered: 20,000,000 (original shares planned at 14.3M) Enterprise Value ($M): $1,441.4 $14.35 $14.39 $14.50

Offer Price: $12.00 (Filing range was $9.00 - $11.00) LTM Revenue ($M): $162.6 $13.50
Amount Raised: $240,000,000 LTM EBITDA ($M): $17.9
$13.00
Ownership: Thoma Bravo owns 60.5% of outstanding shares EV / LTM Revenue: 8.9x $12.50
11/17 12/1 12/15 12/29 1/12

Source: SEC filings and Capital IQ.


Note: Valuation metrics and stock price performance as of January 25th, 2017. LTM numbers as of September 30, 2017. 3 49
SailPoint Was The 3rd Cybersecurity IPO of 2017.

Financial Snapshot Management Team


Revenue ($M) Adjusted EBITDA ($M) Mark McClain, Chief Executive Officer & Co-Founder
▪ Has served as Chief Executive Officer & Board Member since co-
$200 $19.9
$162.6 $20 founding SailPoint in 2005
$132.4 $15.1 ▪ Prior to SailPoint, Mark co-founded Waveset Technologies which was
$150 $16
acquired by Sun Microsystems in 2003
$95.4
$12
$100 $7.5 Kevin Cunningham, Chief Strategy Officer & Co-Founder
$8 ▪ Has served as Chief Strategy Officer since co-founding SailPoint in
$50 2005
$4
▪ Prior to SailPoint, Kevin was Director of Software Marketing for Sun
$0 $0
Microsystem
FY 15 FY 16 LTM FY 15 FY 16 LTM
Cam McMartin, Chief Financial Officer
Growth Strategy ▪ Cam has served as Chief Financial Officer since 2011
▪ Prior to SailPoint, Cam served as MD and CFO for CenterPoint
Drive New Customer Growth Further Penetrate Existing Customer Base
Ventures & held senior financial management positions for Convex
▪ Total addressable market of 80,000 companies having at ▪ As customers realize the value of their investment, new Computer & Dazel
least 1,000 employees use cases and deployments are identified, allowing SAIL
▪ Penetrated approximately 1% of approximately 65,000 to sell more products to existing customers and to Howard Greenfield, Chief Revenue Officer
companies in the countries where customers are today expand the number of identities covered within their ▪ Howard has served as Chief Revenue Officer since Oct 2017 and
organizations previously served as SVP of Worldwide Sales
▪ Prior to SailPoint, Howard served as Vice President of Worldwide
Continue to Expand Global Presence Expand Market & Product Across Other Verticals Mobility Sales for Zenprise (acquired by Citrix Systems)
▪ Generated 30% of revenue outside of U.S. in 2016 ▪ Penetrate target vertical markets by providing vertical-
▪ Gartner estimates more than 62% of worldwide specific identity solutions & focusing marketing efforts
spending on security products was outside the U.S. to address the use cases of those customers

Directors
Board of
Leverage & Expand Existing Partner Network Continue To Invest In Platform
▪ Partnerships with global SIs and resellers have helped ▪ Continue investing to extend its position as the leader
extend SAIL’s reach to serve customers more effectively in identity governance by developing or acquiring Mark McClain Marcel Bernard William Bock Seth Boro Jim Pflaging Chip Virnig

▪ Significant opportunity to offer solutions to customers by new products and technologies


collaborating with adjacent technology vendors

Source: SEC filings and Capital IQ.


Note: LTM numbers as of September 30, 2017. 3 50
IPO
October 27th, 2017
ForeScout Was The 2nd Cybersecurity IPO of 2017.

5,280,000 Shares Business Overview Key Metrics


ForeScout offers a heterogeneous security solution that can see devices, control them and orchestrate 2,500+
system-wide threat response across your wired and wireless campus, data center, cloud and operational Customers
technology deployments without agents.
Class A Common Stock 70+
Countries
See: Control: Orchestrate:
$22.00 Per Share Agentless Visibility Policy-based Segmentation Security Automation 42M+
Endpoint Licenses Sold
Continuously discover, classify, Automate policy-based notifications Orchestrate information sharing and
$116,160,000
assess and monitor the expanding and access control (devices, users policy-based security enforcement 1M+
number of physical and applications), limit access to operations among IT and security Devices Supported In A Single
endpoints, IoT, OT devices and appropriate resources, streamline management products to accelerate Deployment
virtual instances connected to your guest onboarding, find and fix system-wide threat response 70+
network—without requiring agents endpoint security gaps without human intervention Integrations

Key IPO Statistics Summary Financials Stock Performance Since IPO


Headquarters San Jose, California Exchange NASDAQ $34.00 $33.69
$32.89
Founded 2000 Stock Price ($) $33.98 $31.89
$32.00
Employees 898 52 W High / Low ($) $35.00 / $21.56 $30.97 $30.97
$30.00 $28.66
Ticker FSCT Market Cap (USD $M) $1,288.1
$28.00 $28.61
Listing Date Oct 27, 2017 Net Debt ($M) ($47.7) $25.50 $26.94 $27.48
$26.00
Shares Offered 5,280,000 (original shares planned at 4.8M) Enterprise Value ($M) $1,240.4 $24.35
$24.00 $25.11
Offer Price $22.00 (Filing range was $20.00 - $22.00) LTM Revenue ($M) $204.3
$22.00 $22.41
Amount Raised $116,160,000 LTM EBITDA ($M) ($62.7) $21.92
$20.00
Ownership Directors & Executive Officers own 39.5% of EV / LTM Revenue 6.1x 10/27 11/10 11/24 12/8 12/22 1/5 1/19
Structure outstanding shares EV / LTM EBITDA NM

Source: SEC filings and Capital IQ.


Note: Valuation metrics and stock price performance as of January 25th, 2017. LTM Numbers as of September 30, 2017. 3 52
ForeScout Was The 2nd Cybersecurity IPO of 2017.

Financial Snapshot Management Team


Revenue ($M) Adjusted EBITDA ($M) Michael DeCesare, Chief Executive Officer and President
▪ Chief Executive Officer, President and Board of Directors member of ForeScout
$200 FY 14 FY 15 FY 16 ▪ Has more than 25 years of industry experience, including serving as President of
$166.8
$0 Intel Security and Executive Vice President of Worldwide Sales at McAfee
$150 $126.0
($7.6) Pedro Abreu, Chief Strategy Officer
$100 ($20) ▪ Leads Corporate Strategy
$71.1
▪ Prior to joining ForeScout, Pedro was Senior Vice President of Strategy and Go-
To-Market Operations at Intel Security
$50 ($40) ($34.1) ▪ He has held several senior-level strategy and operations roles with EMC,
Documentum and McKinsey.
$0 ($51.0)
($60)
FY 14 FY 15 FY 16 Oded Comway, Co-Founder and CTO
▪ Prior to founding Forescout in 2000, Oded managed the Tel Aviv University
Growth Strategy Systems
▪ He was a co-founder of Tap Guard Technologies
Expand Within Existing End-Customers Expand New Parts Of Existing Customers Networks
Dror Comay, Co-Founder and Chief Architect
▪ Expected to grow within our end-customer base ▪ Expected to grow as end-customers broaden ▪ Prior to founding ForeScout, Dror served in a variety of roles at various
as more devices come online within the their use of FSCT’s solution across wired organizations, including Nortel
enterprise networks (on-premise), wireless networks ▪ Dror earned a bachelor’s degree in Mathematics from Tel Aviv University

▪ Product revenue is directly tied to the number of (remote and visitor devices), data centers, Julie Cullivan, CIO and Senior Vice President, Business Operations
licensed devices managed. As of June 30, 2017, branch offices, geographies, and public cloud ▪ Julie has extensive operational and technical leadership experience, having held
FSCT sold products with licenses covering over environments prior roles at FireEye, Autodesk, McAfee and Oracle

42 million devices
Grow Global End-Customer Base Increase Sales Of Extended Module
▪ Invested in sales organization to drive new end- ▪ Strong demand for FSCT’s third-party product

Directors
Board of
customer adoption and to introduce our products integrations, or Extended Modules
to new markets ▪ Continue to productize these integrations and
▪ These investments will allow FSCT to pursue new leverage joint go-to-market efforts with channel Theresia Gouw David DeWalt James Beer Hezy Yeshurun T. Kent Elliot
large enterprise opportunities locally & globally partners

Note: Fiscal Year Ends December.


4 53
IPO
April 7, 2017
Okta Was The 1st Cybersecurity IPO of 2017.

11,000,000 Shares Business Overview

Okta operates an integrated system that connects persons via devices. The company’s identity cloud connects various companies to pre-integrated apps and
devices every day. It offers single sign-on, mobility management, adaptive multi-factor authentication, lifecycle management, and universal directory products
for IT customers; and complete authentication, user management, flexible administration, API access management, and developer tools for developers.
Class A Common Stock
Secure Remote User Access Platform Integration Secure User Management Industry Services
$17.00 Per Share
▪ Implement strong authentication ▪ Integrate all business ▪ Deploy one user database and ▪ Industry specific solutions for
$187,000,000 policies to verify users and applications and technologies authentication system for any Healthcare, Government,
reduce security incidence threats into one entity set of connected applications Education, Energy, Financial
▪ Give employees secure access to ▪ Maintain security while ▪ Create one consolidated profile Services, Technology, and
needed tools while maintaining connecting with all parties that for each user, then analyze their Non-Profit Institutions
control of IT environment your company interacts with engagement

Key IPO Statistics Summary Financials Stock Performance Since IPO


Headquarters San Francisco, California Exchange NASDAQ
$32.00 $31.28
Founded 2009 Current Price ($) $30.52 $30.19
Employees 898 52 W High / Low ($) $33.64 / $21.52 $30.00 $29.80
Ticker OKTA $27.31 $28.46
Market Cap (USD $M) $3,110.7 $28.00
Listing Date April 07, 2017 Total Debt ($M) $0.0 $27.00
$26.00 $26.58
Shares Offered 11,000,000 $26.31 $25.61
Enterprise Value ($M) $2,887.1
Offer Price $17.00 (Initial range was $13.00 - $15.00) LTM Revenue ($M) $231.1 $24.00

Amount Raised $187,000,000 (Net Proceeds: $173,910,000) LTM EBITDA ($M) ($105.1) $22.00 $23.51
Directors & Executive Officers owns 51.1% of EV / LTM Revenue 12.5x $22.19
Ownership
outstanding shares and have 61.8% of voting $20.00
Structure EV / LTM EBITDA NM
power 4/7 5/12 6/16 7/21 8/25 9/29 11/3 12/8 1/12

Source: SEC filings and Capital IQ.


Note: Valuation metrics and stock price performance as of January 25th, 2018. 3 55
Okta Was The 1st Cybersecurity IPO of 2017.

Financial Snapshot Management Team


Revenue ($M) Adjusted EBITDA ($M) Todd McKinnon, Chief Executive Officer and Co-Founder
$200
▪ Prior to Okta, he served as the Head of Engineering at
$160.3 FY 15 FY 16 FY 17 Salesforce.com and worked for nearly a decade in various
$150
$0 engineering and leadership roles at PeopleSoft

($20)
$100
$85.9 J. Frederic Kerrest, COO & Co-Founder
▪ He previously worked at Hummer Winblad Venture Partners and
$41.0 ($40)
$50 Salesforce.com
($60) ($49.3)
$0 ($63.0) ($61.2)
FY 15 FY 16 FY 17 ($80) Charles Race, President, Worldwide Field Operations
▪ He brings leadership experience from serving as EVP of
Growth Strategy Worldwide Field Operations at Informatica

Drive New Customer Growth Expand Integrations and Partner Ecosystem


Bill Losch, Chief Financial Officer
▪ Grow customer base with focus on key ▪ Continue current partnerships (e.g., AWS, ▪ Prior to Okta, he served as CFO at MobiTV, Inc. and Chief
verticals, including highly-regulated sectors Atlassian, Box, Google Cloud) while adding Accounting Officer at DreamWorks Animation and Yahoo!
such as financial services, government and new integration partners (5k integrations with
healthcare (880 net new customers in FY17) cloud, mobile & web apps currently)
Jonathan Runyan, General Counsel
▪ Expand international footprint (13% of ▪ Expand indirect sales network to leverage sales ▪ Prior to Okta, Jonathan served as a Partner & Associate at
revenue outside of U.S. in FY17) efforts of additional ISVs and channel partners Goodwin Procter LLP

Deepen Existing Client Relationships Advance Platform With New Products


▪ Increase revenue from existing customers by ▪ Continue to make significant investments in

Directors
cross-selling and upselling additional products research and development, hiring top talent,

Board of
▪ Focus on current customers that limit use cases to and maintaining an agile organization
internal identity management and further their ▪ Address new use cases and offer increasing Ben Horowitz Patrick Grady Michelle Wilson Michael Stankey Michael Kourey
use of Okta platform for external use cases value to existing and potential customers
General Partner Partner Board of Director Vice Chairman CFO
Note: Fiscal Year Ends January.
4 56
IV. M&A Activity In
Cybersecurity
IV. M&A Activity In Cybersecurity
Section Contents.

i. Cybersecurity M&A Activity | 2010-2017 59

ii. Closer Look at Recent Cybersecurity Exits | Part 1 60

iii. Closer Look at Recent Cybersecurity Exits | Part 2 61

iv. Cybersecurity M&A: A Closer Look At Deal Value & Multiples 62

v. Notable Cybersecurity M&A Transactions | 2016 to 2017 (Disclosed Values) 63

vi. Backup Data: M&A Transaction Disclosed Deal Values | 2016 to 2017 64-69

vii. Notable Cybersecurity M&A Transactions | 2016 to 2017 (Undisclosed Values) 70

viii. Backup Data: M&A Transaction Undisclosed Deal Values | 2016 to 2017 71-81

58
Cybersecurity M&A Activity | 2010-2017
Cybersecurity Company M&A Transactions of $94.5 Billion Across 1,043 Deals Since 2010.
Annual M&A Deals And Volume Quarterly M&A Deals And Volume
($B) (2010 – 2017) ($M) (Q1 2010 – Q4 2017)
$25.0 200 53 $11,985

177 178
$21.0 180 46
$20.4 45 44
$20.0 160 47 46 42
39 38
158 $9,081 39
140 34 45
34 35
135 32 $7,747
29 30 36 32
$15.0 120
$12.6 26 26 27 27 $6,349
113 $12.5 25 $6,305
$11.5 100 23 22 22 29
105
20 $4,845
$10.0 90 $8.6 80 18 17 $4,385 $4,544
87 $4,397
15 $3,881
60 $2,960
$3,334
$2,910
$12.1 $11.1
$2,660 $2,260 $2,675
$5.0 $4.0 $4.3 $11.2 40 $1,931
$8.6 $1,809 $1,483 $1,656
$7.7 $1,396
20 $1,047$818 $580 $887
$486 $748
$3.8 $264 $480
$2.3 $2.8 $252 $184 $158
$0.0 -
2010 2011 2012 2013 2014 2015 2016 2017
Q1'10
Q2'10
Q3'10
Q4'10
Q1'11
Q2'11
Q3'11
Q4'11
Q1'12
Q2'12
Q3'12
Q4'12
Q1'13
Q2'13
Q3'13
Q4'13
Q1'14
Q2'14
Q3'14
Q4'14
Q1'15
Q2'15
Q3'15
Q4'15
Q1'16
Q2'16
Q3'16
Q4'16
Q1'17
Q2'17
Q3'17
Q4'17
Private Co. Volume ($B) Public Co. Volume ($B) Number of Deals Volume ($M) Number of Deals

▪ Number of deals reached new heights in 2017 with ▪ Over the last eight quarters financial and strategic buyers have completed $41B in M&A transactions
178, just above the previous record of 177 in 2015 ▪ Q4’17 was the strongest quarter for transaction volume since Q3’13 totaling $12B; surpassed previous high of
▪ Public company acquisitions / divestitures surpassed $9B set in Q3’10
2016 figures with 15 deals completed (up 114%) at a ▪ Though transaction volume remained low earlier in the year, 2017 was a milestone year for M&A transactions
combined deal value of $12.7B (up 27%) with some of the biggest deals closing in the last quarter (e.g., Gemalto / Thales)
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Capital IQ, 451 Group, and Pitchbook.
Note: Includes private and public company M&A transactions including acquisitions of public companies and divestures of assets / operations / business units from public companies. 59
Closer Look at Recent Cybersecurity “Exits” | Part 1
Breaking Down The Cybersecurity “Exits” In 2016 And 2017.

Time to Exit
4.4% Selected Companies

<2 Years

25.4% 2 to 5 years
40.5%
5 to 7 years
14.7%
15.1% 7 to 10 years

10+ years

Deal Value
Selected Companies
6.0%
$0-$25M

9.5% $25M-$50M

38.1% $50M-$100M
16.7%
$100M-$250M
14.3% $250M-$500M
15.5%
$500M+

Note: Excludes deals with undisclosed deal values (typically < $50M). Deals with undisclosed deal values account for 66% of total exits.
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Capital IQ, 451 Group, and Pitchbook.
Note: “Exits” excludes targets that were previously acquired or listed on a public exchange. 60
Closer Look at Recent Cybersecurity “Exits” | Part 2
Breaking Down The Cybersecurity “Exits” In 2016 And 2017.

Last Round Prior to Exit


Selected Companies
Early Stage
25.0% 25.8%
Series A

24.2% Series B
25.0%
Series C+

Note: Excludes self-funded companies.

Total $ Raised Prior to Exit

Selected Companies
17.0% $1M-$10M

33.7% $10M-$20M

29.0% $20M-$50M

$50M+
21.0%

Note: Excludes companies that raised <$1M.


Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Capital IQ, 451 Group, and Pitchbook.
Note: “Exits” excludes targets that were previously acquired or listed on a public exchange. 61
Cybersecurity M&A: A Closer Look At Deal Value & Multiples
Cybersecurity M&A Activity Since 2010 With Disclosed Transaction Values And Multiples.

M&A By Deal Value M&A By Valuation Multiples (EV / LTM Rev)


68.0%
14.0% 37.6%
$50M-
100M 56

54.0%
23.1% 24.2%
70

$0M- 216 15.1%


$50M
16.5% 43 45
10.0%
28
66 5.5%
40
22
>$0M - $100M $100M - $300M $300M - $1B $1B+ >0.0x - 3.0x 3.0x - 5.0x 5.0x - 10x 10.0x+

▪ The average and median enterprise value for Cybersecurity transactions since 2010 ▪ Valuations for M&A Cybersecurity targets vary for many reasons – growth, market
was $229M and $42M, respectively leadership, customer validation, technology, team, and transaction dynamics

▪ M&A exits in Cybersecurity are typically below $100M 68.2% of the time ▪ Transactions >10x are a minority (15.1%) where the buyers are typically cash rich and
willing to pay what it takes (median cash balance of the buyers at time of acquisition
▪ Transactions > $1B are rare, representing 5.5% of all deals (13 public* and 9 private
was $1.1B and median market cap was $12.8B)
company transactions)
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Capital IQ, 451 Group, and Pitchbook.
Note: *Includes acquisitions of public companies and divestures of assets / operations / business units from public companies. 62
Notable Cybersecurity M&A Transactions | 2016 to 2017
Cybersecurity M&A Transactions With Disclosed Transaction Values.

The Buyers The Sellers


(Networking Biz)

(Cyber Biz Unit)

(Email Fraud Protection)

(Cyber Solutions Biz)

Enterprise Value ($M) LTM Revenue ($M) EV / LTM Revenue


For Additional Information on Backup Data (Pages 64-69) Supporting Transaction
Mean $363.2 $218.4 6.3x
Data, Please Contact Momentum Cyber at almanac@momentumcyber.com
Median $54.7 $35.0 4.3x

Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Capital IQ, 451 Group, and Pitchbook.
63
Notable Cybersecurity M&A Transactions | 2016 to 2017
Cybersecurity M&A Transactions With Undisclosed Transaction Values.

The Buyers The Sellers

(SST Unit)

(AppGuard Biz) (IAM Biz)

(Business Div) (SSL Security)

(US Fed Gov’t Services)

(Secure Partnership Biz)

(Email Security Biz)

(Identity Biz)

(Web Security Biz)

(iDefense Security)

For Additional Information on Backup Data (Pages 71-81) Supporting Transaction Data, Please Contact Momentum Cyber at almanac@momentumcyber.com

Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Capital IQ, 451 Group, and Pitchbook.
70
V. Financing Activity
In Cybersecurity
V. Financing Activity In Cybersecurity
Section Contents.

i. Financing Activity Since 2010 84

ii. Cybersecurity Startups And Investors 85

iii. Cybersecurity Funding By The Numbers 86

iv. Notable Cybersecurity Financing Activity | 2016 to 2017 87-88

v. Backup Data: Cybersecurity Financing Activity | 2016 to 2017 89-105

83
Financing Activity Since 2010
Cybersecurity Startups Raised $20.7 Billion Across 1,626 Deals Since 2010.
Annual Investment Deals And Dollars Quarterly Investment Deals And Dollars
($B) (2010 – 2017) ($M) (Q1 2010 – Q4 2017)

$1,804
326
350 96
278 $1,531 $1,466
300
$5.1 $1,239 71 $1,238 80 $1,427
229
201 208 250
$4.5 $1,124 79
59 60 73 75
200 51 49 57 $949 $921 71
156 $3.8 47 49 $844 53 49 49
42 $818 59
120 40 66
108 150 35 33 36 $545 54 $653
$2.7 27 30 28 30 31 $510 $515 $513 $520
23 24 $500
100 $446 $427
$259 $264
$1.7 $212 $236 $219 $242$248 $269 $261
$1.2 50 $197 $141 $130
$0.8 $0.8
0

Q1'10
Q2'10
Q3'10
Q4'10
Q1'11
Q2'11
Q3'11
Q4'11
Q1'12
Q2'12
Q3'12
Q4'12
Q1'13
Q2'13
Q3'13
Q4'13
Q1'14
Q2'14
Q3'14
Q4'14
Q1'15
Q2'15
Q3'15
Q4'15
Q1'16
Q2'16
Q3'16
Q4'16
Q1'17
Q2'17
Q3'17
Q4'17
2010 2011 2012 2013 2014 2015 2016 2017

Investments ($B) Deals


Investments ($M) Deals

▪ 2017 reached record levels yet again, with $5.1B ▪ Over the last eight quarters investors have poured $9.6B into Cybersecurity
raised across 326 transactions ▪ After a slow start in Q1, Q4 closed out 2017 with funding totaling $1.5B across 79 transactions
▪ 2017 outpaced 2016 by $594M in funding volume ▪ 4Q17 ended strong with 24 deals ($654M raised) in September, 25 deals ($285M raised) in August, and 30
and 48 transactions deals ($528M raised) in December

Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Capital IQ, CBInsights, and Pitchbook.
Note: Data for 2014 – 2017 includes only deals with amounts raised >$1M. 84
Cybersecurity Startups And Investors
List of Most Well-Funded Startups And Most Active VC Investors.

Top 15 Most Well-Funded Cybersecurity Startups ($M) Top 15 Most Active Investors in Cybersecurity*
$407
32 32
31
Confidentially 30
For Filed IPO
$331 27
26
$305 $301
$288 $281 $274 $268 22
20 20 20
$237 $236 19
17
$198 $198 $190 16
$187 $184
14
12

▪ The top most well-funded startups have raised $3.9B over their lifespan ▪ During 2017 NEA & Accel became the most active investors in Cybersecurity, having
▪ Tanium continues to top the list of most well-funded ahead of Lookout, having raised invested in 32 company rounds since 2010
$100M in 2017 & $212M in 2015, totaling over $400M since 2007 ▪ 4Q17 was an active quarter with Trident Capital Cybersecurity making 3 investments
while Accel Partners, Sequoia Capital, Intel Capital, and Battery Ventures made 2
▪ An additional 23 companies have raised between $100M and $180M for a total of $3.0B,
including Zscaler ($183M), Cloudflare ($182M), Cylance ($180M), Armor ($150M), investments each
Forgerock ($148M), Code42 ($138M), Pindrop Security ($133M), Bracket Computing
($132M), Silent Circle ($130M), Digital Guardian ($126M), Ionic Security ($123M),
LogRhythm ($122M), Duo Security ($130M), Bromium ($116M), and SentinelOne ($110M)

Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Capital IQ, and Pitchbook.
Note: *Total number of investments made in rounds with a minimum of $5 million raised. 85
Cybersecurity Funding By The Numbers
A Breakdown of Capital Raises By Stage in 2016 & 2017.

# of Deals By Stage Selected Companies By Stage


Growth 27.1% 10.2% 25.0% 10.3%

89 88
97 Early
75
70 68 Stage
50
40
2016

2017

Early Stage Series A Series B Series C+ Series A


2016 $2.2M $7.9M $15.2M $21.6M
Median
Deal Size
2017 $2.2M $7.0M $15.5M $27.5M

Capital Raised By Stage ($M)


Growth 79.9% (25.9%) 32.9% 15.8%
Series B
$2,903
$2,507

2016 $1,053
$781 $689 $916
2017 $169 $304 Series C+
Early Stage Series A Series B Series C+

Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Capital IQ, and Pitchbook.
Note: Includes investments of greater than of $1 million and excludes grants and straight debt/loan financings. Follow-on financings (e.g., A, A1) in same year combined to represent one deal for that stage. 86
Notable Cybersecurity Financing Activity | 2016 to 2017
Minority Investments >$10M.

$10M - $25M $25M - $50M $50M+

$100M+

For Additional Information on Backup Data (Pages 89-105) Supporting Transaction Data, Please Contact Total Amount Raised ($M) $8,085.0
Momentum Cyber at almanac@momentumcyber.com Median Amount Raised ($M) $20.0

Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Capital IQ, and Pitchbook.
87
Notable Cybersecurity Financing Activity | 2016 to 2017
Minority Investments >$10M.

$10M - $25M $25M - $50M $50M+

$100M+

For Additional Information on Backup Data (Pages 89-105) Supporting Transaction Stats, Please Contact
Momentum Cyber at almanac@momentumcyber.com

Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Capital IQ, and Pitchbook.
Note: Represents total size of funding rounds participated by each investor. 88
VI. Transaction
Profiles
VI. Transaction Profiles
Section Contents.

i. Selected Momentum M&A Transactions 108-118

ii. Highlighted M&A Transactions 119-159

iii. Highlighted Fundraising Activity 160-233

107
Selected Momentum
M&A Transactions
1

acquires acquires acquires

$60.0M Undisclosed Undisclosed

November 29, 2017 November 14, 2017 August 31, 2017


Proofpoint Acquires Weblife
Momentum Cyber Acted As The Exclusive Financial Advisor To Weblife.

Transaction Overview Other Notable Web Isolation Transactions


▪ On November 29, 2017, Proofpoint, Inc (“Proofpoint”) announced it acquired Weblife Balance
Inc. (“Weblife”) for a total consideration of $60M, representing a 17.1x multiple of invested capital Date: 07/06/17

▪ “In an era of constant connectivity and eroding boundaries between a professional and personal HQ: Tel Aviv, Israel
digital life, it is critical to have email protection that is both broad and deep. The acquisition of acquired
Weblife gives us greater ability to help protect our customers from today’s rapidly evolving
Founded: 2014
has been acquired by cyberattacks, as cybercriminals look for new ways to abuse email channels. We are thrilled to
welcome Weblife’s employees to the Proofpoint team.” – Gary Steele, CEO, Proofpoint
CEO: Guy Guzner
▪ “Organizations are having to confront the reality that employees will check their personal
webmail from the corporate network, and will also use their corporate devices to check their $225 Million
webmail at home after work, on the road, and everywhere in between. By combining Proofpoint’s
advanced threat detection capabilities with our unique browser isolation solution, enterprises can Date: 05/09/16
now secure both corporate and personal email from advanced threats and compliance risks.”
– David Melnick, CEO, Weblife HQ: Los Gatos California
for total consideration of acquired
Transaction Significance
Founded: 2012
▪ By combining Weblife’s web-isolation technology with Proofpoint’s industry leading threat
$60M detection and intelligence, companies can now secure both corporate and personal email from
CEO: Branden Spikes
advanced threats and compliance risks
Momentum Cyber acted as exclusive - Unique combination of web-isolation and advanced threat detection delivers Undisclosed
financial advisor to Weblife comprehensive protection from both malware and credential stealing phishing links
▪ The integrated solution will become part of Proofpoint’s Targeted Attack Protection advanced Other Primary Competitors
threat solution suite, and will be available in the first half of 2018
Company Headquarters Amount Raised
Momentum’s Role
Mountain View, CA $14.2M
▪ Momentum Cyber acted as exclusive Financial Advisor to Weblife
November 29, 2017 ▪ This transaction demonstrates Momentum's continued success in advising innovative, next-
Baltimore, MD Undisclosed

generation Cybersecurity companies and further establishes the firm's leadership position as the
Menlo Park, CA $35.5M
‘go to’ advisor exclusively focused on Cybersecurity

110
Proofpoint Acquires Weblife (Continued)
Secure, Empower, And Simplify Employee Web Access.
Company Profile Product Overview
Weblife fundamentally changes how organizations approach employee Internet Weblife secures, empowers, and simplifies employee Internet use with a complete cloud-based service to isolate and
usage simply by providing a separate, private, and secure space for employees secure web use providing employees greater freedom and anonymity to conduct personal and high-risk web browsing
to conduct personal web browsing. Current employee web-use policies don't ONLY SAFE CONTENTS HIGH RISK CONTENTS
(HTML-CSS) (.JS, .EXE, ETC.)
address the fact that employees will continue to spend some portion of their
How It
Description time on personal web browsing. Weblife acknowledges this reality and brings Works
employees back into policy compliance by securely separating personal and SECURE CONNECTION ANONYMOUS
Browser (HTTPS) Weblife Service WEBSITE TRAFFIC Public Internet
business web activity. By doing so, this program provides an additional benefit
to employees, improves a company’s security posture, reduces its liability, and
Weblife Solutions
enhances its compliance with global privacy obligations.

Web Isolation Webmail GDPR Compliance Clandestine Browsing

Management Empowers IT, Security, and


Separate trusted business activity Grant all employees web mail Ensure your security monitoring of
Investigative teams to safely &
from untrusted personal use to access without compromising employee internet use complies
David Melnick Adrian Roston Kenny Lee Michael Jones anonymously research &
CEO CTO CPO Product Manager manage and reduce risk security posture with EU GDPR requirements
investigate without increased risk
Founded 2013
HQ
Los Angeles, California / Woking, United Kingdom
Isolation Is Critical
(US & EMEA)
Amount announces Weblife’sRemoteBrowseras #2 of Distribution By Type Of Attack On Enterprise Users
$3.5M from
Raised
Top 10 Security technologies for 2017
Value Proposition Adobe Flash Player, 5%
▪ By 2021, 20% of enterprises will adopt a remote browser solution to isolate Adobe Reader, 7%
SECURE WEB EMPOWER SIMPLIFY Browsers, 58%
internet browsing from enterprise systems, up from less than 1% in 2016 Android, 7%
USE EMPLOYEES GOVERNANCE
▪ By 2021, 50% of enterprises will actively isolate internet browsing activities Java, 11%
Secure web use by Simplify IT governance,
Empower IT and to reduce the impact of attacks, up from less than 5% in 2016
isolating DLP and compliance and
employees with greater
malware threats in the control of employee ▪ Through 2021, organizations that isolate internet browsing will experience a Office, 12%
web use freedom
cloud web access 70% reduction in attacks compromising end-user systems
Source: Company Website and Pitchbook.
111
Proofpoint Acquires Weblife (Continued)
Acquisition Extends Proofpoint’s Protection Capabilities to Enterprise Users’ Personal Webmail.
Company Profile Product Overview
Proofpoint Inc. (NASDAQ:PFPT) is a leading next-generation security and Proofpoint’s Technology Platform
compliance company that provides cloud-based solutions to protect the way
The Proofpoint Nexus™ security and compliance platform blends security
people work today. Proofpoint solutions enable organizations to protect their
Description research, technology and threat data to protect every stage of the attack
users from advanced attacks delivered via email, social media and mobile apps, lifecycle. This modern, cloud-based graph database architecture drives the
protect the information their users create from advanced attacks and compliance effectiveness of Proofpoint’s products and powers Proofpoint’s ecosystem
of partners and integrations. Nexus extracts and correlates intelligence
risks, and respond quickly when incidents occur. across email, social media, mobile, and SaaS applications — learning from
each new attack to stay ahead of evolving threats

Advanced Threat Protection Information Protection Archiving & Compliance Email Protection
Leadership
Targeted Attach Protection Email Data Loss Prevention Enterprise Archive Email Protection
Gary Steele Paul Auvil Marcel DePaolis Manish Sarin David Knight
CEO CFO CTO EVP, Corp Dev EVP/GM Small & Medium Business
Threat Response Email Encryption E-Discovery and Analytics
Threat Systems Essentials
Founded 2002
ET Intelligence SaaS Protection Intelligent Supervision Email Fraud Defense
HQ Sunnyvale, California
Employees 1,800+ Mobile Defense Data Discover Social Media Compliance Sendmail Sentrion

Trading Profile Proofpoint Acquisition History Since 2013


Summary Financials LTM Stock Performance Date Announced Target Amt ($M) Date Announced Target Amt ($M)
Exchange NASDAQ $100.00
$96.11 $92.45 Nov 7, 2017 $110.0 Oct 23, 2014 $33.7
Stock Price ($) $92.45 $95.00 $92.42
$90.00 Oct 20, 2016 55.0 May 20, 2014 24.0
52 W High / Low ($) $97.92 / $69.19
12 Month Target $105.81 $85.00 $81.52 Oct 1, 2013 23.0
$84.47 Aug 24, 2016 18.0
$80.00
Market Cap ($M) $4,116.7
Nov 3, 2015 9.0 Aug 9, 2013 24.2
$75.00
Enterprise Value ($M) $4,038.3
$70.00 $71.00 Aug 5, 2015 8.5 Jul 25, 2013 2.5
EV / LTM Revenue 8.5x $69.41 (Certain Assets)
$65.00
EV / 2018E Revenue 6.1x Mar 2, 2015 32.3 Apr 9, 2013 4.4
Nov-16 Jan-17 Mar-17 May-17 Jul-17 Sep-17 Nov-17

Source: Company Website, Capital IQ and Pitchbook. Public Market Data as of November 28, 2017.
112
ADT Acquires DATASHIELD
Momentum Cyber Acted As The Exclusive Financial Advisor To DATASHIELD & Strategic Cybersecurity Advisor To ADT.

Transaction Overview Other Notable MSSP Transactions


▪ On November 14, 2017, The ADT Corporation (“ADT”) announced it has acquired
Date: 10/20/17
DATASHIELD, LLC (“DATASHIELD”)
▪ DATASHIELD was founded in 2009 and is the premier Managed Detection & Response (MDR) HQ: Cincinnati, Ohio
provider offering the next-generation of managed security services for Mid-Market and
has acquired
Enterprise businesses
Founded: 2015
- DATASHIELD is the only MDR Provider to provide full packet capture and inspection
beyond headers and metadata behind the firewall CEO: Brian Minick
has acquired - DATASHIELD’s SHIELDVision™ is a unified platform for organizing, managing and
collecting cyber intelligence in real-time as well as automating security analyst workflows to Undisclosed
close the gap between cyberattack and breach detection time and remediation for
customers Date: 08/21/2017

Transaction Significance HQ: Cambridge, Ontario


▪ ADT launches “ADT Cybersecurity” with the newly combined entity utilizing DATASHIELD’s has acquired a majority stake in
cutting-edge SHIELDVision™platform and deep security industry expertise to create an Founded: 2011
Momentum Cyber acted as exclusive financial
unmatched real-time Cyber detection and response solution
advisor to DATASHIELD & is serving
CEO: J.Paul Haynes
as ADT’s strategic cybersecurity advisor ▪ MDR is a Top 10 Cybersecurity technology for 2017 according to Gartner
▪ Data breaches are on the rise and increasingly more damaging to companies and individuals – ~$150 Million
MDR reduces time to detection from months to minutes
Momentum’s Role Date: 04/28/2017

▪ Momentum Cyber acted as exclusive Financial Advisor to DATASHIELD and is serving as ADT’s
HQ: Zurich, Switzerland
Strategic Cybersecurity Advisor
has acquired
▪ Momentum Cyber identified MDR as a strategic category to leverage ADT’s security footprint Founded: 1990
and sourced DATASHIELD as a proprietary target
November 14, 2017 ▪ This transaction demonstrates Momentum's continued success in advising innovative, next- CEO: Martin Bosshardt
generation Cybersecurity companies and further establishes the firm's leadership position as the
‘go to’ advisor exclusively focused on Cybersecurity Undisclosed

* Transaction Values were not disclosed at the time of announcement.


113
ADT Acquires DATASHIELD (Continued)
Premier MDR Provider Offering The Next-Generation of Managed Security Services To Mid-Market & Enterprise.

Company Overview Product Overview


DATASHIELD is a leading provider of managed detection & response security services, DATASHIELD is the only MDR Provider to provide full packet capture and inspection beyond
combining cutting-edge technology with deep industry expertise to build threat-driven security headers and metadata behind the firewall (i.e., full session reconstruction)
operations. DATASHIELD offers fully-managed security and critical incident response services
Description to its customers through an Advanced Security Operations Center (“ASOC”). DATASHIELD SHIELDVisionTM integrates and analyses Indicators of Compromise (IoC) from diverse intelligence feeds, and
provides these capabilities to both Mid-Market and Enterprise-level companies to help deploys automated responses, queries and scans. The result is superior customer value:
accelerate the detection, investigation, remediation and management of security incidents and ▪ Fewer false positives  Efficiency for the client DATASHIELD Appliance
vulnerabilities. ▪ Full threat analysis  Trace, forensics, and long term remediation
▪ Change recommendations  Continuous network improvement
▪ IoC automation and response  Faster reaction to threats

Leadership ASOC Network Visibility Cyber Analytics Threat Intelligence Incident Response Compliance
Michael Malone Joel Menk Maria Mastakas Eldon Jenkins Ben Johnson
Co-Founder & CEO Co-Founder & COO EVP Sales CTO Chief Security
Architect

Founded 2009 DATASHIELD Security Appliance™ with DATASHIELD Managed Detection and Response™
Locations Scottsdale, AZ (HQ, ASOC) & Salt Lake City, UT Built specifically to combat overwhelming resource and budget constraints that prevent companies
from establishing suitable cyber security programs for their businesses
ASOC vs. SOC: Proactive & Intelligence Driven Security
While most conventional security solutions provide REAL-TIME Threat Detection Leveraging
limited visibility and prevention capability, the People, Process & Technology
DATASHIELD Appliance is equipped with:
DATASHIELD
Threat Incident Automated Threat Knowledge Incident Appliance
Reporting
Monitoring Analysis Intelligence Management Response

Software

Full Packet Capture Log Analysis ASOC/Human


Intelligence Empowered Meaningful Knowledge Intelligence
Countermeasure
Analysis Training Autonomy Metrics Management Capabilities
Analyst Infusion & Exercise- Provide Oversight to Operationalize Measure Effectiveness & Effort Improve Depth of Analysis & Increased Effectiveness of Countermeasures
Based Learning Cyber Kill Chain Solutions Collaboration Across Sites Through Knowledge Management

Activity Incident Reporting Incident


Monitoring Analysis Response Endpoint Detection Proprietary Software

Source: Company Website, Pitchbook, and Capital IQ.


114
ADT Acquires DATASHIELD (Continued)
ADT Launches “ADT Cybersecurity” For Commercial Business Customers With Acquisition of DATASHIELD.
Company Overview Home Security, Business, & Automation System Features
The ADT Corporation provides monitored security, interactive home and business automation, and related
Your Business Security, Monitored 24/7
monitoring services, whose offerings include the installation and monitoring of residential and business security,
and premises automation systems designed to detect intrusion, control access and react to movement, smoke,
VIDEO SURVEILLANCE BURGLARY MONITORING
carbon monoxide, flooding, temperature, and other environmental conditions and hazards, as well as to
Description ADT video surveillance gives you windows into the activity in Monitoring window, door & motion sensors 24/7 allows us to
address personal emergencies. It also provides various alternate and back-up alarm transmission methods &
and around your business, even when you’re not there respond to events immediately & help secure your business
monitoring center supported personal emergency response system products and services. The company offers
its products primarily under the brand ADT and ADT Pulse to residential customers as well as small & medium ACCESS CONTROL FIRE ALARM MONITORING
sized businesses. Protection 1 & ADT operate under the ADT Brand, backed by Apollo Global Management.
Control who enters your facilities, and keep unauthorized Provides round-the-clock fire alarm monitoring that will alert
people out of sensitive areas both you and the fire department at the first sign of trouble

SMART SECURITY CUSTOM SETTINGS


Leadership Turn your mobile device into a business security system Manage your business singlehandedly.
remote control allowing access from virtually anywhere Create modes that coordinate lights, climate control & more
Timothy Whall Jim DeVries Dan Bresingham Jamie Haenggi Donald Young Jay Darfler
CEO President Chief Administrative Chief Sales & CIO SVP, Secured
Officer Marketing Officer by ADT Key Metrics
Founded 1874

HQ Boca Raton, FL (ADT); Romeoville, IL (Protection One)


OVER 140 YEARS 8 MILLION 15 MILLION 6 MONITORING CENTERS MORE THAN 200
Employees 17,000+ in the security total customers alarm signals ensuring 24/7 home branch locations. The
business & growing answered each year security response largest in the industry
ADT Transaction History
ADT Cybersecurity – Acquisition of DATASHIELD
Apollo Acquired Protection 1 & ASG Security Protection 1 Acquired ADT
“Our goal is to provide ADT customers with the most comprehensive security solution to protect their
business, and in today’s world, this not only means their physical premise, but also their network. For more
Date Target Acquirer TV Date 02/14/17
than 143 years, ADT has been monitoring physical properties, and DATASHIELD will now allow us to extend
Transaction that same level of security monitoring to the digital world. Michael and his team will infuse cybersecurity DNA
05/18/15 $1.5B $6.9B into our core business, allowing us to provide an offering that will distinguish our brand as the premiere
Value
acquired resource for end-to-end security.” — Timothy Whall, CEO, ADT
EV/Revenue 3.5x
“This is a landmark opportunity to combine the brand and reach of ADT, with the technology and innovation
05/18/15 $500M of DATASHIELD to establish the new standard in the most comprehensive digital protection for Mid-Market
EV/EBITDA 6.8x and Enterprise businesses.” — Michael Malone, CEO, DATASHIELD

Source: Company Website, Pitchbook, and Capital IQ.


115
Juniper Networks Acquires Cyphort
Momentum Cyber Advises Cyphort On Its Acquisition By Juniper Networks.

Transaction Overview Recent Cybersecurity AI-Driven & Analytics M&A


▪ On August 31, 2017, Cyphort, Inc. (“Cyphort”) announced it had entered into a definitive
Date Target Acquirer TV ($M)
agreement to be acquired by Juniper Networks (“Juniper”)
▪ The acquisition is subject to customary closing conditions and expected to close by the end
of September 08/31/17 NA*
▪ Headquartered in Santa Clara, CA, Cyphort was founded in 2011 and provides a Security
Analytics and Mitigation Platform for Advanced Threat Defense
Has Been Acquired By
− Cyphort is the only comprehensive Advanced Threat Protection platform, for on-
prem and cloud across Web, Email, Lateral Spread, File & CASB upload 08/28/17 NA*
− Cyphort’s machine learning and behavioral analytics target the SIEM “gap” by
combining detection and analytics on raw data and ingested 3rd party sources
− Investors included Sapphire Ventures, Foundation Capital, Matrix Partners, Trinity
Ventures, Zouk Capital and Dell Technologies Capital 06/08/17 100.0
Transaction Significance

Exclusive Strategic & ▪ Acquisition strengthens Juniper’s leadership position in the next-gen firewall market and is
Financial Advisor To Cyphort a critical addition to Juniper’s Software-Defined Secure Network vision 02/28/17 105.0
▪ Cyphort will integrate into Juniper’s Sky ATP platform to provide customers with improved
performance, an increased range of supported file types and additional threat detection
capabilities
▪ Cyphort marks Juniper’s return to Cybersecurity M&A after an over 4 year absence 02/08/17 120.0
Momentum’s Role
▪ Momentum Cyber served as exclusive strategic and financial advisor to Cyphort
August 31, 2017 ▪ This transaction demonstrates Momentum's continued success advising innovative, next- 02/01/17 40.0
generation Cybersecurity companies and furthers the firm's leadership position as the ‘go-
to’ advisor exclusively focused on Cybersecurity

* Transaction Values were not disclosed at the time of announcement.


116
Juniper Networks Acquires Cyphort
Advanced Threat Detection + Advanced Threat Analytics + One-Touch Threat Mitigation.

Company Overview Product Overview


Cyphort protects enterprises with its innovative Adaptive Detection Fabric (ADF), a scalable, Cyphort’s Anti-SIEM helps security teams regain visibility and control, accelerate incident
distributed platform that combines advanced threat defense with integrated security analytics
response, and ensure a stronger security posture for the organization.
and simplified mitigation features. Cyphort provides a single view across perimeter and laterally
Description moving threats, correlates relevant data from existing security tools, and then provides security
analysts with a consolidated, timeline view of critical security incidents. Cyphort leverages the Advanced Threat Advanced One-Touch
power of machine learning and its open API architecture allows it to address customers’ security Detection Threat Analytics Threat Mitigation
gaps, improve incident response operations, and accelerate threat resolution.

Cyphort’s Adaptive Detection Fabric


Cyphort’s advanced threat detection One click can update policies in
continuously examines web, email,
technology pinpoints the alerts based firewalls, IPS, & SWGs so similar
& lateral spread traffic using machine
Leadership on importance & sets up a process to threats are blocked immediately in
learning & behavioral analysis to find
identify the infected user. the future.
threats that bypass other tools.
Manoj Leelanivas Frank Jas Steve Morgan Gururaj Singh Franklyn Jones
President & CEO CTO CFO VP, Engineering CMO
Improving The Productivity Of Security Analysts Deliver Stronger Security And Protection

The Anti-SIEM
Importance of
Founded 2011 And Incident Responders Against Advanced Cyber Attacks
HQ Santa Clara, CA (HQ), Bangalore ▪ Quality of actionable info can eliminate hours of
2014 Leader in Forrester Wave™
▪ Cyphort’s ability to find the advanced threats that
Amt Raised $53.7M Automated Malware Analysis
manual work & accelerate the incident response others miss, then link related events to that threat, helps
▪ Productivity gains can eliminate the need to hire security teams not only improve productivity, but also
their security posture
The Quilt Security Ecosystem Business Overview additional staff & improve retention of staff

Cyphort's open API enables it to weave together with other enterprise


security vendors to form an incredibly strong security architecture
Flexible Deployment Options Funding Summary: $53.7M
Date Stage Amount Raised ($M) Selected Investors
June 2015 Series C $30.0
CASB Network Access Control SIEM Intrusion Prevention Systems
Cloud Virtual Low-Cost
Machine Hardware October 2013 Series B $15.5

Firewall Secure Web Gateway Endpoint


April 2012 Series A $7.0
F50-F2000 1M+ Endpoints
Customer Base Protected
March 2011 Seed $1.2

Source: Company Website, Pitchbook, and Capital IQ.


117
Juniper Networks Acquires Cyphort
Cyphort Is A Critical Addition To Juniper’s Software-Defined Secure Network Vision & Will Integrate Into Juniper’s Sky ATP Platform.

Company Overview Security Overview


Juniper Networks designs, develops, and sells network products and services worldwide. The SRX Series Firewalls Sky Advanced Threat Prevention (ATP)
company offers various routing products & switching products. In addition, the company offers
High-performance security with advanced threat intelligence, Cloud based service that provides advanced
security products including firewall capabilities, cloud-based services for static and dynamic
delivered on the industry's most scalable & resilient platform. malware protection.
analysis, & threat intelligence that aggregates threat feeds from various sources. Further, it offers
Description Junos Space Security Director Spotlight Secure Threat Platform
a network operating system & platform for creating network management applications. Juniper
Networks also provides technical support and professional services, as well as education and Next-Generation Firewall Services Secure Analytics
training programs. It sells its products through direct sales, distributors, VARs, and original
equipment manufacturer partners to end-users in the service provider and enterprise markets.
Juniper Identity Management Service Contrail Security
Sky Advanced Threat Prevention
Sky ATP provides an extra layer of protection, extending defense beyond traditional security solutions by
detecting never-before-seen malware attachments and stopping them.
Leadership
Cloud-Based Analysis Email Analysis & Remediation

Features
Rami Rahim Pradeep Sindu Kevin Hutchins Ken Miller Bob Worrall
CEO Founder, CTO & SVP, Strategy & EVP, CFO SVP, CIO Instant Identification of Malware Quarantine of Systems
Chief Scientist Product Line Mgmt.
Threat Intelligence Spotlight Secure Integration
Founded 1996
HQ Sunnyvale, California Rich Reporting & Analytics Command-and-Control Data

Employees 9,500+ Track Record In Security


Summary Financials LTM Stock Performance “…in the domain of security, I think any sort of inorganic activity that we would contemplate or explore would
be more around the new modes of security...around enabling customers to migrate to public cloud or to hybrid
Share Price ($) $27.68 $33.00 cloud offerings without compromising their data, their users, their workloads. I think there's quite a bit of
$30.49 innovation right now in the industry in that domain” – Rami Rahim (CEO), 2Q17 Earnings Call
Mkt. Cap ($M) $10,526.9 $31.00
$29.46
EV ($M) $9,516.7 $28.61 Security Acquisitions (Since 2010)
$29.00 $28.18
$27.64
Date Target TV Date Target TV
LTM Revenue ($M) $5,200.8 $27.00 $26.34
$24.57 $26.45 08/31/17 NA 12/06/10 $100M
Cash ($M) $3,145.2 $25.00

EV / LTM Revenue 1.8x $23.00 02/01/13 $11M 07/27/10 $69M


$22.43
$21.00
EV / LTM EBITDA 7.9x Sep-16Oct-16 Nov- Dec- Jan-17 Feb-17 Mar- Apr-17 May- Jun-17 Jul-17 Aug-17
02/22/12 $83M
16 16 17 17
Source: Company Website, Pitchbook, and Capital IQ. Public Market Data as of September 1, 2017
118
Highlighted M&A
Transactions
acquires acquires acquires acquires acquires acquires acquires acquires

Dec. ’17 | $6.9B Dec. ’17 Nov. ’17 | $1.4B Nov. ’17 Nov. ’17 | $119M Nov. ’17 | $110M Nov. ’17 | $548M Oct. ’17 | ~$400M

acquires acquires acquires acquires acquires acquires acquires acquires

Oct. ’17 | $1.3B Oct. ’17 Oct. ’17 | $266M Sept. ’17 Sept. ’17 Sept. ’17 | $350M Aug. ’17 | $225M Aug. ’17 | $60M

acquires acquires acquires acquires acquires acquires acquires acquires


CYBER DEFENSE GLOBAL

Aug. ’17 | ~$150M Aug. ’17 Aug. ’17 Aug. ’17 | $950M Jul. ’17 | $50M Jul. ’17 Jul. ’17 Jul. ’17 | $200M

acquires acquires acquires acquires acquires acquires acquires acquires


open
systems
Jul. ’17 | $225M Jun. ’17 Jun. ’17 | $100M May ’17 | $42M Apr. ’17 Apr. ’17 | $215M Mar. ’17 | $614M Mar. ’17 | $325M

StackPath
acquires acquires acquires acquires acquires acquires acquires acquires

U.S. Federal Gov’t iDefense Security


Services Business Intelligence Services
Business

Feb. ’17 | $105M Feb. ’17 Feb. ’17 | $120M Feb. ’17 Jan. ’17 | $1.6M Jan. ’17 | $50M Jan. ’17 | $20M Jan. ’17 | $1.2B

Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Capital IQ, 451 Research & Pitchbook. Note: Palo Alto Networks / Light Cyber Deal Highlighted on Page 28.
Thales Group Acquires Gemalto
Acquisition Assists in Extending Thales’s Overall Capacity for Digital Identity and Data Security Technology.

Transaction Overview Gemalto Overview and Synergy Outlook


Delivers easy to use payment and enterprise security technologies and services to business and governments by
Date: 12/17/2017 authenticating identities and protecting data so that these entities stay safe and enable services in personal devices,
acquires connected objects, and the cloud in the scope of the internet of things.
Amsterdam,
HQ:
The Netherlands
Powering and Securing the Complete Critical Digital Decision Chain

Critical Decision Sensing and Data Transmission Data Processing and


acquires Founded: 2006 Chain Data Gathering and Storage Decision Making

Application Application
CEO: Olivier Piou Computing / Network & Connectivity
Sensors Connectivity Gateway Platform
& Big Data / & Analytics /
Critical Digital AI Platform AI
Decision Chain
TEV / LTM Rev: 1.8x

End-Point Protection Network Cloud and Data Protection


Example: IoT
Identity & Access Management $6.9 Billion Cyber-Security

Thales Group Acquisition History Transaction Commentary


Date Company Amount ($M) Date Company Amount ($M) ▪ “Together with Gemalto’s management, we have big ambitions based on a shared vision of the digital
transformation of our industries and customers. Our project will be beneficial to innovation and employment,
04/29/17 $215 02/21/13 NA whilst respecting sovereign strategic technologies. We have a tremendous respect for Gemalto’s technological
achievements, and our two Groups share the same culture and DNA.” — Patrice Caine, Chairman and Chief
Executive Officer, Thales Group
10/21/16 NA 02/21/13 NA
▪ “I am convinced that the combination with Thales is the best and the most promising option for Gemalto and the
most positive outcome for our Company, employees, clients, shareholders and other stakeholders. We share the
03/17/14 NA 12/18/08 NA same values and Gemalto will be able to pursue its strategy, accelerate its development and deliver its digital
security vision, as part of Thales.”— Philippe Vallée, Chief Executive Officer, Gemalto

Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
121
Blackstone Acquires Majority Stake In TITUS
Blackstone Will Help TITUS Expands Its Geographical Reach & Accelerate Its Innovation Strategy.

Transaction Overview Overview


Provides solutions that enable clients to discover, classify, protect and confidently share information, and meet regulatory
Date: 12/07/2017 compliance requirements by identifying and securing unstructured data. Also provides products that enhance DLP by
acquires classifying and protecting sensitive information in emails, documents, and other file types on any device

Enterprise Information Protection Industry Awards and Recognition


HQ: Ottawa, Canada
acquires Data Classification: From automated classification to user-driven
classification, TITUS Classification provides advanced and
Founded: 2005 flexible solutions to meet business needs

Discover: Comprehensive search function to find data where it Most Valuable 5-star Review And
resides including the network, Office 365, and cloud file shares Partner 2014 Recommended Product
CEO: Tim Upton (including OneDrive, SharePoint Online, Box, and Dropbox)

Mobile Data Security: Email classification and document security


solution for mobile devices that enables users to identify email
Data Security sensitivity, protect documents, and enforce sharing policies
One of the Fastest Growing
Canadian Companies
Cool Vendor in
User and Data Security

Customers Transaction Commentary


▪ “We are excited to combine Blackstone’s flexible capital and experience with TITUS market-leading solutions to
continue to transform data-centric security. With data breaches at an all-time high, each day brings another
example of the importance of protecting information.” — Viral Patel, Managing Director, Blackstone Tactical
Opportunities
▪ “Partnering with Blackstone will allow us to expand our geographic reach and to accelerate our innovation
strategy with the backing of one of the world’s leading investment firms.” — Tim Upton, CEO and co-founder
of TITUS

Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
122
Thoma Bravo Acquires Barracuda Networks
Acquisition By Thoma Bravo Will Accelerate Growth of Industry-Leading Security Platform.

Transaction Overview Barracuda Networks Overview


Barracuda Networks offers cloud-enabled solutions that enable customers to address security threats, enhance
Date: 11/27/2017 network performance, and protect and store their data

Products The Barracuda Difference


HQ: Campbell, CA
Single Source: One vendor for security, storage, application delivery solutions and support
frees your resources
acquires Founded: 2003 Network +
Application Security Unmatched Flexibility: Purpose-built hardware, efficient virtual appliances and convenient
cloud services let you deploy IT your way
CEO: BJ Jenkins Rapid Deployment: Renowned ease-of-use makes Barracuda products and services fast to
Email Security and set up and simple to manage
Archiving
TEV / LTM Rev: 3.8x No Hidden Fees: Simple, competitive pricing makes Barracuda products affordable with
no extraneous or unexpected costs

Network Security $1.4 Billion Data Protection


Human Support: Award-winning support available to customers 24x7

Barracuda (NYSE:CUDA) Price Performance Transaction Commentary


$30 ($ USD price per share) Deal Announced ▪ "We believe the proposed transaction offers an opportunity for us to accelerate our growth with our industry-
(November 27, 2017) $27.59 leading security platform that's purpose-built for highly distributed, diverse cloud and hybrid environments. We
$28
will continue Barracuda's tradition of delivering easy-to-use, full-featured solutions that can be deployed in the
$26 way that makes sense for our customers.” -BJ Jenkins, CEO, Barracuda
$24 ▪ "Barracuda is a proven industry leader, consistently bringing powerful, comprehensive solutions to customers in
$22 an increasingly prevalent, hostile, and complex threat environment. We believe that Barracuda is at the
forefront of innovation in several highly strategic areas of the cybersecurity market and are excited to be the
$20
company's partner in the next phase of its growth.” -Seth Boro, Managing Partner, Thoma Bravo
Jun-17 Jul-17 Aug-17 Sep-17 Oct-17 Nov-17 Dec-17

Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
123
McAfee Acquires Skyhigh Networks
McAfee’s Acquisition Of Skyhigh Networks Will Enhance & Boost Its Cloud Security Business.

Transaction Overview Skyhigh Networks Overview


Skyhigh Networks provides risk analysis SaaS for endpoint and cloud-based applications used by businesses to determine security
Date: 11/27/2017 threats. Platform helps businesses discover the services employees are using, analyze risk, and enforce security policies

Data Security For The Cloud Era Key Platform Features


HQ: Campbell, CA Identify: Enables complete visibility into data,
context, and user behavior across all cloud
services, users, and devices
acquires Founded: 2011
Control: Corrects policy violations and stops Unified Pre-Built Privacy User Behavior
Policy Engine Policy Templates Guard Analytics
security threats in real-time action deep within
cloud services
Total Raised: $106.5M
Protect: Applies persistent protection to
sensitive information / data wherever it goes
Policy Creation Cloud AI-Driven Guided
CEO: Rajit Gupta inside or outside the cloud Wizard Registry Activity Mapper Learning

Cloud Security Customers

Skyhigh Networks Funding Snapshot Transaction Commentary


Date Stage Amount Raised ($M) Investors ▪ “Skyhigh is an ideal complement to McAfee’s strategy—one focused on building and optimizing mission-critical cybersecurity
environments for the future. Cloud security has historically been an afterthought of, or impediment to, cloud adoption. With
Sept 2016 Series D $40.0
customers’ most valuable asset, data, increasingly finding residence in the cloud, it’s time security move to the forefront. At the
Jun 2014 Series C $40.0 same time, security cannot hinder cloud adoption, as the transformation the cloud promises extends far beyond the corridors of
IT to every facet of modern business.” – Christopher D. Young, CEO, McAfee
May 2013 Series B $20.0
▪ "We both want to create a world where enterprises can operate freely and securely to reach their full potential. As part of
McAfee, we will have access to even greater resources to accelerate delivery of Skyhigh’s product roadmap, further advancing
Apr 2012 Series A $6.5
our vision of making cloud the most secure environment for business.” —Rajiv Gupta, CEO, Skyhigh
Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
124
Warburg Pincus Commences Cash Tender Offer For Cyren
Warburg Pincus Has Commenced Offer To Purchase Up To 31.2M Ordinary Shares Of Cyren For $2.50 Per Share.

Transaction Overview Cyren Overview


Cyren Web Security provides a quick-to-deploy, easy-to-manage SaaS secure web gateway for businesses. Cyren’s multi-layered cloud
defenses protect users from advanced malware, ransomware, and phishing wherever they are, and on whatever device they may be
Date: 11/20/2017
using, while a powerful policy and reporting engine provides superior visibility and control of web usage

Block malware, phishing, ransomware, Protect any user, anywhere,


HQ: McLean, Virginia and malicious sites on any device
Stop zero-day threats and advanced evasive malware via cloud
Lower costs compared to security appliances
sandboxing
acquires Founded: 1991 Enforce web usage policies
Deploy and manage easily; SaaS delivery model enables
simplicity

Cloud-Wide Detection
CEO: Lior Samuelson
Cross-Vector Cross-Geo Real-Time
TEV / LTM Rev: 3.8x Full coverage of all internet threat Comprehensive view of global traffic ranging Leverage big data analytics, AI &
vectors including web, email & DNS across geographies, languages & protocols machine learning to identify threats
Web Security $119.3 Million

Transaction Commentary
▪ Warburg Pincus announced its intention to commence a Special Cash Tender Offer pursuant
to Israeli law to increase its ownership in Cyren, up to a maximum of 75% of Cyren's shares
▪ Warburg Pincus owns 21.3% of Cyren shares, following its previously announced purchase of
10.6M shares for $1.85 Exploits Bots Malware Apt
▪ The tender offer is conditioned upon a few things including:
- Cyren shares representing at least 5.0% of the issued and outstanding shares and voting
power of Cyren having been validly tendered
- German Federal Cartel Office has approved the purchase of the Cyren shares tendered
- 5,411,117 Cyren shares having been validly tendered and not properly withdrawn prior to Headquarters Branch Stores Factories Roaming Home Mobile Internet
the completion of the initial offer period Offices Employees Office Devices Of Things

Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
125
Proofpoint Acquires Cloudmark
Acquisition Will Better Protect Proofpoint’s Enterprise And ISP Clients With New Threat Intelligence Expansion.

Transaction Overview Cloudmark Overview


Cloudmark Security Platform for Email
Date: 11/07/2017 Cloudmark Security Platform is a high-performance, carrier-grade messaging security solution that automatically detects & mitigates all
categories of email abuse and threats across a service provider’s network.

HQ: San Francisco, CA

acquires Founded: 2001 Threat Intelligence Global Threat Network

Email Email

Total Raised: $39.0M Security Platform


SMS/MMS SMS/MMS
Protects Infrastructure

Blocks Threats
DNS DNS
CEO: Jason Donahue
Detects Anomalies

Messaging Security $110.0 Million Anti-Abuse Protection Highly Extensible Reduce Power Requirement Intelligent Flow Control
Features & Supports Authentication & Secure
External Data Source Integration Reporting and Analytics
Cloudmark Funding Snapshot Benefits Messaging Standards

Date Stage Amount Raised ($M) Investors Horizontally Scalable Flexible Policy Engine Unified Cluster Management

Mar 2010 Venture $23.0


Transaction Commentary
Sept 2004 Series C $11.0
▪ “We are excited to welcome Cloudmark’s ISP and mobile carrier customers to Proofpoint. By combining the threat
intelligence from Cloudmark with the Proofpoint Nexus platform, we can better protect all of our customers –
both enterprises and ISPs – from today’s rapidly evolving threats.” - Gary Steele, CEO, Proofpoint
Jul 2003 Series B $4.5
▪ Messaging has been the number one threat vector for years, but with ransomware and BEC, it’s never been a more
Dec 2002 Series A $0.5 urgent issue. We’re thrilled to be continuing our work to fight advanced threats in messaging as part of
Proofpoint.” - Jason Donahue, CEO, Cloudmark
Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
126
Synopsys Acquires Black Duck Software
Black Duck Will Strengthen Synopsys’ Ability To Push Security And Quality Testing, Reducing Risk For Customers.

Transaction Overview Black Duck Overview


Black Duck Hub
Date: 11/02/17
Identifies open source
throughout code base
HQ: Burlington, MA

Automatically maps open


acquires Founded: 2002 source in use to known open
source vulnerabilities

Total Raised: $98.2M


Flags policy violations and
Open Source enters your code from everywhere it is used, bringing
tracks remediation progress
diverse security vulnerabilities with it.
CEO: Louis Shipley
Automotive Financial Continuously monitors for
Federal
Application Security $548.0 Million + Connected Services & newly identified open source
Government
Vehicles FinTech vulnerabilities
Synopsys Security Acquisitions Summary Transaction Commentary
Date Company Amount Date Company Amount ▪ "We're excited to join an organization that shares our commitment to addressing security and quality issues at the
earliest phases of the software development process. Doing so will enable us to provide leading solutions that
11/02/17 $548M 05/28/15 NA enable customers to develop and deliver more secure and higher-quality software faster than ever before.“ – Lou
Shipley, CEO, Black Duck Software
11/07/16 $160M 04/20/15 NA
▪ "Development processes continue to evolve and accelerate, and the addition of Black Duck will strengthen our
11/07/16 $30M 02/19/14 $375M
ability to push security and quality testing throughout the software development lifecycle, reducing risk for our
customers. We look forward to working with Black Duck's experienced team as we drive our combined solution
11/06/15 NA
to the next level of value for our customers." – Andreas Kuehlmann, SVP and GM, Synopsys Software
Integrity Group
Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
127
Continental Acquires Argus Cyber Security
Continental Acquires Argus Cyber Security To Strengthen Its Capabilities In Automotive Cybersecurity.

Transaction Overview Argus Security Overview


Argus Protects Private And Commercial Vehicles, Fleets, Connectivity Platforms And Dealerships From Cyber Attacks
Date: 10/30/2017 With Advanced Cyber Security Solutions And Services.

Threat Analysis
HQ: Tel-Aviv, Israel About the Company
Risk Assessment
Argus is the world’s largest automotive cyber security company, integrating
acquires innovative computer networking and security methods with a deep
Founded: 2013 understanding of automotive practices Vulnerability Analysis

Code Review
Total Raised: $30.0M
Safety Without Recalls Car Hacking
Penetration Testing
Given the potential for physical harm to Works with private and commercial
motorists, passengers and property in OEMs, Tier 1s, fleet managers,
Incident Response
CEO: Ofer Ben-Noon case of a breach, Argus’ mission is to dealerships and aftermarket
maintain road safety and to prevent connectivity providers to defend
costly vehicle recalls against vehicle hacking Cyber Threat Intelligence

IoT Security ~$400.0 Million


Transaction Commentary
Argus Cyber Security Funding Snapshot ▪ “With the acquisition of Argus Cyber Security we are enhancing our abilities to directly develop and offer solutions
and services with some of the world's leading automotive cyber security experts to our customers around the globe
Date Stage Amount Raised ($M) Investors in order to truly make mobility more intelligent and secure.”– Helmut Matschi, Member of the Executive Board at
Continental
Sep 2015 Series B $26.0 ▪ “Argus was founded with a vision to protect all vehicles on the road from cyber threats. To this end we have
developed the most comprehensive automotive cyber security offering in the industry and enjoy global recognition
of our leadership. Joining forces with Continental and EB will enable us to further accelerate the realization of that
Sep 2014 Series A $4.0 vision.” – Ofer Ben-Noon, CEO, Argus Cyber Security

Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
128
Elliott Management Acquires Gigamon
Elliott Management Will Drive Gigamon’s Long-Term Growth Through Product Development.

Transaction Overview Gigamon Overview


Gigamon provides network visibility and data traffic management software. It provides stronger security and
Date: 10/26/2017
acquires performance by offering active visibility into data-in-motion network traffic – allowing security, network, and
application management services to operate more efficiently and effectively.
HQ: Santa Clara, CA
Visibility Platform Features Platform Benefits Industry Solutions
acquires Founded: 2004 Automated Traffic Insight: Enhances
and secures software-defined data
center (SDDC)
CEO: Paul Hooper
Speed: Visibility-powered virtualization
Financial
boosts data center agility and scale Services
Healthcare
EV / LTM Revenue: 4.4x
Low downtime: Intelligent traffic
Manage and Full Maximizes management prevents data center
automate transparency of performance of downtime
Network Security $1.6 Billion network traffic what is security tools
happening on Software-defined visibility: Complete Technology
Public Sector
network visibility of software-defined networks
Gigamon (NYSE:GIMO) Price Performance
($ USD price per share)
Transaction Commentary
$43.00 ▪ "This transaction represents a unique opportunity to invest in the industry-leading visibility solution in a product
category that is critical to enterprise security… Working alongside our team of operating executives, we look
$38.00 forward to supporting the Company to drive long-term growth through continued product development,
$36.15 investment in the Company's large community of channel partners and exploring acquisitions to further bolster
$33.00 Deal Announced innovation.” – Isaac Kim, Managing Director of Evergreen (Elliot’s private equity arm)
(October 26, 2017)
▪ “Elliott and Evergreen have deep technology experience and share our long-term vision for next-generation
$28.00
traffic visibility across on-premises, cloud and hybrid infrastructure.” – Paul Hooper, CEO of Gigamon
Jan-17 Mar-17 May-17 Jul-17 Sep-17 Nov-17

Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
129
Booz Allen Hamilton Acquires Morphick Cyber Security
The Acquisition of Morphick Extends And Complements Booz’s Existing Cyber4Sight Threat Detection Service.

Transaction Overview Morphick Cyber Security Overview


Proactive Threat Hunting Services

Date: 10/20/2017 Incident Response Services Managed EDR Compromise Assessment

▪ Iterative Incident Response Process: SCOPE, CONTAIN, ANALYZE, ▪ Managed by 24/7 Threat Intelligence Center Experts
HUNT ▪ Delivers complete analysis of all endpoints and identification of
HQ: Cincinnati, Ohio ▪ Immediately deploys NSA-CIRA Accredited Incident Responders to compromised systems
quickly assess the situation ▪ Technology Deployment, Threat Identification, and Actionable
▪ Implement a comprehensive approach to address the full extent Recommendations over a 6-week period
and impact of an attack
acquires Founded: 2015
Threat Hunting / Malware Reverse Engineering Security Defense

▪ Merger & Acquisitions Threat Assessment: Preventative threat ▪ Application & Network Security Architecture Tests
Total Raised: $10.0M assessment services as part of the due diligence process ▪ Compromise Assessment
▪ Threat detection system that learns progressively to proactively ▪ Network Security Visibility Assessment
identify breaches faster ▪ Incident Response Readiness Assessment

CEO: Brian Minick Morphick Defense Platform


▪ Advanced Threat Detection & Response ▪ Morphing Defense Postures (Learn & Morph)
▪ Unparalleled Visibility ▪ Incident Response
▪ Dynamic Detection ▪ Reverse Engineering & Proactive Threat Hunting Services
MSSP ▪ Tailored Threat Intelligence

Transaction Commentary
Morphick Funding Snapshot ▪ “The talented teams at Booz Allen and Morphick share a common point of view: cyber defense is not a compliance only activity.
This is a multi-dimensional, quickly evolving threat requiring much more than automated, one-size-fits-all services. We’re pairing
Date Stage Amount Raised ($M) Investors Morphick’s leading platform and approach with Booz Allen’s reach and expertise in advanced cyber defense services – a move
that anticipates the client need for protection from the most advanced cyber threat actors.” – Brian Minick, CEO of Morphick

Sep 2015 Series A $10.0 ▪ “Morphick complements Booz Allen’s current managed threat intelligence service, Cyber4Sight – helping clients use their insight
into adversaries to better detect and respond to attacks. Morphick will initially support the firm's commercial clients, and in the
future, the capabilities will extend to support other client demands.” – Booz Allen Hamilton’s Press Release

Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
130
Guidewire Acquires Cyence
Transaction Will Assist Insurers in Addressing and Underwriting Modern Risks Through New Data-Based Service.

Transaction Overview The Cyence Approach to Risk


Cyence combines data science, cybersecurity, & economics into a unique analytics platform that quantifies
the financial impact of cyber risk
Date: 10/06/2017

HQ: San Mateo, CA The Cyber Risk The The Economic The Data
Modeling People/Process Modeling Collection
Challenge Challenge Challenge Challenge
acquires Founded: 2014 ▪ Cybersecurity is not just a ▪ Cyber events are driven ▪ A comprehensive economic ▪ Cyence created a diverse
technical problem but a by human & behavioral model can accurately and scalable data factory
business risk factors, however, predict cyber risk to accurately and non-
▪ Challenges in building a technology must also be ▪ Insurers need to understand invasively collect human
Total Raised: $40.0M cyber risk model is data, analyzed alongside people the organization’s many and machine data
analyzing people & and processes for an possible threats & their ▪ This continually evolving
processes & economic accurate assessment of impact in dollars and behavioral and technical
modeling risk probabilities data drives the Cyence
CEO: Arvind Parthasarathi risk models

Transaction Commentary
Risk & Compliance $266 Million ▪ "Cyence is an exceptional technology company that, like Guidewire, focuses on serving the strategic needs of the P&C
industry. While Guidewire has focused on core operations, data management, and digital engagement, Cyence applies
expertise in data science and machine learning to the modeling needs of insurance product design, pricing, and
Cyence Funding Snapshot underwriting for 21st century risks. As traditional actuarial approaches struggle to address the unique characteristics of
emerging risks like cyber, Cyence’s next-generation approach will enable insurers to broaden the scope and value of the
Date Stage Amount Raised ($M) Investors
products their policyholders need.“ -Marcus Ryu, Co-Founder & CEO, Guidewire Software
▪ "Cyence started applying our data science engine to cyber risk given the significant demand from the insurance industry
Sep 2016 Venture $40.0 on what is an existential threat for their insureds. We are excited by the opportunity to power our approach with
operational data and policy lifecycle support from Guidewire’s core systems and to join forces with the technology leader
serving the P&C insurance industry.“ -Arvind Parthasarathi, Co-Founder & CEO, Cyence

Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
131
Google Acquires Bitium
Google Cloud Will Deliver Comprehensive Solution for Identity & Access Management to Its Enterprise Customers.

Transaction Overview Bitium Overview


Bitium aims to give growing companies the ability to manage access to all of their web-based applications — including
Date: 9/26/2017 Google Apps & Office 365, social networks & CRM, collaboration & marketing tools — in one place, without hindering
acquires employee adoption of these applications

HQ: Santa Monica, CA


The Bitium Difference
acquires Provides cloud-based identity and access management solutions, including single sign-on, password management and analytics for
small, medium and enterprise businesses.
Founded: 2012
Security Flexibility Easy of Use
Visibility into all apps and users provides Adaptability around changes in directory An easy-to-adopt service with world-class
CEO: Scott Kriz organizations with the intelligence infrastructure, new apps and an support reduces cost and IT burden while
required to increase security increasing user base delivers better agility increasing efficiency

Identity & Access Management ***_

Federation & Credential App Directory Secure User Provisioning Reporting &
Bitium Funding Summary Single Sign-On Management Management Integration Access & Deprovisioning Compliance
Date Stage Amount Raised ($M) Selected Investors
Transaction Commentary
Aug 2016 Series A-1 $6.0 ▪ “With the acquisition of Bitium, Google Cloud will gain capabilities to help us deliver on our Cloud Identity vision. Our
enterprise customers want a comprehensive solution for identity and access management and SSO that works across
their modern cloud and mobile environments. Bitium helps us deliver a broad portfolio of app integrations for
Feb 2014 Series A $6.5
provisioning and SSO that complements our best in class device management capabilities in the enterprise. As we add
Bitium’s capabilities, we’ll continue to work closely with our vibrant ecosystem of identity partners so that customers are
Aug 2013 Seed $2.4 able to choose the best solutions to meet their needs. - Karthik Lakshminarayanan, Director, Product Management, G
Suite and Cloud Identity

Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
132
Marlin Equity Partners Acquires Appriver
Marlin Partners With AppRiver To Help Strengthen Their Product Offering & Expand Their Geographical Footprint.

Transaction Overview AppRiver Services


Spam & Virus Web Email Secure Hosted Email
Date: 9/25/2017 Protection Protection Encryption Exchange Continuity
acquires
SecureTide® keeps your SecureSurf constantly CipherPost Pro ensures Secure Hosted Exchange Effective way to protect your
HQ: Gulf Breeze, FL email free of spam and monitors outbound traffic your message remains service gives you control of company from costly email
viruses. 99% of unwanted and will send you Automatic encrypted all the way to your email system without outages
messages never reach your Threat Notifications instantly the recipient the complications & expense
acquires Founded: 2002 inbox of managing servers

Email
Employees: ~220 Office 365 Migration DNS Hosting Email Threat
Archiving &
Plus Services Plus Intelligence
Compliance
CEO: Michael Murdoch With Office 365 Plus, you Store your business records Complete migration Partnered with Akamai to Customizable, consultative
get expert migration securely and retrieve them solution will move calendar, put our customers' DNS service offered to
assistance along with easily contacts, emails, tasks, records on thousands of organizations that want to
Email & Web Security Phenomenal Care® journals, and notes from
one system to another
servers worldwide build or reinforce their cyber
defense capability

Marlin Equity Cybersecurity Portfolio Transaction Commentary


Date Target Amount ▪ “In a world with new and complex cybersecurity threats emerging daily, small and medium-sized businesses are increasingly
looking to AppRiver as a trusted partner to keep their businesses productive and their information secure. We are excited to
9/25/2017 NA
mark a new chapter in AppRiver’s growth by partnering with Marlin and leveraging its extensive sector expertise and operational
resources to further strengthen our product offering and expand our geographical footprint.” - Michael Murdoch, CEO & Co-
5/12/2015 NA Founder, AppRiver

▪ “We are thrilled to partner with AppRiver & build upon its deep and long-standing customer relationships that have been
4/14/2015 $200M
established through a superior product offering and commitment to world-class support. AppRiver is ideally positioned to lead
and innovate in today’s security-conscious environment as businesses of all sizes continue to transition to a cloud-based
7/7/2014 $170M
deployment model.“ Peter Chung, Principal, Marlin Equity Partners

Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
133
SAP Acquires Gigya
Gigya Will Help SAP Hybris To Better Profile Individuals Across Different Channels.

Transaction Overview Gigya Overview


Gigya’s Customer Identity Management Platform Gigya's Enterprise Platform Features
Date: 9/24/2017 Web Scale Performance Privacy & Compliance
acquires CIAM platform accommodations Centralizes management of
millions of identities & billions consumer data with single
of data points end to end solution

HQ: Mountain View, CA Easy to Manage & Comprehensive &


Administer Intelligent Security
Features advanced
acquires Saves time & resources while
offering max flexibility authentication, encryption &
DDoS protection
Founded: 2006 Featured Customers
Connect Collect Convert
Registration-as-a- Profile, Preference Customer Insights,
CEO: Patrick Salyer Service, & Privacy ETL & Identity
Authentication & Management Exchange Platform
Federation
Identity & Access Mgmt. $350.0 Million
Gigya’s platform enables businesses to identify and engage customers across devices; consolidate data into rich, privacy-compliant
Gigya Funding Summary customer profiles, and integrate data into marketing and service applications to provide better services, products and experiences
Date Stage Amount Raised ($M) Selected Investors
Transaction Commentary
Nov 2014 Series F $35.0
▪ “The idea will be to integrate those features into SAP’s wider e-commerce operation to expand the kinds of services it offers to existing
Sep 2013 Series E $25.0 customers, and to help sell more e-commerce services to Gigya’s base.” –Techcrunch

Jun 2012 Series D $15.4 ▪ “Gigya brings a wealth of skills and expertise that will significantly enhance the SAP Hybris Profile solution & allow us to take leadership
of the emerging customer identity and access management market.” -Carsten Thoma, President and Co-founder of SAP Hybris
Mar 2011 Series C $16.0
▪ “This is a vital step for digitalizing businesses because companies need to be able to draw accurate conclusions seamlessly across all
Mar 2008 Series B $9.6 channels, including web, mobile, in-store or connected devices, and the Internet of Things, as well as collect data about consumer
preferences. Together we are well positioned to drive more effective marketing, sales and service through data, while the customer stays
Feb 2007 Series A $4.0
in control of how much data is shared.” -Patrick Salyer, CEO of Gigya

Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
http://fortune.com/2017/09/25/gigya-sap-hybris-israel/ 134
K1 Acquires SecureAuth & Merges With Core Security
Core Security + SecureAuth Brings Together Network, Endpoint, Vulnerability, & Identity Security.

Transaction Overview Company Overview

Develops identity and access management software that utilizes adaptive authentication to provide
Date:
acquires9/20/2017 innovative secure access control solutions for cloud, mobile, web, and VPN systems. Solutions include
identity and access security, endpoint, network, and threat detection.
HQ: Irvine, CA
SecureAuth IdP Benefits SecureAuth Cloud Access Features
merges with
Founded: 2005 Single Sign-on

Multi-layered Multi-Factor Secure, Rapid


CEO: Jeff Kukowski Protection Authentication connectivity Multi-Factor Authentication

Identity & Access Mgmt. Software $225.0 Million


Hybrid Cloud / On-Prem
Behavioral Non-disruptive Infinite
Funding Summary Biometrics User Experience Workflows
Date Stage Amount Raised ($M) Selected Investors

$5.0
Transaction Commentary
Sep 2017 Series E
▪ “SecureAuth is merging with Core to create one of the industry’s only security companies that incorporates
Jan 2016 Series D $9.0
identity with network, endpoint and vulnerability detection.” – Jeff Nolan, CMO at SecureAuth
Aug 2014 Series C $13.2 ▪ “The security industry must deliver an integrated and relevant approach to our customers. Despite the
incredible amount of money spent on security technology…We can now deliver an entirely new approach to
Nov 2013 Series B $4.1 integrating security operations and deploying advanced machine learning to achieve real automation in the
SOC (Security Operations Centers).” – Jeff Kukowski, CEO of SecureAuth
Jul 1997 Seed Round $0.6 Undisclosed

Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
135
Forcepoint Acquires RedOwl
RedOwl’s Analytics Will Bolster Forcepoint’s Existing Cybersecurity System and Other Technologies.

Transaction Overview RedOwl-Forcepoint Integration Overview


RedOwl’s UEBA platform uniquely enables users to rapidly integrate new, complex data sources, apply powerful
behavioral analytics that look at the behaviors of people & help understand intent across both security & compliance
Date: acquires
8/28/2017
▪ Forcepoint can now ingest multiple data
sources – including structured and
HQ: Baltimore, MD unstructured data (i.e. databases, HR
acquires Software, Salesforce)

Founded: 2011 ▪ Forcepoint can now draw correlations


that legacy DLP wouldn’t let you do &
can analyze and build a view of what
“good” and “safe” look like
CEO: Guy Filippelli
▪ When something falls out of a normal
profile, like accessing data at odd times,
UEBA or from odd locations, Forcepoint can
raise the awareness & automatically adapt
protection to the appropriate risk level
RedOwl Funding Summary
Date Stage Amount Raised ($M) Selected Investors Transaction Commentary
▪ “This latest milestone in Forcepoint’s human point strategy arms customers with cybersecurity systems it designed for the
Jun 2015 Series B $17.5 reality of today’s threats. RedOwl brings a sophisticated analytics platform to Forcepoint’s human-centric cybersecurity
system and will be integrated across our portfolio, as well as with customers’ existing technologies (e.g. SIEM).” –
Forcepoint Press Release
Jun 2014 Series A $11.0
▪ “With Forcepoint, our platform will become part of a suite that enables companies to build world class human-centric
security and compliance programs, our entire team will transition into a global organization with tremendous growth
Apr 2013 Grant $0.1 opportunities for each employee, and our current customers will feel the force of an entire enterprise of technologies
and people to accelerate the deliver of mission-critical capabilities.” – Guy Filippelli, CEO, RedOwl

Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
136
Warburg Pincus Acquires Majority Stake In eSentire
Warburg’s “Significant Equity Investment” Will Be Used To Grow The Business & Expand Its Services To Customers Globally.

Transaction Overview eSentire Overview


eSentire MDR is an all encompassing service that integrates the best of signature, behavioral and anomaly detection
capabilities with a rich suite of forensic investigation tools that enable our security analysts to block threats in real-time
Date: acquires
08/21/2017
esNETWORK
Real-time network threat
HQ: Cambridge, Ontario detection & prevention
acquires majority stake in esARTEMIS Security Operations Center
esENDPOINT
Fully-integrated platform built 24/7 white-glove security service
Next-gen endpoint protection
Founded: 2011 & threat detection
to identify, investigate, & supplements the technology for a
respond to threats comprehensive security solution

esLOG
CEO: J.Paul Haynes Log management for MDR

Dedicated Security Strategist Health Check


Managed Detection & Response ~$150.0 Million Penetration Testing &

Virtual CISO
Vulnerability
Risk Assessment
Vulnerability Assessments Phishing Campaigns Executive Briefings Security Policy Guidance (SPG)

Mgmt.
Assessments to identify
Tailored assessments Simulated attacks based
unknown, active exploits
eSentire Funding Summary based on business &
regulatory requirements
within the network
on custom themes Security Program Maturity Assessment (SPMA)

Security Incident Response Plan (SIRP)


Date Stage Amt Raised ($M) Selected Investors

Private
Transaction Commentary
Aug 2017 Undisclosed
Equity ▪ “With the ever-increasing complexity around cybersecurity and scarcity of security talent, more companies are
seeking comprehensive managed services that proactively detect and respond to cyber threats in real time.”
Feb 2016 Series D $19.5
▪ “eSentire provides the most complete suite of technologies and services in the MDR market and has
experienced industry-leading growth and impressive customer satisfaction. We are excited to partner with
Sep 2014 Series C $14.0
management to support the Company’s continued expansion and help them serve the complex cybersecurity
needs of their customers.”
Jul 2013 Series B $7.0
- Cary J. Davis, Managing Director, Warburg Pincus.

Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
137
Webroot Acquires Securecast
Acquisition Will Help Businesses Reduce The Risks And Costs Of Cyber Threats With End User Education.

Transaction Overview Security Awareness Training Beta Overview


Security Awareness Training gives you the tools you need to successfully and effortlessly manage
Date: 8/15/2017 security awareness campaigns with maximum impact for the end user

Phishing Security Awareness Contact Reporting


HQ: Portland, OR Simulation Training Management Center
acquires ▪ Simulation Mgmt. Wizard ▪ Training Campaign ▪ Contact import using ▪ Phishing Campaign Statistics
Management Wizard CSV or web based form
Founded: 2015 ▪ Contact Manager ▪ Report Exports
▪ Contact Manager ▪ Use tags to group
▪ Phishing Email Templates ▪ Per-User Action Reports
contacts by client or
▪ Training Email Templates
▪ Phishing Lure Templates business unit
CEO: Daniel Fox ▪ Comprehensive Course
▪ Phishing Educational ▪ Send training and
Library (coming soon)
Templates phishing to group
Security Awareness ▪ Integration with Training
▪ Reporting Center Tracks
Completion and Quiz Scores
Courses
Webroot Security Acquisition History ▪ Reporting Center

Date Company Date Company Transaction Commentary


▪ “With an easy-to-use platform, Securecast quickly became a solution preferred by MSP service providers. Teaming up with
Webroot, the leader in cybersecurity solutions for MSPs, is the best move for our solution and the MSP community.” – Daniel
08/15/2017 08/31/2010
Fox, Co-Founder and CEO, Securecast

▪ “The human factor is a consistent weakness in overall cyber defenses, and security awareness training is the only solution. As
09/19/2016 07/07/2010 cyberattacks like phishing become increasingly sophisticated, users are exposed to a variety of hidden threats that will
compromise their own data along with their employer’s data. Building on Securecast, Webroot will offer our MSP partners the
security awareness training they need to address this evolving threat landscape, and build a profitable new line of business.” -
EmailSystems
11/1/2010 03/10/2010 Chad Bacher, SVP of Product Strategy and Technology Alliances, Webroot
Scandinavia AB

Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
138
BlueteamGlobal Acquires BitVoyant, K2 Cyber Defense, & K2G Global
BlueteamGlobal Raises $125M and Acquires Three Companies.

Transaction Overview BlueTeamGlobal Overview


BlueteamGlobal will provide Advanced Cyber Threat Intelligence for large companies and Managed Cyber
Security Services for smaller businesses
Founders & Board Members Other Senior Team Members Include
▪ Advanced cyber threat intelligence will be led by Daniel Ennis,
former Director of the NSA's Threat Operations Center, and Ron
Feler, formerly Deputy Commander of the Israel Defense Forces'
Unit 8200.
acquires ▪ Deep and dark web intelligence will be led by Gad Goldstein, who
served as a division head in the Israel Security Agency
Jim Rosenthal Tom Glocer Gad Goldstein Jules Kroll Nadav Zafrir ▪ Managed security and professional services will be led by Austin
Founder & Founder & Board; Division Board; Chairman Board;
Berglas, former head of the FBI's New York Cyber Branch, and Milan
CEO Executive Head In The Israel and Co-Founder of CEO Team 8
Chairman Security Agency K2 Intelligence Patel, former CTO for the FBI, Cyber Division
▪ Chairman of the business in Europe will be Lord Mandelson, former
Founded: 2017 European Trade Commissioner and British First Secretary of State
▪ Robert Hannigan, former director of GCHQ, the UK intelligence
Locations: New York, Washington D.C., London, Madrid, & Tel Aviv service, will head the company's European Advisory Board.
Threat Intelligence MSSP Threat Intelligence
Funding Summary
BlueteamGlobal Acquisition Summary Date Stage Amount Raised ($M) Selected Investors

Aug 2017 Private Equity $125.0 Institutional And Individual Investors


Company Company Description
BitVoyant delivers advanced cyber threat intelligence & Transaction Commentary
alerts to companies, covering their businesses and their
ecosystems ▪ "In my role at Morgan Stanley, I spent considerable time focused on cybersecurity issues, working with Tom – as the
security lead on Morgan Stanley's board – to build out an elite team to protect the firm against advanced attack
K2 Cyber Defense is a business line that delivers
managed security and professional services, incident
techniques – in the same way that the national security agencies take on that role for the U.S. government.
response, and investigations to its corporate clients BlueteamGlobal will provide the same kind of expertise and intelligence to companies around the world.“ – Jim
Rosenthal, CEO, BlueteamGlobal
K2G delivers an ongoing analyzed and curated stream
of Dark Web Cyber Threat Intelligence to its corporate ▪ "Over the course of my career in IT, cyber threats have evolved from technology-adept amateurs to sophisticated
clients nation states and criminals. BlueteamGlobal will deliver threat intelligence and defense capabilities to address the
current generation of advanced persistent threats.“ –Tom Glocer, Executive Chairman
Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
139
DigiCert Acquires Symantec’s Website Security Business
Deal Will Expand DigiCert’s Expertise to Lead the Next Generation of Global Website Security.

Transaction Overview Overview


Symantec’s SSL/TLS certificates promise enterprise-class strength, 100% root ubiquity in today’s browsers, and industry-recognized
support from the most established Certificate Authority in the world, formerly from VeriSign
Date: acquires
8/03/2017
Symantec SSL/TLS Certificate Validation
Domain Validation Organization Validation Extended Validation
HQ: Mountain View, CA
Works well for situations where
Displays the final vetted company
acquires trust and credibility are less
information for visitors, making
Delivers the highest level of visitor trust
important because the site is not through strictest authentication
the ownership of site much more
Founded: 1982 customer-facing (internal server,
mail server)
reliable
standards

Symantec SSL/TLS: Benefits Beyond the Certificate


CEO: Greg Clark

Norton Secured Seal Seal-in-Search Daily Malware Scanning 24/7 Customer Support
Web Security $950.0 Million The #1 most recognized trust The Norton Secured Seal adds Built into every Symantec SSL/TLS Professionals are there whenever
mark on the web power to brand & click-through certificate for added protection you need help
rates against malicious infections

Key Milestones
Transaction Commentary
▪ VeriSign originally sold off its SSL/TLS Security
▪ Total purchase price: $950.0 million in cash and 30% stake in DigiCert
Certificate business unit to Symantec for $1.3
▪ “Transitioning our Website Security and related PKI solutions to DigiCert allows us to sharpen our enterprise focus on
billion in 2010 delivering unparalleled protection for the cloud generation through Symantec’s Integrated Cyber Defense Platform.”- Greg
Clark CEO, Symantec
▪ Thoma Bravo (private equity) took a majority
▪ “DigiCert is committed to providing the market with innovative products, the highest level of trust, and experienced
stake in DigiCert in 2015 for an undisclosed leadership in the SSL and PKI community. We are excited about the opportunities ahead, and will work toward a smooth
amount transition for customers and Symantec’s Website Security employees.” – John Merrill, CEO of DigiCert

Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
140
Rapid7 Acquires Komand
Acquisition of Komand Will Expand Rapid7 Insight Platform To Automate Reponses To Security Threats.

Transaction Overview Komand Overview


Komand is a security orchestration and automation platform that gives security teams the power to quickly
acquires automate and streamline security operations, with no need for code. It contains more than 45 plugins to integrate
Date: 7/18/2017
tools, as well as a growing list of over 100 actions and tasks that can be automated.

Connect Your Tools Build Dynamic Workflows Utilize human decisions


HQ: Boston, MA
acquires Create powerful machine-to- Add human decision points
Seamlessly connect all to allow you and your team
machine security automation
existing security tools with to provide expert insight
Founded: 2015 a library of plugins
with connect-and-go
when responding to security
workflows, no code necessary
threats

Respond to Threats Faster Save Time and Energy Improve Operational Efficiency
CEO: Jen Andre
Komand helps to
Komand utilizes your
Komand empowers your streamline security
team’s expertise to analyze
Security Orchestration $50.0 Million team to respond faster and
and decide, not manually
processes which make
with detailed analysis your team more efficient
fetch data
and productive

Komand Funding Summary Transaction Commentary


▪ “When we defined the Komand mission, there was one goal: help under-resourced security and IT teams better
Date Stage Amount Raised ($M) Selected Investors
leverage what they have at their disposal. Rapid7 has demonstrated that they share this vision, made evident by
their commitment to the security and IT communities.” – Jen Andre, CEO, Komand
Jan 2017 Seed $1.3 Mike Egan
▪ “The need for well-designed security and IT automation solutions is acute; resources are scarce, environments are
Nov 2015 Undisclosed
becoming more complex, all while threats are increasing. Security and IT solutions must evolve through context-
Seed
driven automation, allowing cybersecurity and IT professionals to focus on more strategic activities.”
- Corey Thomas, President & CEO, Rapid7
Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
141
Cisco Acquires Observable Networks
Acquisition of Observable Networks Will Support Cisco’s Strategic Transition Toward Software-Centric Cloud Solutions.

Transaction Overview Observable Networks Overview


Observable Networks provides network security technology and threat detection services that identify
compromised and misused networked devices. It offers continuous device profiling technology, which includes a
Date: acquires
7/13/2017 cloud-based service platform incorporating automated security analytics and real-time traffic sensors to
continuously model all devices on networks all the time.

HQ: St. Louis, MO


acquires Simplify Security Efforts And Gain Complete Complete Security For Legacy, On-premise, Comprehensive Security For Industrial
Visibility In Public Cloud Environments Or Hybrid Networks Control Systems

Founded: 2011 ▪ Ensure security in VPCs & public cloud ▪ Understand normal behavior for devices ▪ Enables operators to monitor & control
industrial processes
▪ Uses flow logs & cloud data as inputs ▪ Not dependent on threat signatures
▪ Overcomes legacy industrial control
▪ Platform-agnostic: Works with any cloud ▪ Successfully overcomes end-to-end systems challenges
environment, including hybrid infrastructure encryption security challenges
▪ Full management of Suricata IDS,
CEO: Bryan Doerr ▪ Integrates with AWS & Microsoft Azure ▪ Minimizes false positive alerts by including automatic definition updates
generating only amount of alerts required
to accurately report on a network’s activity
Deeper Security Intelligence Cloud Platform Managed Services Agility Saas Subscription Dynamic Endpoint Modeling 100% Endpoint Agnostic
Network Security
All Networks Sizes And Types DEM Passive Network Sensor Management Dashboard Omniview Visibility Robust System Security Flexible Integration Stack

Observable Networks Funding Summary Transaction Commentary


Date Stage Amount Raised ($M) Selected Investors ▪ “Together, Cisco and Observable Networks will extend our Stealthwatch solution into the cloud with highly
scalable behavior analytics and comprehensive visibility. On the heels of the unveiling of our new intent-based
Convertible
May 2016 $2.0 network, this acquisition reaffirms Cisco’s commitment to providing unparalleled security solutions for our
Debt
customers and partners.” - Rob Salvagno, Head of M&A, Cisco
May 2014 Series A-1 $2.5 ▪ “This deal is significant not only because it underscores the ongoing interest in security solutions and
subsequent consolidation in that area. It also highlights the fact that Cisco is continuing to build up its business
Aug 2013 Series A $0.6 in applications and cloud services as more companies move their businesses into cloud-based or hybrid
architectures.” – TechCrunch
Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
142
HyTrust Acquires DataGravity
Acquisition of DataGravity Will Further Automate & Enhance HyTrust’s Security Policy Enforcement For Workload Data.

Transaction Overview DataGravity Overview


DataGravity provides data-aware solutions that deliver data classification, analytics, actionable insights and security for workload
data. IT professionals can quickly and easily visualize the who, what, when and where regarding their data and reduce risks,
Date: 7/11/2017 increase productivity and drive organizational success.

DataGravity for Availability DataGravity for Virtualization


▪ Search across all backups jobs and VMs for content ▪ Gain a 360° view of data to easily visualize, search and discover
HQ: Nashua, NH ▪ Proactively defend data against suspicious user activity ▪ Continuously monitor, detect, and proactively report back data
concerns
acquires ▪ Combines multiple data sources to monitor and analyze people,
content, and activities over time ▪ Audit file and user activities by tracking all interactions within VMs
▪ Data classification tools identifies where data resides ▪ Monitors users interactions and triggers data protection points when
Founded: 2012 ▪ Create content policies to proactively manage data anomalous user behavior is detected

Visualize, Search,
Discover
CEO: Paula Long File Count File Distribution With Sensitive Office Macros or
Activities
Identify & Secure
By Category By Size Data Risk Dangerous Data Sensitive Data
File Metadata Inputs Outputs
Active Directory Audit File &
Content User Activities
Data Security VM DGfV Achieve Behavior
Ransomware Dormant Data Tags Discovered Activities
Based Protection

Data Gravity Funding Summary Transaction Commentary


Date Stage Amount Raised ($M) Selected Investors ▪ “The acquisition will accelerate the expansion of HyTrust’s platform capabilities and capitalize on the high-
growth cloud security market. DataGravity’s data discovery and classification capabilities support HyTrust’s
Dec 2014 Series C $50.0
mission to deliver a security policy framework that provides customers with full visibility, insight and
enforcement of policy across workloads.” - Eric Chiu, Co-Founder and President, HyTrust
Jan 2013 Series B $30.0
▪ “The expansion of HyTrust’s workload security platform with the new data discovery and classification
capabilities from DataGravity will help solve some of these organizations’ data security and compliance
Jan 2012 Series A $12.0 challenges in cloud deployments.” - Dave Shackleford, Founder, Voodoo Security & SANS Institute Instructor

Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
143
Symantec Acquires Skycure
Acquisition of Skycure Will Enhance Symantec’s Endpoint Protection Solutions For Enterprise Mobile Device Security.

Transaction Overview Skycure Overview


Skycure's predictive technology uses a layered approach that leverages massive crowd-sourced threat intelligence,
in addition to both device- and server-based analysis, to proactively protect enterprise mobile devices from
Date: 7/11/2017 malware, network threats, and vulnerability exploits.

Malware Network Vulnerability Physical


HQ: Palo Alto, CA Defense Defense Defense Defense
acquires ▪ Multi-layered detection ▪ Instantly checks new ▪ Continuously monitors ▪ Tight integration with all
and analysis network connections platform integrity EMM vendors
Founded: 2012 ▪ Crowd-sourced intelligence ▪ Identify legitimate & ▪ Machine learning assists ▪ Bi-directional
malicious networks
▪ On-device detection and in anomaly detection communications about
app analysis ▪ Under Attack: Automatically and behavioral profiling device compliance for
stop communicating with
CEO: Adi Sharabani ▪ Use Mobile App sensitive resources ▪ OS Upgradability feature policy enforcement
Reputation Service ▪ Secure Connection Informs IT teams of ▪ Provides limited MDM
strategies to determine risk Protection encrypts all available security functionality when no
Mobile Security $200.0 Million ▪ Block installation of communications during an updates before Apple EMM is in place
suspicious apps attack and Google

Skycure’s Funding Summary Transaction Commentary


Date Stage Amount Raised ($M) Selected Investors ▪ “One of the most dangerous assumptions in today’s world is that iOS and other mobile devices that
employees bring into the office are safe, but the apps and data on these devices are under increasing attack.
Jul 2016 Series B $16.5 We believe that tomorrow’s workforce will be completely mobile and will demand a cyber defense solution
that travels with them.” - Greg Clark, CEO, Symantec
Mar 2015 Series A $8.0
▪ “Customers want mobile security solutions that are easy to deploy and manage, and our threat protection
technology offering complements Symantec’s leading endpoint protection solutions, making it easier for
Nov 2012 Seed $3.0 companies to embrace BYOD.” - Adi Sharabani, Co-Founder and CEO, Skycure

Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
144
Symantec Acquires Fireglass
Fireglass’ Isolation Technology Will Strengthen Symantec’s Integrated Cyber Defense Platform.

Transaction Overview Fireglass Overview


Fireglass virtualizes web browsers in a secure disposable container which confines any malicious activity. Each browsing session
is rendered in real-time, and the only thing sent to the endpoint is a visual representation of the actual web content
Date: acquires
7/6/2017
Web Isolation Document Isolation Email Isolation
▪ Potentially malicious content is executed ▪ Access documents without downloading ▪ Prevent phishing delivered via links in emails
remotely ▪ Sanitize files and remove any exploitable ▪ Integrates with standard email servers
HQ: Tel Aviv, Israel ▪ Blocks users from sharing sensitive information elements ▪ Redirect email links through Fireglass
▪ Safe access to uncategorized and risky websites ▪ Download safe versions of documents
acquires ▪ Neutralizes malware on infected devices ▪ Control file download through policy
platform
▪ File attachments saved securely through
▪ Eliminates risk of ransomware Fireglass Document Isolation
No false positives
Founded: 2014 ▪ ▪ Remove Flash and Java from endpoints
Users Web
Application Isolation
▪ Protect internal or cloud applications
CEO: Guy Guzner ▪ Block automated attacks and control data
flow
▪ Provide virtual patching and block
application exploits
Web Security $225.0 Million ▪ On premise or cloud deployment
▪ Prevent data theft by compromised users

Fireglass’ Funding Summary Transaction Commentary


Date Stage Amount Raised ($M) Selected Investors ▪ Integrating Fireglass’ isolation technology with Symantec’s existing endpoint, email, and secure web gateway
solutions could reduce security events by as much as 70%... Isolation will become a core component in the
design of cyber defense architectures for the cloud generation who face the reality of an encrypted internet
and the crisis inherent in email and web-delivered attacks.” - Symantec CEO Greg Clark
Jan 2016 Series A $20.0
▪ “The pairing of browser isolation with Symantec’s proxy and endpoint capabilities forms a generational
Mickey Boodaei Rakesh Loonkar change in approach. Our tests show promise for meaningful reductions in attack surface and time-consuming
security events.” – Raman Safai, CISO of Jefferies Group LLC

Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
145
Honeywell Acquires Nextnine
Honeywell Will Deliver Industry’s Only Field-Proven Solution To Secure Connected Industrial Operations & IoT.

Transaction Overview Nextnine Overview


Nextnine provides security management solutions and technologies for industrial cyber security. ICS Shield, is a top-down
OT security management solution to secure connected environments that can be deployed as a single system.
Date: 6/12/2017
acquires ICS Shield End Customer Distribution
Discover: Identify what’s on the Network
Americas EMEA Asia
HQ: New York, NY ▪ Asset Auto-Discovery: schedule active and passive discovery of ICS assets
▪ Configuration Collection: collect detailed data about each asset Oil & Gas 119 1,061 170
acquires
▪ Change Management: monitor changes in asset inventory & configuration Medical & Pharma 818 14 26

Founded: 1998 ▪ Asset Visualization: Provide clear view of all field assets by business & geography
Minerals & Mining 249 498 80
Connect: Enable Secure Remote Access
▪ Remote Access: centralized authentication, session accounting and control Machinery & Automation 42 413 9
▪ Password Vault: authenticate remote users without sharing device credentials
CEO: Shmulik Aran ▪ Secure file distribution & data transfer
Total 1,228 1,986 285

Protect: Policy Management Partners


IoT Security ▪ Log Collection: empower improved risk management
▪ Automate software patching and anti-malware updating
▪ File backup and restore
Nextnine Funding Summary ▪ Create whitelists and blacklists

Date Stage Amount Raised ($M) Selected Investors Transaction Commentary


Sep 2006 Series C $10.0
▪ “This acquisition shows our ongoing commitment to providing our customers with a comprehensive portfolio of
cyber security solutions to protect and defend their industrial control systems and process control networks.
Jan 2005 Venture $5.0 Honeywell’s extensive global reach will increase Nextnine’s availability to a broader range of customers.” -
Vimal Kapur, President, Honeywell Process Solutions
Jan 2001 Series B $20.0
▪ “Honeywell is eyeing the Industrial Internet of Things market opportunity to connect and manage industrial
installations across a range of sectors and its acquisition of Nextnine will potentially provide a known quantity
Jan 1998 Seed $4.5
in the critical area of security.” – Seeking Alpha

Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
146
Microsoft Acquires Hexadite
Microsoft Looks Again To Israel To Strengthen Its Cybersecurity Efforts (Adallom, Secure Islands, Aorato).

Transaction Overview Hexadite Overview


Cyber Analyst Thinking At The Speed of Automation
Date: 5/24/2017 Modeled after the investigative and decision making skills of top cyber analysts and driven by AI, Hexadite’s Automated Incident
Response Solution (AIRS) remediates threats and compresses weeks of work into minutes. With analysts free to focus on the most
advanced threats, Hexadite optimizes overtaxed security resources for increased productivity, reduced costs, & stronger overall security

Solutions By Hexadite
HQ: Boston, MA
Alert: Prioritization Investigate: Investigate Decide: Evaluate, Remediate: Choose How
acquires Doesn’t Protect Everything. No Then Eradicate To Close The Loop
Exceptions

Founded: 2014 ▪ Allows existing security ▪ After receiving an alert, ▪ Aggregates data from the ▪ With semi-automated or fully
investments to operate at full Hexadite AIRS automatically most advanced and up-to- automated remediation
capacity launches an investigation date threat intelligence feeds capabilities, you can choose
▪ Integrates with any detection ▪ The result of one ▪ Uses proprietary algorithms the level of human
system via email, syslog or APIs investigation can trigger to inspect content and act on involvement
to expedite deployment and multiple parallel every threat
CEO: Eran Barak investigate every alert investigations

Sec Ops / Incid. Response $100.0 Million Strengthen Security Increase Productivity Reduce Costs

HEXADITE
Quickly shut down attacks and Free up resources and maximize Simplify operations and minimize

VALUE
THE
investigate all alerts to uncover hidden response effectiveness with automated damages and recovery times from attacks
Hexadite Funding Summary threats and protect against breaches IR processes and best practices through rapid incident resolution

Date Stage Amount Raised ($M) Selected Investors


Transaction Commentary
Feb 2016 Series A $8.0 ▪ “Microsoft had announced earlier this year that it would continue spending $1 billion in 2017 on cybersecurity
research and development, excluding acquisitions it might make in the field. The company also maintains three
July 2014 Seed $2.5 R&D centers in Israel.” -CNBC

Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
147
CyberArk Acquires Conjur
Deal Will Deliver Industry’s Only Enterprise-Class Solution To Secure The DevOps Lifecycle & Cloud-Native Environment.

Transaction Overview The Conjur Plarform

Trust Management for Code, Machines, and People in the Cloud & Container Era
Date: 5/11/2017
Conjur enables security-conscious and regulated enterprises to deploy sensitive workloads to the cloud with confidence. It creates
and maintains trust in the code, machines, and people that make up today's digital business.

HQ: Newton, MA
Make Devops Safe
acquires Privileged access & secrets management
automation to secure continuous delivery
Founded: 2013
Ensure Trusted Access At Webscale
CEO: Elizabeth Lawler Between the thousands of elements that
compose modern cloud & IoT applications

Simplify Compliance
Identity & Access Mgmt $42.0 Million Define, implement, and enforce your
policies, and deliver reports to prove it

CyberArk Acquisition History


Date Company Description Transaction Commentary
Provides high speed cyber solutions for government ▪ Udi Mokady, Chairman and CEO, CyberArk said “CyberArk’s acquisition of Conjur further strengthens our market
3/11/2016 agencies, enterprises, and network operators through DPI leadership position – providing the industry’s only enterprise-class solution for privileged account security and
technology.
secrets management on premises, in the cloud and across the DevOps pipeline. Now with Conjur, CyberArk
Offers app control features and administrative privilege customers can truly embrace DevOps without compromising on security.”
10/7/2015 capabilities to protect against zero-day attacks, malware,
and threats. ▪ “The addition of Conjur will help allow users to accelerate modern software deployment with the addition of
Conjur’s DevOps security software platform which automates machine identity provisioning, authorization of
Develops an endpoint security platform that automatically
8/12/2015 uncovers sophisticated cyber-attacks by combining deep privileged access, service account control and machine-to-machine connectivity.” – Infosecurity Magazine
endpoint data collection and centralized analysis

Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
148
EQT Partners Acquires Open Systems
EQT Partners Diversifies Its Tech & Cybersecurity Portfolio By Acquiring Majority Stake Of Open Systems.

Transaction Overview Open Systems Overview


Date: 05/05/17 Security , Performance And Control For Your Network, Infrastructure And Applications.

HQ: Zurich, Switzerland


Integrated Service
Network Security Application Delivery Identity Management Global Connectivity
Management
acquires Founded 1990
Makes sure that users Ensures that business- Involves the Uses select technology Provides a Service
work with a reliable and critical applications run authentication, to connect various global Delivery Platform,
efficient infrastructure smoothly and securely, authorization and enterprise locations Mission Control Portal
CEO: Martin Bosshardt that meets both global and adhere to the management of privileges where business-critical and 24x7 Operations,
objectives and local global security policy of individuals, hardware processes are concerned. to secure the availability
needs. or applications & stability of ICT
infrastructures
Employees: ~150
▪ Distributed Firewall ▪ Web Application ▪ Identity Sever ▪ Cloud Express ▪ Service Delivery
▪ Network Security Firewall ▪ Federated Identity ▪ WAN Routing Platform
MSSP
Monitoring ▪ Email Gateway Management ▪ Mobile Entry Point ▪ 24x7 Operations
▪ Enterprise Firewall ▪ Application ▪ Web Single Sign-on ▪ Tactical Networks ▪ Mission Control
Customers ▪ WiFi Security Performance ▪ Strong ▪ Sourcing Services Portal
Management Authentication
Open Systems’ customers come from more than 180 countries, across all industry
sectors, including:
Transaction Commentary
▪ On May 5, 2017, Swedish private equity fund EQT Partners AB acquired a majority stake of Open Systems, a
Swiss IT systems security company, for $120M
▪ “The deal will be the EQT's first buyout in 2017 using its €1.1bn mid-market fund” - Unquote
Government Finance Health Care Infrastructure Media Retail

Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
149
Thales Acquires Guavus
Combined Businesses To Strengthen Thales' Portfolio Of Analytic Solutions In Aerospace, Security & Defense.

Transaction Overview Guavus Overview


Guavus provides next-generation big data analytics applications for planning, operations, customer experience
Date: 04/28/2017 management and IoT. These applications uniquely bring together computer science, data science and domain
science to provide real-time analytics that enable businesses to become more efficient, profitable and competitive.
HQ: San Mateo, California Planning Operations CEM IoT
Keep Pace with Operational analytics Improve Profitability, Cloud-based Analytics
Today's Explosive that put the customer Reduce Churn and Applications for the
Data Growth first while fueling Increase Sales Industrial IoT
acquires Founded 2006 business optimization

▪ IP Mediation ▪ Customer Insights & ▪ Fault Management


Total Raised: $138.8M ▪ Network Planning Analytics ▪ Service Assurance Segmentation ▪ Smart Metering
▪ Network Planning & ▪ Performance Management ▪ Customer Profiling & ▪ Predictive Maintenance
Forecasting ▪ Network Security & Threat Targeting ▪ Service Assurance
▪ Network Optimization Mitigation ▪ Data Monetization (Data-as- ▪ Resource Optimization
CEO: Anukool Lakhina ▪ IP Wholesale/Prospecting a-Service) ▪ Security & Breach Detection

Specialized Threat Analysis $215.0 Million Transaction Commentary


▪ The transaction is for a maximum enterprise value of $215 million. The transaction is subject to the
Customers achievement of significant sales growth targets and is subject to regulatory approvals and other customary
closing conditions. The transaction is expected to be completed during the third quarter of 2017.
The Guavus Difference enables Fortune 500 enterprises to leverage sensors, network,
customer and business data to become more profitable, efficient and competitive ▪ "Combined with our established expertise in other key digital technologies, the acquisition of Guavus
represents a tremendous accelerator of our digital strategy for the benefit of our customers. The application to
Thales's core businesses of Guavus' technologies and expertise in big data analytics will strengthen our ability to
support the digital transformation of our customers, whether in aeronautics, space, rail signaling, defense or
security.“ -Patrice Caine, Thales' Chairman and CEO
▪ "Guavus' widely deployed machine intelligent, big data operational analytics platform transforms the quality,
efficiency, scale and security with which our customers can deliver their services, making our platform a critical
enabler of digital transformation.“-Anukool Lakhina, founder and CEO of Guavus

Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
150
CA Technologies Acquires Veracode
Veracode Will Bridge CA’s Security Business With Its Broad DevOps Portfolio.

Transaction Overview Veracode Product Overview


Veracode’s unified platform assesses and improves the security of applications from inception through
Date: 3/6/2017 production so that businesses can confidently innovate with the web and mobile applications they build.
Need Solution Product
HQ: Burlington, MA Simplify PCI Compliance Application Security Platform
Nearly 80% of Web & internal audits – Pass
acquires offers a scalable way to manage
80% Applications contain at
least one vulnerability
audits faster and with less
effort with automated
risk across entire application
Founded: 2006 compliance reporting
portfolio
Static Analysis allows developers
Web and mobile Embed security into agile to identify and remediate
workflows – Identify application security flaws; Web
CEO: Bob Brennan 33%
applications account for
more than a third of vulnerabilities without Application Scanning monitors
data breaches interrupting agile web application during
workflows production
Application Security $614.0 Million Reduce your global threat Developer Training empowers
Attacks at application surface – Achieve developers and testers to develop
25% layer growing by more
than 25% annually.
enterprise-wide secure applications by providing
Veracode Funding Summary governance with
centralized policies
skills needed to identify
vulnerabilities
Date Stage Amount Raised ($M) Selected Investors
Transaction Commentary
Sept 2014 Series F $40.0
▪ Bob Brennan, CEO, Veracode said “By joining forces with CA Technologies, we will continue to better address
Apr 2012 Series E $30.0 growing security concerns, and enable them to accelerate delivery of secure software applications that can create
Feb 2010 Series D $12.3 new business value.”
▪ “Veracode will enable CA to make security a frictionless part of the Dev-Ops process by making security
Mar 2009 Series C $5.0
programmatic for developers, automating security testing as a part of continuous delivery, and providing the
Jan 2007 Series B $19.5 detection and remediation of vulnerabilities to help developers create more secure, compliant applications at the
speeds needed for modern application development.” – CA Press Release
Mar 2006 Series A $7.5

Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
151
Madison Dearborn Partners Acquires BlueCat
MDP Will Focus On Developing and Marketing BlueCat’s Automated DNS Solutions.

Transaction Overview BlueCat Overview


BlueCat provides IP address management, domain name system, and DHCP enterprise DNS solutions. It allows
Date: 3/17/2017 customers to build and manage complex network infrastructure, resulting in improved network performance and
acquires reduced network downtime.

HQ: Toronto, Canada


Benefits of Enterprise DNS Solutions
acquires
Founded: 2001

CEO: Michael Harris Centralized Automated Security

Enterprise DNS $325.0 Million BlueCat centralizes architecture by Automated DNS solutions result in BlueCat provides insights into all
connecting all endpoints, less reliance on manual, error- network activities, providing
providing full views of critical prone processes – allowing key IT organizations with visibility, control,
BlueCat Funding Summary network assets and clients. resources to focus elsewhere. and threat detection abilities.

Date Stage Amount Raised ($M) Selected Investors Transaction Commentary


▪ “We have prioritized the needs of enterprise customers by taking a uniquely software-centric approach to our
Jul 2011 Series B $16.8 delivery model, and that strategy has propelled BlueCat to the forefront of the industry. MDP recognizes
BlueCat’s valuable position within our customers’ infrastructure and our tremendous growth prospects. With the
added resources and expertise of MDP, BlueCat will be strongly positioned to accelerate our growth.”

Oct 2009 Series A


– Michael Harris, CEO of BlueCat
$11.0

Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
152
Accenture Security Acquires iDefense & ENDGAME’S Gov’t Svcs Biz
Deal Will Boost Accenture Security’s Defense Services Capabilities & Threat Intelligence Services / Enterprise Security Needs.

Transaction Overview ENDGAME’s U.S. Federal Gov’t Services Business Overview


Endgame’s federal government services business will The acquisition will provide Accenture Federal
acquires become part of Accenture Federal Services, specializes in: Services an additional team of highly skilled
▪ Proactive cyber defense cybersecurity professionals who will help federal
▪ Hunt-as-a-service capabilities clients increase their cyber resiliency by better
▪ Red teaming preparing for, identifying, intercepting, and removing
▪ Cyber operations advanced adversaries in real time
iDefense Security

U.S. Federal Government


& Intelligence Services
“By adding Endgame’s federal services team, Accenture Federal Services can better equip our clients to identify and eradicate
Business
Services Business malicious attacks faster and more effectively. As the digital explosion is dramatically increasing the attack surface, rapidly identifying,
isolating and remediating intrusions will be central to the next generation of cyber defense.”
- David Moskovitz, Accenture Federal Services, Chief Executive Officer
Date: 2/8/2017 Date: 2/9/2017
HQ: Arlington, Virginia HQ: Reston, Virginia Verisign’s iDefense Overview
Defense Operations Threat Intelligence iDefense IntelGraph Service Coverage Areas Key Capabilities
▪ Built on graph database technology to 100+ Security Researchers Worldwide
Cyber Cyber
Accenture Security Acquisition History allow all facets of threat intelligence to
Espionage Crime 20+ Proficient Languages
be stored in a central repository
Date Company Description connected by links
40+ Threat Intelligence Analysts
▪ Enhances the ability to detect and Vulnerability
analyze threats while accelerating Hacktivism Dedicated Subject Matter
10/5/2016 Simulates attacks of advanced adversaries Management
customer notification and remediation Experts in Threat Intelligence

Provides vulnerability countermeasures, “The acquisition of iDefense augments Accenture Security’s existing Cyber Defense Services with targeted threat intelligence that
6/20/2016
cyber forensics & malware defenses Accenture will embed into services it manages for clients’ security operations. In addition to directly providing threat intelligence to
Fortune 500 customers, Accenture will fuel its cybersecurity platform with these capabilities to enhance its ability to inform clients
Supports U.S. federal govt & provides where threats are forming and coming from, and what actions to take – much earlier than other providers who leverage public data
8/4/2015
advanced cyber defense & response feeds.” – Accenture Press Release

Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
153
Sophos Acquires Invincea
Acquisition To Expand Sophos’ Next Generation Endpoint Protection Portfolio.

Transaction Overview Invincea Overview


Invincea Detect Invincea Prevent Invincea Complete
Date: 2/8/2017 ▪ Detect new and ▪ Block known and ▪ Additional spear phishing
existing threats unknown malware protection
▪ Capture and analyze ▪ Stop weaponized ▪ Utilize Invincea’s isolation
By forensic data documents and other capabilities to identify
HQ: Fairfax, Virginia Invincea file-less attacks untrusted content in emails

acquires Prevent Known & Unknown Malware without

Key Features
Stop File-less Attacks
Founded: 2009 Signatures

Eliminating Spear Phishing Attacks Deep Forensics

CEO: Anup Ghosh Invincea Remote Threat Monitoring X-as-a-Service


Managed Services Combines X with active monitoring by analysts. If Invincea will configure & manage the software, &
threat detected, will offer advice on how to proceed monitor for threats
Endpoint Security $120.0 Million Transaction Commentary
Invincea Funding Summary ▪ Sophos has agreed to acquire Invincea for a cash consideration of $100 million with a $20 million earn-out
dependent on first-year revenue
Date Stage Amount Raised ($M) Selected Investors
▪ The transaction will be financed through cash on hand and extension of existing credit facilities of Sophos Group
Nov 2016 Venture $10.0
▪ Invincea Labs will be separated from Invincea prior to the transaction and does not form part of this transaction.
Apr 2014 Grant $8.1 Undisclosed ▪ “Invincea is leading the market in machine learning-based threat detection with the combination of superior
Dec 2013 Series C $16.0 detection rates and minimal false positives. Invincea will strengthen Sophos’ leading next-gen endpoint protection
with complementary predictive defenses that we believe will become increasingly important to the future of
Dec 2012 Series B $14.1 Undisclosed endpoint protection and allow us to take full advantage of this significant new growth opportunity.” – Kris
Mar 2009 Series A $7.3 Hagerman, CEO Sophos

Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
154
StackPath Acquires Highwinds
StackPath’s 5th Acquisition In The Last 12 Months, To Accelerate The Delivery of A Global Enterprise Security Platform.

Transaction Overview Highwinds Overview


The Highwinds Content Delivery Network is one of the largest CDNs and features additional products and services built to address
many of your specific needs. Highwinds provides Customized Solutions for a variety of platforms:
Date:
2/6/2017

Media Games Ads Software Websites


HQ: Advanced Streaming Platform Gaming Delivery Network Quick Decisions & Delivery Fast File Downloads Speed-Up Your Entire Site
Winter Park, Florida
acquires
Highest Satisfies demand for faster downloads, updates, & patches Advanced media tool chain for prep Deliver entire websites & apps via the CDN, including
Founded: performing by using CDN optimized for large file delivery & delivery of video to every device both static & dynamic content

Products
2002 CDN

Supports online storage needs with full CDN portal offers advanced analytics, Block attacks on your origin Bundle IP transit & colocation to create a
replication, guaranteed high availability & customized reports & real-time operations servers, protect your content, custom CDN to efficiently manage &
CEO: asset durability & ensure service continuity distribute content globally
Steve Miller

Content Delivery Network (CDN) StackPath Funding & Acquisition Summary


Date Stage Amount Raised ($M) Selected Investors
Transaction Commentary July 2016 $180.0
Series A Insiders
▪ Highwinds’ services & platform will be integrated with existing StackPath offerings &
operations to create a single global platform Date Acquired Company Company Description
▪ The integration puts StackPath at more than 300 employees with more than 20,000 CDN
MaxCDN is a content delivery network that helps companies accelerate static and dynamic content
customers and one of the world’s largest global network backbones July 2016
around the world.
▪ “Our two companies had the same view that CDN security and innovation hasn’t evolved as
Fireblade offers web security services in the areas of DDoS protection, Web application security,
quickly as it needs to. Developers leverage CDNs for practically everything they’re building July 2016
performance monitoring, and web acceleration aspects.
in the cloud these days. But CDNs still tend to be add-on services, not built-in. Merging
Staminus develops advanced security availability technology to mitigate the largest and most complex
Highwinds and StackPath gives us the scale, scope, and experience to more quickly bring July 2016
DDoS attacks in the world.
the market an integrated, next-generation platform with unprecedented security
Cloak is a consumer VPN platform with native iOS and Mac applications to allow people to securely
advantages.” –Lance Crosby, CEO StackPath April 2016
use the internet while on untrusted networks.

Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
155
Keysight Technologies Acquires Ixia
Ixia Will Complement Keysight’s Software And Security Portfolio, Allowing For Keysight’s Accelerated Growth.

Transaction Overview Ixia Overview


Ixia provides comprehensive IP network validation and network visibility solutions. The Company's designs are used
Date: 4/18/2017 by equipment manufacturers, service providers, enterprises, and government agencies to validate network functions,
acquires
test the integrity of security infrastructure, and deliver an end-to-end view of client networks.

HQ: Calabasas, CA 360 Testing Tools Strong Visibility Architecture Segments Served
acquires End-to-end testing: Spans Out of Band Monitoring:
every port, machine, and Powered by intelligent security
Founded: 1997
device that applications fabric improves the accuracy of
touch out-of-band network and
application security monitoring Enterprise Service
CEO: Bethany Mayer Providers
Continuous testing: helps Inline Security Resilience:
detect vulnerabilities not Failsafe visibility to physical,
Network Security $1.6 Billion visible in development and virtual, and encrypted traffic
verifies operation even maximizes the value of firewalls,
Ixia (NYSE:XXIA) Price Performance after deployment intrusion prevention systems and Government Network
Agencies Vendors
$21.00
other appliances
($ USD price per share)
$19.50
$19.00 Transaction Commentary
$17.00 Deal Announced ▪ “We are pleased to have quickly brought the Ixia acquisition to completion and excited to add Ixia’s deep
$15.00 (January 30, 2017)
bench of talent to the Keysight team. This complementary combination accelerates several of our strategies for
$13.00 growth, including expanding our software solutions and software engineering capability. We have also
$11.00 broadened our reach within the communications development lifecycle, and will build and grow Ixia’s
$9.00 established strong position in the fast-growing visibility and security markets.” – Ron Nersesian, President and
$7.00 CEO of Keysight
Jan-16 May-16 Sep-16 Jan-17

Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
156
LLR Partners Acquires BluVector
Acquisition By LLR Partners Should Widen BluVector’s Commercial Opportunities.

Transaction Overview BluVector Product Overview


Provides network-based Advanced Threat Detection solutions to enable SOC analysts and Incident
Date: 01/09/2017 Response Teams to gain actionable insight on advanced threats in real-time

HQ: Millersville, MD Speed Accuracy Integration


acquires
▪ Built to handle >10 GBps high ▪ Patented Machine Learning ▪ Designed to interoperate with an
Founded: 2015 speed networks engine with support for 30+ file organization’s existing security
▪ Performs real-time static analysis types solution, including: SIEM tools,
CEO: Kris Lovejoy of content to identify advanced ▪ Ability to identify zero-day & Threat Intelligence data feed, &
threats in milliseconds that polymorphic malware post analyzers
Specialized Threat Protection ~$50.0 Million ordinary tools wouldn’t detect ▪ Ability to evolve on premises ▪ Supports automation of key
▪ Suspicious threats are sent to using forms of AI to further processes, including block
sandbox for dynamic analysis improve accuracy & reduce false requests
LLR Partners Security Portfolio History The BluVector Threat Engine
positives

Transaction Commentary
▪ LLR Partners acquires BluVector from Northrop Grumman

▪ LLR Partners has committed $50M to BluVector to support the acquisition and future growth plans

▪ “As part of Northrop Grumman, we were able to create truly innovative threat hunting capabilities and disrupt the
market. Emerging as a standalone business now gives BluVector the opportunity to extend our leadership position in
both existing and emerging security sectors. Partnering with LLR brings to the equation a keen understanding of the
cyber market and the resources to help us accelerate growth in the commercial space.” -Kris Lovejoy, CEO of BluVector

Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
157
Amazon Acquires Harvest.ai
Amazon Web Services Strengthens Its Security-As-A-Service Platform With Acquisition Of AI-Based DLP Start-Up.

Transaction Overview Harvest.ai Overview

Date Announced: 01/09/17

HQ: San Diego, CA


Reinventing DLP AI-Based Analytics UEBA
▪ Use analytics to discover and ▪ AI analytics learn to identify ▪ Ability to observe changes in
stop targeted attacks intellectual property, whether user behavior across system–
acquires Founded: 2014 ▪ DLP analytics classify documents, videos, or code including Google For Work,
documents & identify true IP ▪ Understands how data is being Office 365, & Box— crash
matches to protect documents accessed to prevent targeted reports and security logs shine a
Total Raised: $2.7M attacks spotlight on possible breaches

DLP MEETS USER BEHAVIOR ANALYTICS (UEBA)


harvest.ai's MACIE™ Analytics provides the confidence and dependability in protecting your business' most
Founder / CEO: Alex Watson
important assets, protecting user accounts from compromise and preventing theft of data and intellectual property

Data Security ~$20.0 Million


Transaction Commentary
Funding Snapshot ▪ “AWS already offers embedded security features and tools for users of its cloud services platform. Although
there are third parties who offer security features for cloud services, Amazon has also moved into this area,
Date Stage Amount Raised ($M) Investors given how vital it is for customers to trust it to lock down their key business assets.” – TechCrunch
▪ “And, as ever with security, it’s an arms race to keep on top of evolving threats, so it may be that harvest.ai was
Mar 2015 Seed $2.3 acquired to beef up those capabilities. Amazon CTO Werner Vogels has described security as one of the five
supporting pillars of every service it builds for customers.” – TechCrunch
Nov 2014 Seed $ 0.4

Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
158
Clearlake Capital Group Acquires LANDESK
LANDESK Merges With Clearlake’s HEAT Software To Create IT Solutions Company Ivanti.

Transaction Overview Ivanti Overview


Combination of HEAT Software and LANDesk allows for comprehensive IT Solutions Services
Date: 01/03/2017

Cloud Service Management Unified Endpoint Management

HQ: South Jordan, Utah Improve productivity; Manage all user IT IT Service
automate workflows to devices; identify and Security Management
acquires better manage business solve any issues
efficiency immediately
Founded: 1985
IT Asset UEM/Systems
Management Management

CEO: Steve Daly


Supply Data and
Chain Analytics
Endpoint Security $1.2 Billion Unified Endpoint Security Service Asset Management
Management Management Management

Heat Software Background Transaction Commentary


▪ February 13, 2015 Clearlake Capital Group acquired FrontRange Solution ▪ Clearlake Capital Group acquired LANDESK and combined it with HEAT Software to create Ivanti

▪ FrontRange merged with Clearlake portfolio company Lumension to form ▪ “Ivanti’s strength lies in its scale and the quality of its loyal customer base, people, and differentiated products.
We plan to aggressively accelerate growth by investing in the development of new products and sales and
Heat Software to become a comprehensive service management and
marketing as well as through acquisitions.” –Behdad Eghbali, Managing Partner Clearlake Capital
unified endpoint management software solutions provider
▪ “The combination enhances Ivanti’s unified endpoint management (UEM) solutions, increases its strength in the
▪ Heat assists with business operations, such as security and compliance, endpoint security market, and provides a rapidly growing SaaS service management platform. The combined
through its software suite, which services 8,700 customers worldwide company is well positioned to address IT’s growing needs as they deal with increasingly complex end-user
environments and transition services to the cloud.” –LANDESK Press Release

Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
159
Highlighted
Fundraising Activity
1

Series C Series B Series A Series B Secondary Series A Series C Series B


Dec. ’17 | $40M Dec. ’17 | $25M Dec. ’17 | $7M Dec. ’17 | $13M Dec. ’17 | $211M Nov. ’17 | $25M Nov. ’17 | $30M Nov. ’17 | $16M

Private Equity Series E Private Equity Series B Series A Series C Series C Series C
Nov. ’17 | $65M Oct. ’17 | $25M Oct. ’17 | $150M Oct. ’17 | $30M Oct. ’17 | $8M Oct. ’17 | $30M Oct. ’17 | $70M Oct. ’17 | $50M

Series C Series C Series B Series C Series A Series B Series C Series D


Oct. ’17 | $28M Oct. ’17 | $21M Sept. ’17 | $27M Sept. ’17 | $26M Sept. ’17 | $29M Sept. ’17 | $25M Sept. ’17 | $45M Sept. ’17 | $88M

Series B Series D Late Stage Venture Series A Series B Series A Series B Series A
Aug. ’17 | $40M Aug. ’17 | $26M Aug. ’17 | $80M Aug. ’17 | $13M Aug. ’17 | $22M Aug. ’17 | $10M Aug. ’17 | $15M Aug. ’17 | $20M

StackRox
Series A Series B Series A Series B Series B Series C Series C Series D
Jul. ’17 | $35M Jul. ’17 | $23M Jul. ’17 | $14M Jul. ’17 | $23M Jul. ’17 | $32M Jul. ’17 | $42M Jul. ’17 | $40C Jul. ’17 | $75M

Series E Series C Series C Series A Series F Series B Late Stage / Debt Late Stage
Jul. ’17 | $36M Jul. ’17 | $29M Jun. ’17 | $30M Jun. ’17 | $12M Jun. ’17 | $75M Jun. ’17 | $33M Jun. ’17 | $70M Jun. ’17 | $100M

Series C Series D Series E Private Equity Series D Series B Late Stage Venture Series A
Jun. ’17 | $12M Jun. ’17 | $125M Jun. ’17 | $100M May ’17 | $100M May ’17 | $100M May ’17 | $15M May ’17 | $15M May ’17 | $12M

Series C Series C Series B Private Equity Series C Series F Series A-II Series A-II
May ’17 | $36M Apr. ’17 | $17M Apr. ’17 | $20M Apr. ’17 | $40M Apr. ’17 | $21M Apr. ’17 | $89M Mar. ’17 | $4M Mar. ’17 | $7M

Series A Series C Series C Series C Series C Series B Series B Series C


Feb. ’17 | $15M Feb. ’17 | $22M Feb. ’17 | $40M Feb. ’17 | $30M Jan. ’17 | $70M Jan. ’17 | $25M Jan. ’17 | $14M Jan. ’17 | $45M
Raises $40.0M In Series C Financing.

Company Overview Menlo Security Product Overview


Menlo Security provides a new layer in the security stack that contains and eliminates all The Menlo Security Isolation Platform (MSIP) incorporates a web isolation, document isolation, and
malware, every time, and delivers a completely native experience to users. Traditional phishing isolation service that eliminates the possibility of malware reaching the user
methods of preventing attacks, all based on distinguishing ‘good’ content from ‘bad’
Description Web Isolation Service Document Isolation Service Phishing Isolation Service
content, are becoming outdated and Menlo Security seeks to eliminate the threat of
malware from the web and email through revamped technology and contemporary Document Isolation Service Phishing Isolation prevents
Web Isolation Service protects
security platforms. isolates and renders the most phishing sites from delivering
enterprises from cyber attacks by
common file types – including malware to endpoints and/or
isolating and executing all web
PDF, Word, Excel, and harvesting private information
content in the MSIP before
PowerPoint - before malware from users who click on phishing
malware can reach users devices
reaches users links
Founders /
Management
Key Features
Amir Ben-Efraim Poornima DeBolle Kowsik Guruswamy Todd Vender Gautum Altekar
CEO & CPO & CTO VP, Engineering Chief Architect &
Co-Founder Co-Founder Co-Founder No False Positives or Negatives Download Safe Documents Eliminates Credential Theft
Founded 2013
Works With Any Device No Plug-In Software Simplifies Infrastructure
HQ Palo Alto, California
Total Amt Raised $85.0M Available as SAAS Transparent User Experience Protects Email Users

Menlo Security Isolation Platform (MSIP) Funding Summary


The Menlo Security Isolation Platform (MSIP) eliminates malware from key attack vectors Date Stage Amount Raised ($M) Selected Investors
including web and email and is available as a public cloud service or the user’s data center $40.0
Dec 2017 Series C

The Process The Difference The Importance Nov 2015 Series B-I $9.5 Undisclosed

The MSIP uses adaptive The MSIP is transparent by The results from conventional
clientless rendering technology having no impact on user threat prevention products is Jun 2015 Series B $35.0
to connect the user’s running experience and easy to deploy ineffective because of how
session to the user’s native with no endpoint software innovative today’s attackers are Nov 2014 Series A $10.5
browser requirement

Source: Company Press Release and Website, Pitchbook, and Capital IQ.
162
Raises $25.0M In Series B Financing.

Company Overview ShieldX Product Overview


ShieldX is a developer of microservices platform designed for agentless, multi-cloud APEIRO is network-based, DPI-powered security that deploys automatically at elastic, unlimited scale and cloud-principled
security. The company's microservices platform is a network-based, DPI-powered security cost. It rapidly and efficiently secures today’s complex, multi-cloud environments that feature high-volume, lateral traffic.

that deploys automatically at elastic, unlimited scale and cloud-principled cost and rapidly
Description Uncompromised Security APEIRO IN THE CYBER KILL CHAIN
and efficiently secures today's complex, multi-cloud environments that feature high-
volume, lateral traffic, enabling enterprises to reduces customer risk and helps IT to end ▪ Microsegment & secure in minutes at scale
the unacceptable compromises between security, performance and cost. ▪ Inspect and protect in-depth with deep
packet inspection
▪ Express security intent with policy aligned to
risk and compliance
Founders /
Management Unlimited Scale
Dr. Ratinder Ahuja Harjinder Singh Manuel Nedbal Lovely Kaur John Parker
CEO & President & CTO & VP, HR & Biz Ops VP, Products ▪ Scale elastically to multi-terabits of inspection
Co-Founder Co-Founder Co-Founder & Co-Founder ▪ Automate, insert and orchestrate natively
Founded 2015 ▪ Deploy on and across multi-cloud
infrastructure
HQ San Jose, California
Total Amt. Raised $34.0M Unparalleled Economics
▪ Save time with automation and DevOps-
Key Highlights ready APIs
▪ Maintain SLAs with inherent high availability
Innovation Awards Partnerships ▪ Save infrastructure costs at only 2-4 cores per
microservice
Invented industry’s first For Cloud
microservices platform for Security Funding Summary
Cloud security that Date Stage Amount Raised ($M) Selected Investors
combines network-based
Top Innovator Dec 2017 Series B $25.0
security with latest
in Micro-
innovations in Segmentation Nov 2015 Series A $9.0
infrastructure tech for 2017

Source: Company Press Release and Website, Pitchbook, and Capital IQ.
163
Raises $6.5M In Series A Financing.

Company Overview IRONSCALES Product Highlights


IRONSCALES is a developer of an automated phishing-mitigation prevention system IRONSCALES is a price performance leader that offers the following eight unique and
designed to address the challenges of email phishing. The company's phishing-mitigation contemporary technological features to users:
Description prevention system offers protection from cyber-crimes and prevents spyware, remote-
access trojan horse attacks and ransomware, enabling clients to meet the complexity of
the modern threat landscape and avail secure connection in a hassle free way.
Affordable Anti- Reduced Labor No Expensive Unlimited
Phishing Costs Services Users/System

Founders / Basic packages are up Saves hundreds of Save the average Can add as many team
Management to 40% less than some thousands in staff $15,000 in consulting members to platform as
Eyal Benishti Tsahy Shapsa Erez Fingerman Lomy Ovadia David Burnett Adam Hofeler other competitive salaries and manual fees, $10,000 - $35,000 desired for no
CEO & Founder Board Director COO Head of R&D VP, Sales VP, Sales
UK & Emea
applications phishing prevention in additional services additional costs or fees
Americas

Founded 2013
HQ Tel Aviv, Israel
Total Amt. Raised $8.0M Extended Phone Quick Email
Excellent Support FREE Support
Support Response
10 hours daily ranging Email response is Includes detailed There is no additional
IRONSCALES Product Overview from 8:00 AM to 6:00 available via the videos, articles, how-to cost for support, installs,
PM in the Eastern website, and is also and installation guides or updates included
The IRONSCALES email phishing defense suite is comprised of four fully integrated Standard Time available within the plus more resources with the product
& award-winning products that the company offers Dashboard

Funding Summary
Date Stage Amount Raised ($M) Selected Investors
Dec 2017 Series A $6.5
The Most Intelligent The First & Only The Fastest, Fully The Only Real-Time
Phishing Simulation Mailbox-Level Automated Phishing Automated Phishing Jan 2016 Seed $1.5
& Awareness Training Phishing Detection Incident Response Intelligence Sharing
Jan 2015 Accelerator Undisclosed

Source: Company Press Release and Website, Pitchbook, and Capital IQ.
164
Raises $13.0M In Series B Financing.
Company Overview Product Overview
Prevoty is one of the leading developers of Runtime Application Self-Protection Security LANGSEC Features
(RASP). Its autonomous application protection technology is designed for applications to
defend themselves against real-time attacks, allowing enterprises to automatically protect Reduced Vulnerability Backlog Layered Defense
their applications while in production. The company integrates application security with Up to 100% of Application External protections
Description
agile software development practices, allowing both security and development teams to Security Testing backlog such as IPS and WAF as
will not need immediate first line of defense –
reduce risk and work more effectively.
remediation. with RASP as last line.

Real-Time Attack Visibility Faster Application Release


Prevoty’s Language security
Identifies potential vs. Push applications into
(LANGSEC) approach to RASP faster production
Founders / actual vulnerabilities by
neutralizes threats without requiring showing real attacks on without worrying about
Management signatures or anomaly detection SIEM, log, WAF, etc. vulnerabilities.
Julien Bellanger Kunal Anand George Vukcevich Sharon Vardi Chris Prevost
capabilities.
CEO CTO VP Sales CMO VP Solutions
Founded
Funding Summary
2013
HQ Los Angeles, California Date Stage Amount Raised ($M) Selected Investors
Total Amt. Raised $25.0 M
Dec 2017 Series B $13.0
Internal Protection
Mar 2015 Series A $8.1
Tightly coupled with code

Undisclosed Early Stage VC $0.8 Undisclosed


Automatic reconfiguration
without human intervention
Dec 2013 Seed $2.4

Embedded security within


running application May 2013 Seed $0.7

Source: Company Press Release and Website, Pitchbook, and Capital IQ.
165
Completes $213.0M Recapitalization As Axxess Capital Sells 30% Stake To Vitruvian Partners.

Company Overview Business Highlights


Description Bitdefender develops cybersecurity and anti-virus software designed to provide protection Trusted security provider with a deep bench of cybersecurity professionals, global security delivery
against internet security threats. The company's security software features web protection, infrastructure and award-winning proprietary technology enabling the full protection of over half a
cloud antispam, firewall, vulnerability scanner, parental controls, file encryption, device
anti-theft and backup in addition to efficacy, ease of use and inter-operability enabling
billion users and business since 2001.
customers and clients to safeguard their laptops, desktops, tablets and mobile phones from
viruses, trojans, rootkits, rogues, aggressive adware, spam, etc. 1,300 600+ 4,200+ 72
Employees Engineers & Qualified Patents
Researchers Reseller Partners
Founders / Solution Overview
Management
Robust security solutions that radically alter the customer’s experience with security, in terms of
Niculae Dinca Niculae Dinca Bogdan Irina Bogdan Dumitru Rares Stefan
CEO CFO COO CTO CSO efficacy, performance, ease of use and interoperability.
Founded 2001
HQ Bucharest, Romania
Total Amt. Raised $220.1M
Intelligent Advanced Threat Multi-Layered Endpoint 24 / 7 Customer Wi-Fi
Antivirus Defense Next-Gen Security Security Support Security Advisor
Selected Customers

File Encryption Anti-Phishing & Firewall Vulnerability Cloud


Password Manager
Anti-Fraud Protection Scan Security

Technology Alliances Funding Summary


Date Stage Amount Raised ($M) Selected Investors

Secondary
Dec 2017 $213.1
Transaction

Dec 2007 Growth $7.0

Source: Company Press Release and Website, Pitchbook, and Capital IQ.
166
Raises $25.0M In Series A Financing.

Company Overview Product Overview


ReversingLabs provides the industry’s first modular, high volume file classification solution,
Advanced security solutions with unmatched speed and accuracy for enterprises, government agencies,
that scales to assess millions of files from various sources including endpoints, network, and and security solution providers
storage. Elastic Object Processing detects malware and zero day and performs YARA-based
Description
classification for DLP, malware identification, policy violations, and regulatory compliance. Threat Detection Incident Response & Forensics File Reputation
Elastic File Analysis works within customer security infrastructures for file extraction, deep
Product: TitaniumCore Product: TitaniumCore
analysis, event reporting, YARA hunting, and response. Function: Malware Function: File Reputation
Product: N100 Analysis Solution Service (Cloud)
Function: Network
Security Platform Product: TitaniumCore Product: TitaniumCore
Founders / Function: Malware Function: File Reputation
Management Analysis Platform Appliance (On-premise)
Mario Vuksan Igor Lasic Ron Talwalkar John Hanratty
CEO & Co-Founder VP of Technology VP of Product VP of Marketing
Technology Overview
Founded 2009
HQ Cambridge, Massachusetts ReversingLabs incorporates a number of unique core technologies and industry standards that increase the
Total Amt. Raised $25.0M speed, effectiveness and coverage of its solutions

Selected Partners Active File ReversingLabs Support for


Decomposition Hashing Algorithm STIX / TAXII

The fastest, most comprehensive More effective for malware Enables clients to share cyber
solution for threat detection & detection than standard file threat data with other
malware analysis hashing algorithms organizations
ReversingLabs Solution Key Capabilities
Funding Summary
Elastic File Analysis Malware Hunting File Reputation Services
Date Stage Amount Raised ($M) Selected Investors
World’s largest Whitelist
The only elastic Next generation YARA
and Blacklist on over 5
solution for real-time hunting platform with
billion unique files (6 Nov 2017 Series A $25.0
file and object analysis advanced pivots
million files added daily)

Source: Company Press Release and Website, Pitchbook, and Capital IQ.
167
Raises $30.0M In Series C Financing.

Company Overview Product Overview


ThreatQuotient develops cybersecurity software that enables organizations to manage threat
ThreatQ™: Threat Intelligence Platform
intelligence and defend against cyber-attacks. Its Threat Intelligence Platform, ingests and
centralizes over 120+ feeds ranging from commercial cloudsourcing communities to ThreatQ is an open and extensible threat
Description malware sandboxes. The platform uses third-party tools to provide insights to enrich intelligence platform that accelerates security
customer data with OpenDNS, VirusTotal, Threat Recon, and more. The turnkey integration operations through streamlined threat operations
of over 25 security technologies ensures detection systems are updated with the most high and management.
risk indicators.
Prioritize Accelerate
Enrich Data Collaborate
Based on Risk Detection &
with Context Across Teams
Profile Response
Founders / Correlate external and Automatically score Automate aggregation, Centralize threat intelligence
internal data to gain and prioritize threat operationalization and use sharing, analysis, and
Management
context and determine intelligence based on of threat intelligence across investigation in a threat
John Czupak Wayne Chiang Ryan Trost Leonard Kurtzman Marc Solomon relevance and priority your parameters all systems and teams intelligence platform
President & Chief Architect & CTO & Co-Founder CFO CMO accessible to all teams
CEO Co-Founder

Founded 2013 Threat Data Aggregation Vulnerability Scanning Threat Hunting


Use Improve Incident Response Breach Investigation Strengthen Sensor Grid
HQ Sterling, Virginia
Total Amt. Raised $56.7M
Cases Curated Threat Intelligence Spearphishing Operational ROI

Over 120+ feeds ranging from commercial cloud sourcing communities, open Funding Summary
source intelligence blacklists, and malware sandboxes Date Stage Amount Raised ($M) Selected Investors
Nov 2017 Series C $30.0

Aug 2016 Debt $3.0

Aug 2016 Series B $12.0

Dec 2015 Series A $10.2

Apr 2015 Seed $1.5

Source: Company Press Release and Website, Pitchbook, and Capital IQ.
168
Raises $16.5M In Series B Financing.

Company Overview Product Overview


EclecticIQ is a global provider of Cyber Threat Intelligence technology solutions. It helps
Eclectiq Eclectiq Solution
organizations turn cyber threat intelligence into business value with a suite of products built Fusion Center Platform Services
for cybersecurity professionals in threat intelligence, threat hunting, SOC, and Incident
Intelligence Technology
Description Response roles. Its platform is the analyst-centric threat intelligence platform based on STIX / Sources Providers
TAXII that meets the full spectrum of intelligence needs. The Fusion Center enables the
acquisition of thematic bundles of cyber threat intelligence from leading suppliers with a
single contract.

Founders / Enterprise Integrations


Management

Joep Gommers Raymon van der Velde Ionut Ionescu Jerome Robert Marko Dragolijevic
Founder & CEO Founder & VP Product VP Solution VP, Product Marketing VP Technology
Management Reports IT Integration Analysts
Founded 2014
HQ Amsterdam, Netherlands EclecticIQ Platform is a Threat Intelligence Platform (TIP) that empowers threat analysts to perform faster, better,
and deeper investigations while disseminating intelligence at machine-speed
Amount Raised $23.9M

EclecticIQ Platform Integrations EclecticIQ Platform allows analysts to focus on EclecticIQ Fusion Center merges a wide variety of open &
investigating threats in the context of the bigger picture, commercial intelligence sources in a targeted, human
EclecticIQ Platform fully integrates with essential threat intelligence providers, technical filling gaps left by artificial intelligence & automation qualified output feed that integrates security systems
sources, enterprise IT security solutions and ISACs
Funding Summary
Date Stage Amount Raised ($M) Selected Investors
Nov 2017 Series B $16.5

May 2016 Series A $6.2

Oct 2014 Seed $0.2 Raymon van der Velde & Joep Gommers

Source: Company Press Release and Website, Pitchbook, and Capital IQ.
169
Raises $65.4M In Private Equity Financing.

Company Overview Product Overview


MetricStream software provides solutions for quality management, regulatory compliance,
Process & Risk Repository Risk Assessment & Analysis Control Design & Assessments
risk management, and corporate governance. MetricStream enterprise solutions are used by
leading corporations in diverse industries such as pharmaceutical, medical device, high-tech Identify and define technological Access advanced tools for Define controls as per industry
Description components and establish and planning, scheduling, and standard frameworks like COSO
manufacturing, energy, financial services, healthcare, manufacturing, food and beverages,
maintain relationships across performing risk assessments, and and COBIT, design control test
and automotive to manage quality processes, regulatory and industry-mandated compliance them. Document and manage a once the assessments are plans and assessments, and rate
and corporate governance initiatives. wide array of enterprise risks and performed, route results for their operational and design
associated details using a review and approval. Perform effectiveness leveraging
centralized library and risk assessments easily with a simple questionnaires and surveys as
framework and intuitive user interface required
Founders /
Management Key Metrics Monitoring Issue & Action Management Monitoring & Reporting
Gunjan Sinha Shellye Archambeau Gaurav Kapoor Venky Yerrapotu Vidya Phalke
Executive Chief Executive Chief Operating EVP, Professional Chief Technology Measure and track key indicators Record findings stemming from
Access real-time information on
Chairman Officer Officer Services & Engineering Officer for risks (KRIs), controls (KCIs), and risk assessments and controls tests.
risk management programs across
key performance objectives (KPIs). Recommend action plans such as
Founded 1999 your organization through role-
Set thresholds to identify potential modifying controls or defining
based landing pages with
HQ Palo Alto, CA threats, and mitigate them in new controls as part of the issue
dashboards. Dynamic heat maps
Total Amt. Raised $310.0M advance. Send alerts and remediation process. Monitor the
help view risks by organization,
notifications on any breach to status of implemented actions at
product, or process or by risk
Customers relevant personnel for faster every stage and track them to
category
decision making closure

Funding Highlights
Industries Date Stage Amount Raised ($M) Selected Investors
Banking & Nov 2017 Private Equity $65.4
Retail Government Pharmaceuticals
Financial Services
Sep 2014 Growth $60.0

Jul 2013 Growth $48.4


Health
Insurance Healthcare Oil & Gas Mining
Prior to 2013 Venture $136.2

Source: Company Press Release and Website, Pitchbook, and Capital IQ.
170
Raises $25.0M In Series E Financing.

Company Overview Product Overview


Recorded Future delivers threat intelligence powered by machine learning. The
company’s patented Web Intelligence Engine automatically collects and analyzes Vast Collection Instant Context Faster Analysis
intelligence from technical, open, and dark web sources. It delivers more context than
Description threat feeds alone, updates in real time, and packages information ready for human Access threat intelligence. Keep a finger on the pulse of
Spend less time collecting data
analysis or instant integration with existing security technology. It offers integration Recorded Future continuously the Cyber threat landscape.
and supercharge your security
services, such as workflow automation, data curation/augmentation, and connectors for processes billions of data Get Contextualized threat
team’s capacity. Get mission
security applications. points per day in multiple intelligence delivered in real
critical threat info instantly
languages from the open, time for more efficient
structured and presented
deep, and dark web evaluation of security events

Founders /
Management Real-Time Monitoring Relevant Insights Intelligence Sharing

Christopher Ahlberg Staffan Truve Scott Almeida Bill Ladd Matt Kodama Tune Recorded Future to your Collaborate on intelligence
CEO & Founder Co-Founder & CTO CFO Chief Data Scientist VP Product Drive faster and more accurate
corporate profile and analysis to improve your
incident detection with custom
technology stack, providing response by safely sharing with
Founded 2009 alerts directly relevant to your
context that allows you to your team, and getting insight
threat surface, brand, and
HQ Somerville, MA focus in on business specific from Recorded Future’s expert
infrastructure
threats threat analysts
Total Amt. Raised $59.0M

Select Industries & Customers Funding Highlights


Date Stage Amount Raised ($M) Selected Investors

Oct 2017 Series E $25.0

Apr 2015 Series D $12.0


Energy Financial Services Government Healthcare Retail
Jan 2012 Series C $12.1

Jun 2010 Series B $7.4

Jul 2009 Series A $2.6

Source: Company Press Release and Website, Pitchbook, and Capital IQ.
171
Raises $150.0M In PE Financing.

Company Overview Product Overview


Skybox Security is a provider of cyber security management services intended to Horizon’s security visualization and mapping capabilities are rooted in Skybox
eliminate attack vectors & safeguard business data & services every day. The company's Skybox Horizon intelligence and analysis of all the layers that make up the attack surface.
security analytics platform develops software services that extract insight from cyber
security data to give unprecedented visibility of an enterprise's attack surface, the ways in Leverage Skybox Research Lab's vulnerability and threat intelligence, and
Description Skybox Vulnerability Control
which its information technology systems are vulnerable to threats, with unparalleled automatically correlate it to your unique environment.
visibility and context-aware intelligence of the attack surface, Skybox drive effective
Consolidate threat intelligence from multiple sources in a normalized view to
vulnerability & threat management, firewall management & continuous compliance Skybox Threat Manager pinpoint your most critical risks.
monitoring enabling businesses to fight attacks.
Secure and optimize your firewalls and keep rulesets clean with automated
Skybox Firewall Assurance firewall rule life cycle management.

Founders / Streamline daily firewall change management tasks with an automated workflow
Skybox Change Manager
Management that speeds up processes from planning to execution.
Gidi Cohen Lior Barak Stewart Fox Michelle Johnson Cobb Moshe Raab
Founder & CEO CFO EVP, Sales CMO VP, R&D Use attack vector analytics to assess proposed network changes, and verify
Skybox Network Assurance network compliance every day with customizable reporting and metrics.
Founded 2002
Funding Summary
HQ San Jose, California
Date Stage Amount Raised ($M) Selected Investors
Total Amt. Raised $304.7M Oct 2017 Private Equity $150.0

Selected Customers Feb 2016 Private Equity $96.0

Jan 2014 Venture $6.0

Nov 2011 Venture $6.0

Cybersecurity Analytics In Action Dec 2009 Series D – II $2.0

Jun 2007 Series D $13.9


Visualize Analyze Respond
Jun 2006 Venture $9.3 Undisclosed
Create a model of your Identify potential attack Get actionable intelligence
attack surface by collecting vectors and prioritize in minutes and protect Jan 2005 Series C $10.3
data from all network with complete context of your business with
May 2003 Series B $6.2 Viola Ventures
devices and security your environment and accuracy and efficiency
systems automatically the threat landscape Apr 2002 Series A $5.0 KMN Capital Viola Ventures

Source: Company Press Release and Website, Pitchbook, and Capital IQ.
172
Raises $30.0M In Series B Financing.

Company Overview Product Overview


KnowBe4 is a developer of an integrated security awareness training and simulated phishing Baseline Testing Old school Security Awareness Training doesn’t
platform designed to train employees to make smarter security decisions. The company's hack it anymore. Today, your employees are
Provide baseline testing to assess the Phish-prone percentage of frequently exposed to sophisticated phishing and
training platform helps organizations address the human element of security by raising
Description your users through a free simulated phishing attack ransomware attacks.
awareness of ransomware, CEO fraud and other social engineering tactics through a new-
school approach to security awareness training, enabling employees to make better security Train Your Users
decisions to control both their organization's and personal security.
The world's largest library of security awareness training content;
including interactive modules, videos, games, posters and
newsletters. Automated training campaigns with scheduled
reminder emails
Founders /
Management Phish Your Users
Best-in-class, fully automated simulated phishing attacks,
Stu Sjouwerman Alin Irimie Kevin Mitnick Lars Letonoff
CEO & Co-Founder CTO Chief Hacking Officer Chief Revenue Officer hundreds of templates with unlimited usage, and community
phishing templates
Founded 2010
See The Results
HQ Clearwater, Florida
Enterprise-strength reporting, showing stats and graphs for both
Total Amt. Raised $43.2M training and phishing, ready for management

Product Features Funding Summary

Date Stage Amount Raised ($M) Selected Investors

Oct 2017 Series B $30.0

Unlimited New Smart Custom Phishing Simulated Detailed Crypto-Ransom


Use Groups & Landing Pages Attachments Reporting Guarantee Feb 2016 Series A $13.2

Source: Company Press Release and Website, Pitchbook, and Capital IQ.
173
Raises $8.3M In Series A Financing.

Company Overview Product Overview


Averon provides a fully automated mobile authentication platform that requires zero Lock / Unlock
Direct Autonomous Authentication™ (DAA™)
installations and no involvement by end users. Averon's Direct Autonomous Provides instant, frictionless authentication that Ultra-secure identity authentication
Authentication™ (DAA™) is an API solution that securely confirms user identity via real- is the easiest, fastest & most secure identity protects digital locks for home, auto &
Description time mobile network signaling, carrier data packets, and verifying SIM/eSIM as “Chip verification solution tech
Present” to instantly authenticate connected devices. Use cases for Averon include: Averon Provides Authentication Solutions For Many Verticals
securing mobile payments, decreasing friction in blockchain transactions, detecting fraud
at checkout, protecting logins from password hacks, & managing role-based cloud access. ▪ FinTech validation solutions eliminate fraudulent activity for credit cards
Banking & FinTech ▪ Blockchain solutions integrate seamlessly for any blockchain-related transactions
and validations

Founders / ▪ Easily prevent hackers from taking over your car


Smart Vehicles
Management ▪ Ultra-secure vehicle access from mobile devices / verify out-of-band proximity
Wendell Brown Leo Tarnowski Taro Gold Aaron Mahone Kevin Shen
Founder & CEO COO & President Chief Creative Officer Director, Ops & Growth Manager ▪ Instantly form-fill purchases; never type your data again
Finance E-Commerce ▪ Automatically and invisibly prevent fraudulent activity with zero effort by end
users
Founded 2014
▪ Averon helps authenticate your digital locks for home, auto, and tech
HQ San Francisco, CA Smart Locks & IoT ▪ The safest, easiest way to secure access to connected devices: front doors,
Total Amt. Raised $8.3M routers, connected cars, and more

Recognized By ▪ Hassle-free authentication that goes beyond 2-factor codes and legacy
Online Accounts
username / passwords
Only Averon
uses real-time ▪ Streamlines & secures user & access management protocols for mission-critical
Government applications and sensitive data, resulting in improved usability and a simplified
carrier path to meet and exceed government security standards
signaling &
requires zero Funding Summary
effort by users
Date Stage Amount Raised ($M) Selected Investors
Oct 2017 Series A $8.3

Source: Company Press Release and Website, Pitchbook, and Capital IQ.
174
Raises $30.0M In Series C Financing.

Company Overview Contrast Security Product Overview


Description Contrast Security is a developer of application security software designed to protect
Development Security Operations
against cyber-attacks. The company's application security software offers sensors that work
actively inside applications to uncover vulnerabilities, prevent data breaches, and secure Automatic, Continuous & Always Watching. Always Ready. Scale to Make Every App in Portfolio
Incredibly Accurate Self-Protecting
the entire enterprise with highly accurate assessment and always-on protection of an Automated tool that enables anyone Inject an intelligent Contrast Agent It‘s critical that it be able to identify
entire application portfolio, without disruptive scanning or expensive security experts, in software engineering to do their into your system providing security its own vulnerabilities, identify
enabling users to prevent hackers from stealing data via Web applications. own application security analysis teams visibility throughout the entire attacks, and protect itself
and remediate vulnerabilities application lifecycle

Add The Contrast Agent To Any Application Server & It Starts Working Within Minutes. The Agent Reports To
Founders / The Contrast Teamserver, Available Either As Cloud Service Or Deployed On-premise.
Management
Arshan Dabirshiaghi Real-Time Vulnerability Detection & Expert
Alan P. Naumann
Jeff Williams Surag Patel Mike Keating Attack Protection
President & CEO
Co-Founder & CTO Co-Founder, Chief Chief Strategy Officer Vice President of Sales Guidance
Scientist

Founded 2014 Attack Visibility Software Supply Chain Analysis


HQ Los Altos, California
Total Amt. Raised $54.6M Portfolio Class Scalability Agile Speed & Seamless Automation

Contrast Fully Integrates Vulnerability Assessment with Attack Monitoring & SaaS or On-Site Deployment Non-Intrusive Agent
Protection into One Seamless Solution
Funding Summary
Date Stage Amount Raised ($M) Selected Investors
Application Risk Analytics & Visibility

Run-time Custom Code & Library Analytics Oct 2017 Series C $30.0

Highly Accurate Vulnerability Detection


Sep 2016 Series B $16.0
Detect Attacks & Deploy Protections
Jun 2014 Series A $8.6

Source: Company Press Release and Website, Pitchbook, and Capital IQ.
175
Raises $70.0M In Series C Financing.

Company Overview Product Overview


Duo Security is a provider of cloud-based internet security services designed to protect Duo’s Trusted Access platform ensures only Trusted Users and Trusted Devices can access
organizations against data breaches. The company's internet security services provide an protected applications. We verify the identity of your users and the health of their devices
Description authentication and mobile security software which is used to prevent online account before they connect to the applications you want them to access.
takeover, credential theft and application breaches, enabling businesses to protect their
sensitive and confidential data and applications.
Trusted Users Trusted Devices Every Application

Verify identity, enable Duo checks for out-of-date Limit access to all on-premises
enforcement of stronger user software and missing security and cloud-based applications
Founders / access policies controls based on type of user & device
Management
Two-Factor Endpoint Single
Dug Song Jon Oberheide Paul DiMarzo Raffaele Mautone
Authentication Remediation Sign-On
Chester Kustarz
CEO CTO CFO VP, Engineering CIO Strengthened security by Allows client to block risky
devices from accessing data and Lets users log in only once to
requiring two methods of ID securely access all of their
Founded 2010 apps, and allows them to notify
verification: something you enterprise cloud applications
HQ Ann Arbor, Michigan, United States know, plus something you have and/or require users to update
devices at login
Total Amt. Raised $119.8M

Duo’s comprehensive security solution confirms the Funding Summary


identity of users and health of their devices before they Technology Application Partners Date Stage Amount Raised ($M) Selected Investors
connect to your applications.
Oct 2017 Series D $70.0

Apr 2016 Grant $2.5 -

Apr 2015 Series C $30.0


Education Federal Healthcare
Sep 2014 Series B $12.8

Feb 2012 Series A $6.0

Legal Retail Technology Aug 2010 Seed $1.0

Source: Company Press Release and Website, Pitchbook, and Capital IQ.
176
Raises $50.0M In Series C Financing.

Company Overview Feedzai Agile Machine Learning


Feedzai is a provider of machine learning platform designed to help process large CORE Banking Risk Acquiring Risk Merchant Risk
PRODUCTS
volumes of data with low latency producing actionable information in real time. The
Description company's machine learning platform applies machine learning technology to large data CASE Dashboard & Reporting Alerts & Analytics
MANAGER
sets to detect anomalies and highlight potential cases of fraud associated with banking and
MASTER DATA SEGMENT-OF- DATA SCIENCE MACHINE REAL-TIME
shopping, enabling users to prevent fraud. MODELER ONE PROFILE DESIGN LEARNING DECISION
ENGINE STUDIO ENGINE ENGINE
RISK ENGINE Easily transforms 360 degree View Unified Creation, Processing
and ingests of Every Entry, management simulation. Rules events and
multiple data Customer, or and support of Engine monitors transactions in
Founders / streams & fraud Account Data Science compliance and milliseconds
insights Loop business rules.
Management
Nuno Sebastião Paulo Marques Pedro Bizarro Jim Priestley
CEO & Co- CTO & Co- Chief Science Chief Revenue CONNECTORS Integration Connectors and APIs (REST, IS008583, JMS, Socket)
Founder Founder Officer Officer
High Disaster Multi- Ops Dev Tools
CORE SYSTEM Security Administration
Founded 2008 Availability Recovery Tenancy Tools &SDK

HQ San Mateo, CA TECHNOLOGY


Total Amt. Raised $82.0M
Funding Summary
Feedzai Deployment Date Stage Amount Raised ($M) Selected Investors

Oct 2017 $50.0


On-Premises Cloud Hybrid Series C

Oct 2016 Venture $10.5


Control the ability to Choose to host certain
Run Feedzai’s platform
scale as needs change applications in the
on internal servers under May 2015 Series B $17.5
with a cloud cloud and other core
your control. House your
deployment, removing systems on-premises for
data internally with a Feb 2013 Series A $2.4
the burden of a combined
scalable, extensible
maintenance from your deployment approach.
solution.
internal resources. May 2011 Seed $1.6

Source: Company Press Release and Website, Pitchbook, and Capital IQ.
177
Raises $27.5M In Series C Financing.

Company Overview SecurityScorecard Platform


SecurityScorecard is a provider of a security rating platform designed to empower every
Vendor Risk SecurityScorecard provides instant visibility into the security posture of
organization with collaborative security intelligence. The company's platform provides
Management vendors and business partners across the entire ecosystem
CISOs, security practitioners, risk management professionals and boards of directors with
a comprehensive outside-in view of the security posture of their entire ecosystem,
Description including their own IT infrastructure as well as their third and fourth-party vendors and Threat Collect and analyze threat signals from across the globe to deliver the most
continuously monitors the security posture of enterprises and government agencies across Reconnaissance accurate security ratings and detailed findings possible
the globe and evaluates them based on hundreds of indicators of compromise to assign an
A to F rating, enabling enterprises to gain visibility and control across their IT ecosystem Empower organizations to discover, monitor, and report on the cyberhealth
Self Assessment
and solve mission-critical, cybersecurity issues in a transparent way. of IT infrastructure from the outside in – to see what a hacker does

Empower enterprises to take control of their risk profiles while giving


Cyber Insurance
insurers visibility into the cyberhealth of their policyholders
Founders /
Management
Mergers & Help investors avoid getting blindsided by hidden risks and compliance
Sam Kassoumeh Bill Siegel Jasson Casey Alexander Heid
Aleksandr Yampolskiy
COO & Co-Founder CFO CTO & SVP CRO
Acquisitions issues associated with M&A targets.
CEO & Founder
Engineering

Founded 2013 Help organizations prove and maintain compliance with leading standards
Compliance
and regulations including PCI, NIST, SOX, GDPR, and many others
HQ New York, NY
Total Amt. Raised $63.4M
Funding Summary
SecurityScorecard Customers Date Stage Amount Raised ($M) Selected Investors

Oct 2017 Series C $27.5

Jun 2016 Series B $20.0

Apr 2015 Series A $13.7

Jan 2014 Seed $2.2

Source: Company Press Release and Website, Pitchbook, and Capital IQ.
178
Raises $21.0M In Series C Financing.

Company Overview Product Overview


Attivo Networks provides dynamic deception technology, which in real-time detects The Attivo Solution
intrusions inside the network, data center, and cloud before the data is breached. The ThreatDefend Deception and Response Platform
Leveraging high-interaction deception techniques, the Attivo BOTsink Solution lures is designed to make the entire network a trap and to
force the attacker to have to be right 100% of the
BOTs/APTs to reveal themselves, without generating false positives. Designed for
Description time or risk being discovered. The solution combines
efficiency, there are no dependencies on signatures, database lookup or heavy distributed, high-interaction deception lures and
computation to detect and defend against cyber threats. Attivo solutions capture full decoys designed to provide early visibility into in-
forensics and provide the threat intelligence to shut down current and protect against network threats, efficient continuous threat
future attacks. management, and accelerated incident response
Comprehensive Reduction of Attack Deception Improve Incident Identify and Defend Your Network
Deception & Decoy Detection Time Authenticity Response with Understand the Reporting and
Make the Entire Prevent Data Camouflage for Actionable Alerts Methods and Intent of Automations to Block
Founders / Network a Trap to Exfiltration Dynamic Behavioral Substantiated Alerts Hackers Attacks and
Confuse and Misdirect Deception Based on Attacker Analysis and Forensics Quarantine Devices
Management Attackers into Engagement: No False
Tushar Kothari Mano Murthy B.J. Shanker Ashok Shah Carolyn Crandall Venu Vissamsetty Revealing Themselves Positives
CEO Co-Founder & Co-Founder & CFO & CMO VP, Security
EVP VP, Operations VP, Finance Research
Popular Use Cases
Founded 2011
Lateral Movement Detection Exposed Credential & Attack Path Assessment Man-in-the-Middle
HQ Fremont, California
Insider, 3rd Party, Acquisition Integration Stolen Credential Ransomware Phishing
Total Amt. Raised $46.9M
Specialized Environments: IoT, PoS, SCADA Cloud & Data Center Security Incident Response
Platform Solutions Industry Solutions
Funding Summary
Threat Detection Cloud Detection Specialty Detection Financial Date Stage Amount Raised ($M) Selected Investors
Energy Healthcare
Deception and decoy These include AWS, in These include Services
solutions provide an which the Attivo deception for ICS- Oct 2017 Series C $21.0
additional line of deception platform uses SCADA Network
defense to address the deception techniques to protection, point-of-
May 2017 Series B $15.0
situations where provide visibility to inside sales attack system, first
attackers have bypassed the data center threats. deception-based threat Retail Government High Tech
prevention security Open Stack integration detection platform for Apr 2015 Series A $8.0
systems and real-time provides efficient and IoT & distributed
notification of inside effective detection of deception platforms for
the network threats is network threats for automated incident Jul 2014 Seed $2.9 Undisclosed
required virtualized SDDC handling

Source: Company Press Release and Website, Pitchbook, and Capital IQ.
179
Raises $27.0M In Series B Financing.

Company Overview Bastille’s Technology Overview


Description Bastille is a pioneering Internet of Radios (Mobile, IoT, and BYOD) security company.
There are 3 areas of technology across which Bastille has 14 patents approved and pending.
Bastille's patented technology combines hardware and software to offer enterprises
These technologies permit Bastille to SENSE, IDENTIFY & LOCALIZE threats as follows:
identification, threat detection and location awareness for radio-enabled devices.
Enterprise organizations use Bastille to accurately assess security threats from radio- Sense Identify Localize
enabled devices such as mobile phones and the growing number of Interned-enabled, but
not Internet-secured IoT devices. ▪ Collaborative Bandit Sensing is ▪ Bayesian Device Fingerprinting is a ▪ Distributed Tomographic
Bastille’s patent pending technology suite of patent pending technology Localization is Bastille’s patent
to quickly and accurately scan the that Bastille uses to detect and pending technology to provide
spectrum for emitters and threats identify devices in an Enterprise actionable position information of
Founders / airspace all emitters in your corporate
▪ Collaborative Bandit Sensing utilizes
Management airspace.
a variant of the Multi-Armed Bandit ▪ Bayesian Device Fingerprinting
Chris Risley Bob Baxley Christian Sepulveda Mike Engle Betty Kayton (MAB) problem to allocate sensor relies on Probabilistic Graph Models ▪ Bastille uses passive Radio
CEO Chief Engineer VP, Engineering VP, Business CFO time watching various parts of the of possible device characteristics to Tomography in the corporate
Development
spectrum track and estimate device meta- airspace to account for the location
Founded 2014 information of walls
▪ Bastille has combined a stochastic
HQ San Francisco, CA model of the signal environment, an ▪ Bastille Enterprise can resolve ▪ This allows Bastille to locate radio
array of intelligent distributed search emitter, device, and people-device emitters much more accurately than
Total Amt. Raised $43.3M algorithms, and collaborative entities to produce never-before- other technologies to 1 meter of
optimization based on gossiping seen situational awareness of your accuracy
Security For The Internet of Radios algorithms RF & physical space

Scan Compile Data Research Funding Summary: $43.3M


Date Stage Amount Raised ($M) Selected Investors
Bastille’s technology scans the This data is gathered & stored, The Bastille Research Team
entire radio spectrum, & mapped to understand proactively monitors for new Sep 2017 Series B $27.0
identifying devices on what devices are transmitting radio-borne threats. Their
frequencies from 60MHz to data from your corporate breakthrough research and Aug 2015 Series A $13.8 Thomas Noonan
6GHz airspace discoveries help to keep the larger
ecosystem safe Jan 2015 Angel $2.5 John Huntz Thomas Noonan David Cowan

Source: Company Press Release and Website, Pitchbook, and Capital IQ.
180
Raises $26.0M In Series C Financing.

Company Overview Digital Shadows SearchLight™


Digital Shadows is a provider of cyber monitoring services designed to improve cyber DIGITAL SHADOWS SEARCHLIGHT™
situational awareness. The company's cyber-monitoring services combine scalable data The SearchLight service combines scalable data analytics with human data analysts to manage and
mitigate digital risks.
Description analytics with human data analysts to manage and mitigate digital risks, enabling Directory
organizations to get insight of external digital risks and offer protection against cyber- Services
attacks, loss of intellectual property, loss of brand and reputational integrity.
Extensive Coverage Relevant Threat Intelligence Human In The Loop

Founders / Monitor widest range of sources A register of key assets that Intelligence operations analysts lift
Management across the visible, deep, and dark uniquely define organizations, signal from noise, strip out false
web. Identify a variety of digital subsidiaries and supply chains alarms & send priority cases, thus
risks, including cyber threats, data drives intelligence machinery saving time & money
Alastair Paterson James Chappell Daniel Moskowitz Daniel Lowden Rick Holland
CEO and Co-Founder CTO & Co-Founder CFO CMO VP, Strategy
exposure, & reputational risks

Assessment, Setup & Managed Takedown


Founded 2011 Monitor & Mitigate

Digital Shadows
Configuration Service

Approach
HQ San Francisco, CA & London, United Kingdom
Understand what is important and Continuously monitor organization’s Enables swift action, to help
Total Amt. Raised $48.5M create a tailored configuration to digital shadow, identifying incidents minimize the loss of revenue,
tune SearchLight to meet your as they occur, delivering only brand damage, loss of
needs relevant alerts and reports customer trust & data
Digital Shadows Features
Funding Summary
Tailored Threat Intelligence Identification of Data Exposure Typosquatting Identification Date Stage Amount Raised ($M) Selected Investors

Sep 2017 Series C $26.0

Dark Web Search Mobile App Monitoring Credential Compromise Real-Time Alerts Feb 2016 Series B $14.0

Feb 2015 Series A $8.0


Malicious Actor Assessment Customizable Reporting Easy Integration
Dec 2012
Seed $0.5
& Sept 2013

Source: Company Press Release and Website, Pitchbook, and Capital IQ.
181
Raises $29.0M In Series A Financing.

Company Overview Securonix Security Intelligence Platform Overview


Description Securonix is working to radically transform all areas of data security with actionable
security intelligence. Securonix’s advanced security analytics technology mines, enriches, Highlights
analyzes, scores and visualizes customer data into actionable intelligence on the highest ▪ Delivers real-time security intelligence to
risk threats from within and outside their environment. Using signature-less anomaly security, IT, business and key security
detection techniques that track users, account and system behavior, Securonix is able to systems
detect the most advanced insider threats, data security and fraud attacks automatically
▪ Detects insider threats and APTs through
and accurately. Customers are able to address the most basic and complex needs around signature-less behavior and outlier
advanced persistent threat detection & monitoring, high privileged activity monitoring, analysis
enterprise & web fraud detection, application risk monitoring & access risk management.
▪ Immediate ROI in risk and cost reduction
for security programs across DLP, SIEM,
IAM, PAM, DAM, and Enterprise or
Founders / Cloud Application Security Management
Management
Tanuj Gulati Chris Bell Nanda Santhana Chris Ostertag
Solutions Security Systems
Sachin Nayyar
CEO CTO COO SVP, Cyber Solutions Senior VP, Sales
Data Exfiltration
DLP
Intelligence
Founded 2008
High Privileged Account
HQ Los Angeles, California PAM
Intelligence
Total Amt. Raised $29.0M Application Security
WAC / AAC
Intelligence
Security Intelligence Solutions Access Intelligence IAM

Insider Threat Management Identity & Access Analytics Privileged Account Analytics Cyber Event Intelligence SIEM

▪ Data theft detection and ▪ Cleanup rogue access ▪ Continuous real-time Funding Summary
prevention privileges privileged account
▪ Fraud detection and ▪ Risk-based access reviews Analytics Date Stage Amount Raised ($M) Selected Investors
prevention ▪ Risk-based access ▪ Service account abuse
▪ VIP snooping detection and certifications monitoring
Sep 2017 Series A $29.0
prevention ▪ Risk-based access requests ▪ Securonix for Lieberman

Source: Company Press Release and Website, Pitchbook, and Capital IQ.
182
Raises $25.0M In Series B Financing.

Company Overview Product Overview


Aqua Security provides a container security platform that delivers an advanced security Enforce Security Deploy Anywhere
Integrate Security
Policies in On-Demand or in
solution for containerized environments, supporting both Linux and Windows containers, Into Your DevOps
Containerized The Cloud
multiple orchestration environments, both on-premises deployments as well as on AWS, Pipeline
Applications
Description
Azure, GCP, and other public clouds. Integrating early into container development, Aqua
then uses a combination of intelligent defaults, machine learning, and threat research to Aqua Security Architecture Auditing & Compliance
▪ Logs every container and user activity
provide full life cycle security for container-based applications. ▪ Securely manages container access to
‘secrets’ across orchestrators
▪ Integrates with SIEM, monitoring and
analytics tools

Founders / Automated Security


▪ Machine learning of legitimate container
Management behavior, based on application context
Dror Davidoff Amir Jerbi Upesh Patel Michael Cherny Shahar Man ▪ Container-specific role-based user
CEO & Co- CTO & Co- VP, Business Head, Security VP, R&D permissions
Founder Founder Development Research ▪ Validates host hardening best practices

Founded 2015 Runtime Protection


HQ Ramat Gan, Tel Aviv ▪ Container activity monitoring in real-time
▪ Network nano-segmentation based on
Total Amt. Raised $38.3M application context
▪ Detects and prevents exploits and
Strategic Technology Partners Container Management malicious activity

Funding Summary
Date Stage Amount Raised ($M) Selected Investors

Sept 2017 Series B $25.0

Sept 2016 Series A $9.0

Oct 2015 Seed $4.3 Shlomo Kramer

Source: Company Press Release and Website, Pitchbook, and Capital IQ.
183
Raises $45.0M In Series C Financing.

Company Overview Threat Stack Platform Overview


Threat Stack is a developer of a SaaS based intrusion detection platform designed to
Threat Stack provides an integrated platform of detection and assessment tools into a single,
provide insights about enterprise cloud environments. The company's intrusion detection unified interface offering unmatched visibility, compliance, and data safety
platform empowers security and operations to manage risk and compliance across entire
Description
infrastructure, including cloud, hybrid cloud, multi-cloud and containerized Real-Time Host Monitoring Configuration Auditing Continuous Compliance
environments, enabling enterprises to identify and verify insider threats, external attacks Conduct behavior-based Scan AWS configurations to Meet PCI, HIPAA, SOC II, SOX
monitoring & immediately ensure the proper security 404, and ISO 27001, and
and data loss in real time.
detect suspicious events settings are in place & enabled, customer requirements using
while achieving an accurate out-of-the-box rules sets.
security baseline
Founders / Workflow Integrations Threat Intelligence Vulnerability Assessment
Management Out-of-the-box integrations with Correlation Detect systems & packages
Brian Ahern Jim
Sam Bisbee Kevin Durkin Chris Gervais popular configuration containing known vulnerabilities
Chairman & McDonough Threat Stack monitors
CSO CFO VP, Engineering
CEO VP, Sales management and alerting tools connections to known bad & cross-reference against more
allow you to seamlessly bring addresses, and alerts than two million identified CVEs
Founded 2012 security best practices into immediately when these to automatically categorize
HQ Boston, MA existing DevOps connections occur them according to security risk
Total Amt. Raised $72.4M
Funding Summary
Connect Threat Stack to Your Existing Solution Date Stage Amount Raised ($M) Selected Investors

Sep 2017 Series C $45.0


Threat Stack’s API is designed to have predictable, resource-oriented URL and Response
Codes. Common use cases of Threat Stack’s API include: Apr 2016 Series B $15.4

Aug 2015 Series A1 $7.9


Policies Alerts Agents
Apr 2014 Series A $2.8
Saving your policies in source Pulling Threat Stack alerts into Keeping a record of all the
code management for your organization’s logging deployed agents to audit which Oct 2013 Seed $1.2
collaboration and sharing infrastructure or SIEM parts of your infrastructure
were protected and when Jan 2013 Accelerator $0.2

Source: Company Press Release and Website, Pitchbook, and Capital IQ.
184
Raises $88.0M In Series D Financing.

Company Overview ForgeRock Identity Platform


ForgeRock is a digital identity management company that facilitates secure organizational Securely connects people, devices, and things, so everyone and everything can
interaction with customers, employees, devices, & things. The ForgeRock Identity interact in the IoT world
Platform™ is a digital identity system of record used to monetize customer relationships,
Description address stringent regulations for privacy and consent (GDPR, HIPAA, FCC privacy), & Access Identity Identity Directory
leverage the internet of things. With offices across Europe, the USA, and Asia, ForgeRock Management Management Gateway Services
serves hundreds of brands, including Morningstar, Vodafone, GEICO, Toyota, as well as Authentication and Application & Service
Identity Provisioning Data Store
governments like Norway, Canada, and Belgium, securing billions of identities worldwide. Strong Authentication Gateway

Authorization and
Workflow Engine IoT Identity Gateway High Availability
UMA Provider
Founders /
Management
Self-Service & Profile Password Capture &
Mike Ellis Lasse Andresen John Fernandez Jeff Scheel Steve White Adaptive Risk Data Segmentation
Management Replay
Chairman & CTO & Co- CFO & EVP SVP Global Biz & VP Chief Security
CEO Founder Global Ops Corp Dev Officer

Founded 2009 Federation/SSO Synchronization UMA Protector LDAP/REST

HQ San Francisco, CA
Total Amt. Raised $140.2M in 4 Rounds Social Reregistration Federated Service
Social Sign-On Directory Proxy
and Authentication Provider
Industry-Agnostic Solutions
Funding Summary: $140.2M
Date Stage Amount Raised ($M) Selected Investors

Sep 2017 Series D $88.0


Healthcare Finance Retail Telecom Government
Jun 2014 Series C $29.9
ForgeRock: One Identity Platform for Everything From CIAM to IoT
Customers GDPR Privacy Apr 2013 Series B $15.0
Cloud, IoT, Mobile – Protect digital Address GDPR & privacy. Designed Protect & respect privacy. Let
identities & consolidate customer info to support digital transformation customers share data selectively Mar 2012 Series A $7.3
for personalized customer experiences initiatives at scale

Source: Company Press Release and Website, Pitchbook, and Capital IQ.
185
Raises $40.0M In Series B Financing.

Company Overview Product Overview


Qadium is a cybersecurity company that continually monitors the device layer of the Expander is visualization and analysis software that provides complete visibility into and
Internet. Using patented technologies and state-of-the-art tools in deep data structuring actionable insights about your true network boundary to mitigate information security risks
Description and analytics, Qadium’s Global Internet Sensing platform collects data from the world's
Internet connected devices, turns that data into knowledge, and organizes it to help Global Internet Scanning Reporting
Hourly Internet-scale data refreshes enable Digests deliver actionable insights for
organizations understand and secure their networks. real-time visibility into and actionable clients’ users at all levels ranging from
insights about client networks analysts to the board of directors

Founders / Digital Asset Map Instant Value


Management A browser-based network graph view, Deliver instant value with a highly intuitive
provides an easy-to-understand, 100% user interface, SaaS delivery model, and
Dr. Tim Junio Dr. Matt Kraning Leon Rishniw Greg Toto Dan Quinlan agentless technology that requires no user
explainable and defensible view of all of
CEO, Chairman, CTO, Director, VP, Engineering VP, Product VP, Finance
Co-Founder Co-Founder client’s assets on the public Internet input, on-site installation, or privileged access

Founded 2012
Continual Monitoring API Access
HQ San Francisco, CA
Continual monitoring ensures that clients API access enables us to deliver better
Total Amt. Raised $66.0M are aware of their true network boundary insights straight into your cybersecurity
and alerted to changes at any given time workflows and tools in real time
Understanding Your True Network Boundary – Why Qadium?
Core Networks Shadow IT Third Party Hosting Funding Summary
Large Organizations don’t know Employees often violate Infrastructure managed by 3rd Date Stage Amount Raised ($M) Selected Investors
their full surface area & rarely corporate policy in good faith parties and cloud pose challenges
Aug 2017 Series B $40.0
conduct IP ranges for central IT monitoring

Merger & Acquisition Leaked Internal Assets IoT Devices Jun 2016 Series A $23.3

M&A events involve opaque, labor Perimeter security Large organizations unknowingly
Aug 2015 Seed $6.0
intensive IT integration processes misconfigurations routinely result expose to public their IoT assets
with incomplete, asset lists in organizations placing internal like building automation devices, Jan 2012 &
Grant $1.2
assets on the web teleconferencing equipment, etc. Jan 2014

Source: Company Press Release and Website, Pitchbook, and Capital IQ.
186
Raises $26.3M In Series D Financing.

Company Overview Product Overview


LookingGlass provides a portfolio of threat intelligence services, threat data feeds in the Threat Intelligence Services Machine-Readable Threat Intelligence
form of machine readable threat intelligence, a threat intelligence platform with 100+ Augment Security Team With Specialized Analysts Automated & Enriched High Quality Threat Data
sources of threat and global Internet data analyzed and transformed into threat
▪ Threat Analysis –human review of all captured material, Protects against active threats:
Description intelligence, and network mitigation capabilities enable our intelligence-driven approach alerts when threat indicators are found ▪ Malicious IP addresses & domain names
to be proactively leveraged by clients. They address the full spectrum of threats including ▪ Response & Takedown Services – Track & report ▪ Links to legitimate websites that are compromised
structured threats and Indicators of Compromise, unstructured and open source (OSINT) removal of undesirable content, websites and apps
▪ Command and control (C2) infrastructure
risk data, internal network telemetry, physical threats, and mitigation options. ▪ Special Investigations Unit – Provides assessments of
▪ Active malware campaigns & variants
threats & handles disclosure of sensitive data

Threat Intelligence Platforms Threat Mitigation


Aggregate, Score & Prioritize Volumes of Threat Intelligence Operationalize Threat Intelligence & Automate Defense
Founders /
Management ▪ ScoutPrime™ - Workflows to contextualize actionable ▪ ScoutShield™ - automatically blocking known phishing,
intelligence through customized scoring & alerts malware, and malicious command and control domains.
Chris Coleman Stewart Curley Allan Thomson Pete Agresta Dave Horn
CEO CFO CTO CRO VP, Engineering ▪ ScoutVision™ - Identify & manage threats to internal ▪ NetDefender™ - Immediately stop attacks entering your
assets & 3rd parties organization's network at line speeds
Founded 2006 ▪ NetSentry™- Detect malicious traffic at network speeds.
▪ Cyber Threat Center™- Cloud platform to monitor open
HQ Reston, VA source data ▪ DNS Defender™- Protect against DNS manipulation
Total Amt. Raised $103.8M
Funding Summary
Acquisition Summary Date Stage Amount Raised ($M) Selected Investors
Date Company TV Description
Aug 2017 Series D $26.3
Cyveillance is a threat intelligence management platform that
Dec 2015 $35M
transformed internet data into threat intelligence
Dec 2015 Series C $50.0
K&A is an IT security company operating Virus Tracker, the
Jul 2015 NA
worlds largest botnet monitoring system Mar 2015 Series B $20.0
CloudShield provides IP service control and infrastructure
Mar 2015 NA protection solutions on network and content processing Apr 2013 Series A $7.5
platforms

Source: Company Press Release and Website, Pitchbook, and Capital IQ.
187
Raises $80.0M In Late Stage VC Financing.
Company Overview Data Management-as-a-Service
Druva is a provider of data protection and IT-governance technology that is designed to Data Protection Data Governance Data Intelligence
create centralized data sets for an organization’s information. The company combines
Description data from endpoints, servers, and cloud applications into a single repository through its
data-management-as-a-service platform – allowing for centrally managed backup, data
protection, governance, and recovery.
▪ Backup, availability, disaster ▪ Enables archive, compliance, ▪ Predictive early assessment, data
recovery and workload mobility eDiscovery, and Data forensics, and information
▪ Ensures data is available and sovereignty lifecycle management
recoverable ▪ Simplifies process of data
Founders /
compliance
Management
Jaspreet Singh Mahesh Patel Milind Borate Mike Gustafson Matthew Morgan Funding Summary
CEO CFO CTO Executive Chairman CMO
Date Stage Amount Raised ($M) Selected Investors
Founded 2007
HQ Sunnyvale, California Aug 2017 Late Stage VC $80.0
Total Amt. Raised $198.0M

Sep 2016 Series E $51.0


Selected Clients
Aug 2014 Series D $25.0

Oct 2013 Series C $25.0

Aug 2011 Series B $12.0

Apr 2010 Series A $5.0

Jan 2008 Seed Undisclosed

Source: Company Press Release and Website, Pitchbook, and Capital IQ.
188
Raises $12.7M In Series C Funding.

Company Overview Product Overview


Versive automates the combination of AI and human intuition in order to comprehend
The Versive Security Engine detects suspicious behaviors in your environment and uses
system norms, detect suspicious behavior based on an understanding of the adversary
adaptive machine learning from the Versive Platform to correlate these behaviors
campaign lifestyle, and build threat cases before allowing users to view results. The
Description
platform continually learns about device behaviors, and deploys that understanding in its
Benefits of The Versive Approach: AI + Human Intuition, Automated
platform. The Versive AI Platform was developed in order to provide large enterprises with
solutions before serious cyberattacks comes to fruition. Automatically Customized Human Expertise
to Environment: Knowledge from hackers is built into
Trained on your actual data, making the product, combining machine
Founders / the system highly accurate, power with decades of cyber learning
Management customized to your network, & for unmatched insight
Joseph Polverari Ashley Fidler
impossible to deceive
Dustin Rigg Hillard Greg Smithies Jeff Feinstein
CEO VP, Engineering VP, Finance VP, Sales Sr. Director, Product
Management
Constant Improvement:
High Accuracy, No Noise:
Founded 2012 As your environment grows and
If sent a high-value Threat Case,
HQ Seattle, Washington changes, the VSE evolves and grows
it warrants immediate
smarter automatically, thanks to the
Total Amt. Raised $64.2M investigation
adaptive machine learning
How The Versive Security Engine Works Funding Summary
Date Stage Amount Raised ($M) Selected Investors
Aug 2017 Series C $12.7

Aug 2016 Debt $7.0

Sept 2014 Series B-1 $13.6

May 2014 Series B $21.0


Suspicious Behavior
Baselining Build Threat Cases Deliver Results
Detection Jul 2013 Series A $7.0
Learn what constitutes Based on correlation with Mapped connections across Results can be viewed in
normal behavior in specific adversary behavior profiles network & time yield convenient UI or as data Jun & Nov 2012 Seed $2.8
environment visualized threats in the API

Source: Company Press Release and Website, Pitchbook, and Capital IQ.
189
Raises $21.7M In Series B Financing.

Company Overview Product Overview


Description ZingBox develops an enterprise Internet of Things (IoT) security solution to discover and
ZingBox takes an IoT personality-based approach to discover, detect, & defend IoT infrastructure
protect connected equipment. Zingbox uses Deep Learning to develop profiles for IoT
devices, such that irregularities are quickly detected, and a defense strategy can be
Discover Detect Defend
executed. Zingbox’s cloud-based architecture allows for scalability for large networks. It is
Analyzes devices to build unique Immediately detects potential Tailored recommendations for
currently deployed mainly among hospitals, companies, and manufacturing facilities with
profile based on regular actions threats—profile irregularities security defense solutions
IoT security.

Security Posture Device Personality Real Time


Identifies, Classifies, Actively Learns device’s unique Constant monitoring of
Manages IoT Inventory personality and profile devices and collections

Founders /
Management
Actionable IoT
Xu Zou May Wang Jianlin Zeng Mayuresh Ektare Giancarlo Chavez Self-Learning Deep Learning Intelligence
CEO & CTO & VP, Engineering & VP, Product Head, Sales Uses AI and Deep Completely unsupervised Leverages existing
Co-Founder Co-Founder Co-Founder Management Learning Algorithms Deep Learning network and security
infrastructure
Founded 2014
HQ Mountain View, CA
Risk Exposure Trusted Behavior
Total Amt. Raised $31.9M Non-Disruptive Organization-level risk
Enforces acceptable behavior
Agentless, Seamless consistent with each device’s
assessment
profile
ZingBox IoT Guardian
50 TB of IoT traffic Seamless and Non-Disruptive
analyzed everyday The FIRST IoT security solution to eliminate the Funding Summary
cost & complexity of software agents Date Stage Amount Raised ($M) Selected Investors
Smart & Self-Learning
The ONLY unsupervised Deep Learning solution Aug 2017 Series B $21.7
to discern the individual personality of device
2.5 PB of total IoT Nov 2015 Series A $8.0
traffic analyzed to Service Protection
The industry’s FIRST solution to protect IoT
date services – not just data
Dec 2014 Seed $2.2

Source: Company Press Release and Website, Pitchbook, and Capital IQ.
190
Raises $10.0M In Series A Financing.

Company Overview Product Overview


Dragos is an industrial cybersecurity company focused on some of the community's Dragos Threat Corporate IT & OT
The Dragos Platform is the Operations Analysis Security Teams
hardest problems. The ecosystem the team has built is specifically tailored for industrial
heart of the Dragos
environments such as those found in industrial control system (ICS), Supervisory Control ecosystem. The software
Description
and Data Acquisition (SCADA), and Distributed Control System (DCS) environments. It’s codifies & automates insights
software platform and services help operators protect infrastructure sites such as power from on-the-ground experts 3rd Party
who have spent decades Systems
grids, water distribution sites, oil refineries, gas pipelines, manufacturing, and more.
responding to the world’s
Dragos
most complex threats on a Intelligence
global, national, & local level
Founders /
Management Data Pipeline Core Models WorkFlow Automation Workbench
Robert Lee Jon Lavender Justin Cavinee Tom Leuchtner Sergio Caltagirone Ben Miller 3 Modules work together to Provides playbooks for Consolidates security activity
CEO CTO Chief Data VP, Product Mgmt. Director, Threat Director, Threat Feeds critical information
manage ICS, detect threats, automating & orchestrating & serves as a case mgmt.
Scientist & Strategy Intelligence Operations into pipeline
& streamline operations security & compliance system for investigations
Founded 2016 ▪ Identify up to hundreds ▪ Maps out and visualizes ▪ Increase analyst efficiency ▪ Complete context for
of thousands of assets all network-connected security events
HQ Fulton, Maryland ▪ Standardize security
devices, ports, & protocols
▪ Integrates with existing policies ▪ Track process & improve
Total Amt. Raised $11.2M IT SIEM solutions ▪ Real-time automated productivity
▪ Evolve processes to meet
detection against threats
dynamic needs ▪ Speed up incident
Dragos Services response

Dragos Is An Extension Of Your Industrial Cybersecurity Team Funding Summary


Date Stage Amount Raised ($M) Selected Investors
Compromise Assessment Dragos Threat Hunting Dragos Incident Response
Deploys Dragos Threat Combines the experience of Uses a preventative approach to Aug 2017 Series A $10.0
Operations Center (TOC) human intelligence with the scale investigating and responding to
personnel and tools to assess of automation to constantly and threats in ICS environments.
Aug 2016 Seed $1.2
environment & risk efficiently search through
customer networks for threats

Source: Company Press Release and Website, Pitchbook, and Capital IQ.
191
Raises $15.0M In Series B Financing.

Company Overview Product Overview


GuardiCore provides visibility, active breach detection and real-time response for software The GuardiCore Centra Security Platform monitors all connections across the data center using multiple
defined and virtualized data centers and clouds. It combines lightweight architecture to detection methods. Unsuccessful connections are rerouted to a high-interaction deception engine for
support the performance requirements of high traffic data centers, and enterprises gain real investigation, while successful connections are analyzed for malicious attributes
Description time visibility, understanding and response to illicit activity within the data center in
Monitor Data Center
minutes, not months. The company leverages threat deception and application-level Detect Suspicious Activity Engage Suspicious Connections
Communications
network visualization to address the security challenges across virtual high traffic data
center environments. ▪ Covers all internal traffic ▪ Decoy opportunities allow real ▪ Decoy opportunities allow real
▪ Instantly detects blocked or filtered attacks to progress under attacks to progress under
connections granular observation granular observation
▪ IT teams can create rules governing ▪ Deception technology employs ▪ Deception technology employs
authorized communications real machines, services and IP real machines, services and IP
Founders /
between applications addresses addresses
Management
Pavel Gurvich Ariel Zeitlin Dror Sal’ee Yaron Bartov Ori Aldor Highlight Real, Migrate Attacks Remediate Compromised
CEO & CTO & VP Biz Dev & CFO VP R&D
Co-Founder Co-Founder Co-Founder
Active Breaches in Progress Services
Founded 2013 ▪ Performs automatic and real- ▪ Uses attack footprint to identify ▪ Provides recommendations for
time analysis that identifies all servers affected by the the most appropriate
HQ Tel Aviv, Israel confirmed active breaches breach remediation measures
Total Amt. Raised $46.0M ▪ Prioritizes all incidents based on ▪ Quarantines compromised ▪ Enables security team to remove
severity level servers and provides detailed backdoors and other hacker
▪ Develops a detailed footprint of incident reports to support tools from impacted servers
Key Highlights of GuardiCore the confirmed attack rapid response

Funding Summary
Dramatically Reduce Time To Prevent Or Minimize Gain Unprecedented
Detect, Investigate And Damage And Data Theft, Visibility Into Data Center Date Stage Amount Raised ($M) Selected Investors
Remediate Attacks Saving Millions Activity
Aug 2017 Series B-1 $15.0

Understand Attack Jul 2016 Series B $20.0


Empower Security Teams Strengthen Entire Security
To Do More With Less Methods And Patterns
Infrastructure
Aug 2014 Series A $11.0

Source: Company Press Release and Website, Pitchbook, and Capital IQ.
192
Raises $20.0M In Series A Financing.

Company Overview Product Overview


UnifyID is an identity platform that offers seamless security that relies on implicit UnifyID combines implicit authentication with machine learning to uniquely identify individuals on more
authentication. Implicit authentication are factors that are unique to the customer but than 500 websites & unlocks a new generation of IoT devices making remembering passwords obsolete
don’t require any user action, such as location, habits, and sensor data from everyday PC/Laptop UnifyID Implicit Authentication Platform
Description devices. The company uses proprietary machine learning algorithms to combine
▪ Analyzes factors like keystroke timing, ▪ Use of a variety of sensors including GPS,
behavioral and environmental attributes to produce a confidence score that specifies how mouse/touchpad movements, WiFi & Bluetooth accelerometer, gyroscope, magnetometer,
likely it was that a particular user performed an action, all increasing security without telemetry data barometer, ambient light, WiFi and Bluetooth
signals
burdening the user. ▪ Tap into constant signals emitted by Bluetooth LE
▪ Combine factors to extract a highly accurate ▪ Sensor data is processed locally & sends small
“confidence level” via use of proprietary machine streams of extracted to features to cloud-based
learning algorithms machine learning system

Founders / UnifyID Implicit Authentication Platform


Management
John Whaley Steve Chamberlain Vinay Prabhu Zero Conscious User Action
Founder, CEO Founder, COO Principal Machine
Learning Scientist Encrypted Digital
Sensor Data UnifyID Machine Learning Partner Use Cases
Footprint
Founded 2015
USER IDENTITY: JOHN ▪ Streamline Authentication
HQ San Francisco, CA Accelerometer Phone SKD 99.99% CONFIDENCE ▪ Fraud Detection/Prevention
Total Amt. Raised $20.0M ▪ Prevent account takeover
Gyroscope
Signal Processing ▪ Know Your Customer
Milestone Timeline GPS
Sensor Fusion ▪ Seat sharing
Feb 2017: ▪ E-Commerce
WiFi
Jan 2016: RSAC Innovation
Feature Extraction ▪ Continuous Authentication
Seed Funding Sandbox Winner Bluetooth ▪ Automatic Deauthentication

Funding Summary
March 2015: Sept 2016: March 2017: Date Stage Amount Raised ($M) Selected Investors
Company Formed TechCrunch Disrupt SXSW Security &
Runner-up Privacy Winner
Aug 2017 Series A $20.0

Source: Company Press Release and Website, Pitchbook, and Capital IQ.
193
Raises $35.0M In Series A Financing.

Company Overview Product Overview


Callsign is a mobile application that allows its users to securely access websites and keep Callsign’s Unique Intelligence Driven Authentication (IDA) Solution Enables Users To Access Whatever They
their personal details private. Callsign’s Intelligence Driven Authentication Solution Need, From Wherever And However They Need It, All In A Frictionless Manner
enables more informed and truly adaptive access control decisions, putting enterprises
Description Intelligence
and their users back in control. Its platform combines multi-factor authentication with
fraud analytics powered by deep-learning technology to offer an authentication platform Behavior Location Device
Ergonomic analysis delivers Understand where and how Debug, jailbreak/root,
that can adapt to potentially signals to combat the threat of unauthorized logins.
insights to precisely identify a transaction is initiated and malware and cloning
who is in possession of a verified to enable safe detection can inform risk
device harbors and anti-fraud policies

Authentication
Founders /
Management Biometric PIN OTP
Zia Hayat Ian Welch Paul Fletcher Christopher Hutton Julio Sevillano Srinivas Ketavarapu Replay resistant finger, face Secure PIN provides a OATH compliant OTPs are
CEO & Founder COO Head of Products Chief Solutions Head of Mobile VP, Bus. Dev. and voice recognition familiar user experience, in delivered to users in several
Engineer deliver the next generation line with the EMVCo ways, including Mobile App,
of authentication standard USB, LCD, SMS and Call
Founded 2011
HQ London, UK Technology
Total Amt. Raised $38.5M Crypto Engine Neural Engine Policy Engine
All cryptographic functions Uses more than 50 data By implementing critical
Callsign User Advantages across iOS and Android and elements in real-time to workflows, the Policy Engine
server sides are performed in a pinpoint suspicious activity, empowers risk officers to easily
fully audit-able manner accessing risk of device manage controls

Activity Profile Passcode


Funding Summary
▪ Easily review all requests ▪ Choose up to 24 identity ▪ Can still approve Date Stage Amount Raised ($M) Selected Investors
that have been made types to be managed via transactions even with no
▪ Audit trail ensures you Callsign Internet access Jul 2017 Series A $35.0 NightDragon Security
can see all transactions ▪ Easily control which ▪ Use app to generate OTP
details are shared to access systems and Sep 2016 Seed $3.5 Terry Eger
services offline

Source: Company Press Release and Website, Pitchbook, and Capital IQ.
194
Raises $23.0M In Series B Financing.

Company Overview Product Overview


PerimeterX prevents automated attacks by detecting and protecting against malicious web PX Detector PX Console
behavior. By analyzing the behavior of humans, applications and networks, it catches in real-
time automated attacks with unparalleled accuracy. The PerimeterX Bot Defender protects
Description
business and web infrastructure websites from automated or non-human attacks, at any
scale, by tracking the behavior of website visitors and using artificial intelligence algorithms to Browser Web Page
determine which bots should be blocked. PX JS Sensor PX JS Snippet
PX Enforcer

App Server
80 PX Risk Score
Founders /
Management 1. Deploy 2. Sense
Omri Iluz Ido Safruti Ophir Ashkenazi Jonathan Ferrell Amir Shaked ▪ Load Perimeter Bot Defender’s sensor to your ▪ Sensor collects and sends data to evaluate
CEO & Co- CTO & Co- CFO & Co- VP, Sales VP, Research
Founder Founder Founder
website browser, user and network activities
▪ Takes only five minutes to get started ▪ Dashboard shows all normal and malicious
Founded 2014 bot activities in real-time
HQ San Mateo, CA
3. Detect 4. Enforce
Total Amt. Raised $34.5M
▪ Evaluates sensor data in real-time using ▪ Risk Score is picked up by the PerimeterX
machine learning and behavioral analysis enforcer
PerimeterX Advantages ▪ Creates a Risk Score to identify whether a user ▪ Based on the score, the user is blocked or
is malicious or not, sent in an encrypted challenged
Diagnose the cookie back to the user’s browser ▪ Able to incriminate or exonerate the user
Defend Your
Detect Bot User as Deploy in based on the nature of the page and threat
Website and
Behavior Human or Minutes
Business
Malicious Bot Funding Summary
▪ Unparalleled accuracy ▪ Human vs. bot ▪ Prevent attacks that ▪ Hassle-free ongoing Date Stage Amount Raised ($M) Selected Investors
and precision behavior fingerprinting do not trigger maintenance
Jul 2017 Series B $23.0
▪ 100s of indicators and analysis security mechanisms ▪ Fully compatible with
from users, browsers, ▪ Detection of advanced ▪ Future proof against existing infrastructure Sep 2015 Series A $9.0 Andreas Bechtolsheim
devices and network automated attacks new automated including cloud and
attacks CDN solution Jan 2015 Seed $2.5

Source: Company Press Release and Website, Pitchbook, and Capital IQ.
195
StackRox
Raises $14.0M In Series A Financing.

Company Overview Product Overview


StackRox provides a container security platform that adapts to evolving threats and StackRox secures the entire path from containers to web-scale microservices. It enables deep container
streamlines security operations. It uses instrumentation and sophisticated machine visibility and insights, adapts defenses to new cyber threats, and unifies multiply threat protection
capabilities with a single integrated platform
learning to protect the agile enterprise, automatically discovering every container and
Built-in Security Architecture High Resolution Visibility
Description establishing full operational visibility. StackRox enables security teams to see containers in
▪ Combines a new, scalable security architecture with
high resolution and transform millions of signals across the environment into meaningful Container Auto-Discovery with Fingerprinting:
instrumentation and machine learning to protect containers
Microservice fingerprinting technology enables rapid,
security insights with dramatically less noise, defending against threats such as code from evolving threats.
reliable identification of both known and rogue containers
injection, privilege escalation, malicious lateral movement and data exfiltration. ▪ Deploys across cloud, virtual and bare metal environments
Insights from Entire Ocean of Container Signals: StackRox
as a set of container-based security microservices that
continuously monitors collection of signals including
collects signals, performs machine learning, and automates
system calls, network traffic, and Docker events
prevention and response
▪ Works as a single integrated platform that scales Advanced Network Visualization: Renders interactive,
Founders / automatically and interfaces seamlessly with existing security detailed visualization of container network in real time,
infrastructure providing a clear depiction of all system connections
Management
Adaptive Defenses Rapid Deployment and Simple Management
Sameer Bhalotra Ali Golshan Wei Lien Dang Shashank Tiwari
Co-Founder & CEO Co-Founder & CTO VP, Product VP, Engineering Adaptive threat protection is a result of machine learning StackRox is built for production environments and
Founded 2014 models working in parallel to protect container environments interfaces with the following systems:

HQ Mountain View, CA Auto-tuning Machine


Smart Filters Orchestration
Learning Models
Total Amt. Raised $14.0M

StackRox Benefits Policy-Driven Prevention


Attack Profile Library
Container
Platforms
and Response
Hunt for Threats Protect Cloud Workloads
▪ Single sign-on (SSO) authentication
▪ Dynamically filter collected container signals ▪ Effectively detect code injection, privilege
Two-Click Behavior Image Vulnerability Security ▪ Incident management systems
Modeling Scanning ▪ Full-featured API for SIEM integration
in order to rapidly zero in on indicators of escalation, malicious lateral movement, data
compromise (IOCs) and identify threats exfiltration, and many other types of threats
Funding Summary
▪ Surface detailed security event context for ▪ Orchestrate threat response with a policy-
analysts to construct new attack profiles and driven workflow that streamlines security Date Stage Amount Raised ($M) Selected Investors
policies management
Jul 2017 Series A $14.0
▪ Enable faster root cause analysis, streamlined ▪ Deploy as a single platform of container-
response, and prevention controls to harden based security microservices that work across
container environments against new attacks cloud workloads Jan 2015 Seed Undisclosed Undisclosed

Source: Company Press Release and Website, Pitchbook, and Capital IQ.
196
Awake Security Has Exited Stealth Mode With A Total Amount Raised Of $31.2M.

Company Overview Product Overview


Awake Security provides an advanced security analytics solution that improves security Awake Security offers a security analytics solution to automate painstaking analyses that expert investigators
operations productivity by delivering unprecedented visibility into enterprise perform, improving analyst productivity ten-fold
environments for breach detection, investigation and hunting. The company’s Security
Description Knowledge Graph data model uses machine learning and data analytics to automate
painstaking analyses expert investigators perform. The company is built on a foundation of
more than two years of research with hundreds of security professionals and a dozen
security teams, and it has just exited stealth mode.

Founders /
Management
Michael Callahan
Keith Amidon Debabrata Dash Gary Golomb Rudolph Araujo
Co-Founder &
Co-Founder & Co-Founder & Co-Founder & Chief VP, Marketing
CEO
VP, Networking VP, Analytics SOC Whisperer

Founded 2014 Security Knowledge Graph ActivityIQ EntityIQ


HQ Mountain View, CA ▪ Identifies and tracks real-world ▪ Analytics correlate network ▪ Algorithms surface notable
Total Amt. Raised $31.2M entities like devices, users or traffic to entities in the data entities and behaviors within
domains from network traffic model, presenting summarized the data model and cluster
timeline view as a victim would similar entities for attack
The Awake Advantage ▪ Captures conclusions and
discoveries made by team
experience it and as a campaign analysis.
investigator would piece it
members, improving ▪ Predict questions analysts are
Empowered Analysts Better Investigations A More Secure Network together
collaboration likely to ask, pointing them to
next investigative path
▪ Eliminate need to operate on IP ▪ Simple behavioral query language ▪ Detect, investigate and hunt for threat
addresses
▪ Cut out cumbersome tasks
for real-time answers to powerful
questions
activity after initial compromise
▪ Lower threat dwell time
Funding Summary
Date Stage Amount Raised ($M) Selected Investors
Lower Costs Quick Time to Value Low Maintenance
Dec 2016 Series B $22.5
▪ Reduce operational costs through ▪ Monitor network quickly without ▪ Keep sensitive data on premise but
consolidation, improved SOC need for any integrations or tuning get SaaS benefits of hardware
efficiency, higher analyst tenure & other than a simple TAP/SPAN monitoring, maintenance, & regular 2014 Series A $8.7
lower hiring / training expenses software & intelligence upgrades

Source: Company Press Release and Website, Pitchbook, and Capital IQ.
197
Raises $32.0M In Series B Financing.

Company Overview Product Overview


Deep Instinct provides real-time detection and prevention of zero-day threats The Deep Instinct platform focuses on three areas for real-time cyber intelligence: data training,
and advanced persistent threat attacks for mobile devices and endpoints, and deep learning and predictive capabilities to provide protection to mobile devices and endpoints
its proactive protection protects the organization’s entire assets from any
Description known and unknown threat on any infrastructure. The company approaches Technology
cybersecurity from a different angle: from reactive to proactive defense, as
well as from expecting the next unexpected attack to predicting and Data Training Deep Learning Predictive Capabilities
preventing it. Training on hundreds Proprietary, deep Lightweight, real-time cyber
of millions of malicious learning algorithms; intelligence; Distributed across
and benign files Continuous learning the organization’s infrastructure

Founders / Infrastructure Agnostic Connectionless Coverage Easy Deployment


Management
▪ Breaks down data features ▪ Works even when the ▪ Constantly scans, predicts
into small parts to render device is not connected to and protects all activities
Guy Caspi Eli David Holly Whalen Stuart Fisher Efrat Turgeman
CEO CTO SVP, Sales SVP, APAC CFO the data source irrelevant the network without impacting the user
▪ Instinctively detects and ▪ On-device agent allows experience
Founded 2014 prevents any threat on any complete protection when ▪ Works in parallel to any
HQ Tel Aviv, Israel infrastructure personal and corporate previously installed security
Total Amt. Raised $32.0M devices interact agents

Solution Components Real-Time Detection and Prevention Accurate Prediction Model

D-Brain D-Appliance D-Client ▪ Enables on-device, connectionless, lightweight, ▪ Continuously learns to deliver unprecedented
real-time cyber threat prevention accuracy to secure all assets
▪ Core component of deep ▪ Provides visualization and ▪ Enables on-device, ▪ Acts proactively and automatically according to ▪ Instantly detects zero-day threats before an
learning solution management tool to configure connectionless, lightweight, real- organization policies attack can take place
▪ Continuously learns on malware organization’s security policy time cyber threat prevention
datasets from diver sources ▪ Enables in-depth monitoring of ▪ Scans the device and acts Funding Summary
▪ Hosted at company headquarters cyber threats proactively and automatically
▪ Manages devices, security events, according to organization policies Date Stage Amount Raised ($M) Selected Investors
and security compliance policy in
the same place Jul 2017 Series B $32.0

Source: Company Press Release and Website, Pitchbook, and Capital IQ.
198
Raises $28.0M In Series C Financing.

Company Overview Product Overview


Flashpoint delivers Business Risk Intelligence (BRI) to empower business units and Flashpoint Intelligence Platform Analyst and Advisory Services
functions across organizations to make better decisions and mitigate risk. Flashpoint’s Dual Threat Landscape Analysts
unique Deep & Dark Web data, expertise, and technology enable customers to glean “Onboarding wizard” allows for quick customization Leverage extensive intelligence experience to train
to industry, region, category and threat target access Deep & Dark Web collection and analytics engines
Description intelligence that informs risk and protects their ability to operate. Flashpoint’s services
include bolstering cybersecurity, confronting fraud, detecting insider threats, enhancing Intelligence-to-Data Pivoting Business Risk Intelligence Practice
physical security, and addressing vendor risk and supply chain integrity. Browse or query reports; assess emerging threats, Tailored solutions to organizations starting, rebuilding, or
vulnerabilities and potential impacts to make risk expanding intelligence function whether for a single
decisions function or broad enterprise support

Tagging & Content Classification Strategic Engagement Services


Features optimized intelligence and report tagging and Offerings include Rapid Risk Response, Deep & Dark
classification that improves report searching and Web Risk / Executive Risk Exposure Reports, Directed
Founders / discovery. Actor Engagement, and additional analyst service.
Management
Use Cases
Josh Lefkowitz Evan Kohlmann Josh Devon Chris Camacho Ben Donohue
CEO Chief Innovation Officer COO Chief Strategy Officer VP, Engineering Cybersecurity Physical Security
Third-Party
& Emergent & Executive Fraud Insider Threat
Founded 2010 Malware Protection
Vendor Risk

HQ New York, NY
Subject Matter Experts Combined with Expansive coverage of Combination of in- Combines intimate
Total Amt. Raised $43.0M are embedded in illicit targeted Deep & Dark We provides a depth expertise with familiarity with
Deep & Dark Web Dark Web robust view into a complex techniques and insiders’ techniques
communities, monitoring, company’s ecosystem tactics to proactively with targeted
Flashpoint Features providing insights into Flashpoint’s expertise and rapidly assesses mitigate the most monitoring of Dark
malware development helps identify and risks complicated fraud Web to protect against
mitigate physical risk schemes insider threats

Funding Summary
Date Stage Amount Raised ($M) Selected Investors

Intelligence Reporting Curated Alerting Analyst Assistance API & Portal Jul 2017 Series C $28.0
Analysts most critical Comprehensive monitoring Directly access our analyst Tools to access and perform
Jul 2016 Series B $10.0
findings, hand-picked and relevant reporting, team for customized threat research on Deep & Dark
prioritized, and packaged in tailored to organization’s investigations Web data in order to
intra-daily reports needs discover valuable insights Apr 2015 Series A $5.0

Source: Company Press Release and Website, Pitchbook, and Capital IQ.
199
Raises $40.0M In Series C Financing.

Company Overview Product Overview


ZeroFOX protects modern organizations from dynamic security, brand and physical risks ZeroFOX SaaS platform protects businesses and employees from cyber, brand and physical threats on
across social, mobile, web and collaboration platforms. It is an innovator of social media social and digital channels. It is designed to give complete control, covering thousands of data sources and
and digital security and uses targeted data collection and artificial intelligence-based hundreds of use cases. Customers are able to catch threats faster before they make an impact, reduce their
Description analysis to protect organizations from targeted phishing attacks, credential compromise, risk exposure with AI-driven analytics, and utilize automated threat hunting and remediation tactics.
data exfiltration, brand hijacking, executive and location threats and more. The platform
Business Protection Employee Protection
processes and protects millions of posts, messages and accounts daily across the social and
Protect pages, brands & Safeguard employees &
digital landscape. executives from incoming and
enterprises from brand risks &
targeted security threats. outgoing risks.

Monitor Alert Eliminate


Founders / Targeted collection of mass social & Customizable, artificial intelligence- Automated content moderation and
Management digital data based analysis takedowns

James C. Foster Mike Price Tim Bender Jon Fraleigh Gabe Goldhirsh
CEO CTO CFO EVP, WW Field EVP, Global Data Sources Policies & Rules Integrations
Operations Services ▪ Social networks ▪ Spear phishing ▪ Security Operations Center
▪ Deep & dark web ▪ Spoofed accounts ▪ SIEM platforms
Founded 2013
▪ Mobile app stores ▪ Credential compromise ▪ IBM QRadar & ArcSight
HQ Baltimore, MD ▪ Collaboration & chat platforms ▪ Account takeover ▪ Analytics platforms
▪ Web domains ▪ Brand impersonations ▪ Threat intelligence platforms
Total Amt. Raised $80.2M ▪ Facebook & Google ▪ Physical threats ▪ Firewall/IDS/IPS
Customer attacks Security platforms
ZeroFOX Platform ▪ ▪

SaaS Deployment Instant Visibility Fine Tune Analysis


Funding Summary
▪ Instant protection Targeted data collection spans social, Customizable FoxScripts for AI-based
Date Stage Amount Raised ($M) Selected Investors
▪ Cloud-based deployment mobile, web, domain, deep/dark, machine learning analysis
▪ Zero set-up charges collaboration & digital sources Jul 2017 Series C $40.0

Dec 2015 Series B $27.0


Continuously Protect Extending New Intelligence Minimize Risk Exposure
Dedicated ThreatOps team and Complete Open REST APIs and 3rd Automated takedowns and content
Apr 2014 Series A $11.0 Enrique Salem
FoxThreats program constantly adds party integrations plug into your moderation via direct integrations to
new protections for new threats security infrastructure social & digital channels rapidly
eliminate threats Jul 2013 Seed $2.2

Source: Company Press Release and Website, Pitchbook, and Capital IQ.
200
Raises $75.0M In Series D Financing.

Company Overview Product Overview


Darktrace offers an Enterprise Immune System software platform that uses machine Darktrace’s Enterprise Immune System is the first non-consumer application of machine learning to work at scale,
learning and AI algorithms to automatically detect and take action against cyber-threats. It detecting stealthy cyber-attacks and insider threats that bypass traditional security tools. The framework includes
Darktrace Antigena, which delivers autonomous response, automatically taking action against in-progress attacks in real
is a self-configuring technology that works within enterprise and ICS networks including
time. Darktrace ICS is specialized for SCADA and other ICS networks.
Description virtual, cloud and IoT systems and does not require manual set up, identifying advanced
Enterprise Immune System Threat Visualizer Industrial Immune System Antigen