Red Hat was recently acquired by IBM for and eye-watering $34 Billion, and while it’s the largest deal of its nature, it did get me curious as to how frequent it is for open-source companies to get involved in a bit of M&A.

To keep it simple outside of my usual IT Security wheelhouse, let’s agree (or disagree depending on how pedantic you are) to use a broad brush term for open source while accepting that some companies don’t really have open source, but rather a community edition which is free and limited.

Now that we’ve agreed to those broad limitations, it’s interesting to see that Red Hat was a pretty active acquirer in its own right prior to being on the other end of the equation.

No less than 20 acquisitions over 15 years, the most recent being in January 2018 with its $250m acquisition of CoreOS.

Notable acquisitions by Red Hat

30 Jan 2018

CoreOS $250m

15 Oct 2015

FeedHenry $82m

18 Jun 2014

eNovance $70m

4 Oct 2011

Gluster $136m

4 Sep 2008

Qumranet $107m

20 Feb 2004

JBoss Developer $350m

18 Dec 2003

Sistina Software £31m

If you follow the open source space, this is probably nothing new to you, but I was surprised by just how buyont the market is. A quick search showed that there have been several deals this year alone, and while none were close to the $34bn IBM paid for Red Hat, the others haven’t been anything to dismiss. From Microsoft’s purchase of GitHub at $7.5bn to EQT partners laying down $2.5bn for Suse Linux.

Date Acquiring Company Target company Amount

29 Oct 2018

IBM Red Hat $34bn

3 July 2018

EQT Partners Suse Linux $2.5bn

4 June 2018

Microsoft GitHub $7.5bn

14 May 2018

Google Cask Undisclosed

30 Jan 2018

Red Hat CoreOS $250m

30 Jan 2018

GitLab Gemnasium Undisclosed

8 Jan 2018

Salesforce Attic Labs Undisclosed

Through this process, I guess the question that keeps popping up is “Why?”. Why did IBM acquire Red Hat, why did Microsoft acquire GitHub? Why bother acquiring an open source product at all?

Yes, we can all talk about features and complimentary technologies, and racing to the future. That’s all good. But I have another (working) theory.

Open source software, is kind of like how democracy should work. For the people by the people. People just want to get things done, and when they can’t find something that will let them do the job, they end up creating it themselves. Granted, many such endevours have a short half life, but some of them go onto bigger and better things.

And perhaps this is where the real value lies. When an open source company is acquired, it’s not being paid just for its technology. It’s the community, the tribe that weilds influence in technology strategy and adoption.

That’s not to say it’s all about the open source community. I was discussing this post with my friend Adrian Sanabria, and he summed it up nicely that it does prove that closed source doesn’t “protect IP” or necessarily make that IP any more valuable.


Social channels are an oft-overlooked area when it comes to information security. Social channels are left in the hands of marketing departments for customer engagement purposes.

However, the adoption of social digital tools for the purposes of conducting business is widespread and largely unregulated, creating a major area of risk for organisations.

If we look at the social frontier, it encompasses mobile, desktop, and cloud. Due to the consumer focus many of these have, it is easy to deploy tools with no oversight.

Because of these risks, we see social media breaches on the rise. Safeguard Cyber seeks to address this risk blind-spot.


Charlottesville, Virginia-based Safeguard Cyber was founded in 2014 by CEO Jim Zuffoletti and CTO Otavio Freire. The company has about 30 staff, claims over 40 fortune 100 customers, and raised a $3.9m venture round since 2015.

Most recently, in April 2018, the company announced former FireEye, McAfee, and Documentum CEO, Dave DeWalt as Vice Chair and investor.


Safeguard Cyber is delivered as a cloud-based platform from where it can connect to over 50 digital channels such as WhatsApp, Twitter, Skype, Slack, Instagram, Jabber and others.

The product seeks out all corporate social assets across various channels, it then pulls in data to conduct risk assessments, secure the known assets, and finally provides assurance through a series of tests.

It is designed to be transparent to the end user and marketing departments, rather the SOC, or security analyst would be the primary user, responding to alerts – all of which can be exported to existing tools such as a SIEM.

The product offers a variety of features designed to bring enterprise-grade capabilities to consumer products. For example, it can synchronise with active directory, so when a user leaves and is removed from AD, their credentials are automatically removed from any corporate social media account they had access to.

Similarly, a company can create a ‘gold image’ as to what its corporate accounts should represent. In the event of a suspected account takeover, where the profile picture and description of a Twitter account is changed, the platform automatically takes action to change the profile back to the approved version.


Timing is key when it comes to security. As security controls increase, they push attackers out to other areas. Remote working and BYOD have several security offerings to choose from. Cloud security has also greatly increased as CASB and broader security providers have increased capabilities and enjoyed healthy M&A activity.

However, the social media space remains relatively under-served. Uniquely positioning Safeguard Cyber to address this area of growing concern for many companies.

Opportunities exist for Safeguard Cyber to increase partnerships with security vendors such as SIEM’s or DLP products. Additionally, its presence could compliment the security capabilities and offering of managed security service providers, or managed detection and response.

It wouldn’t be surprising to see a large security vendor, or even a social media company look to acquire Safeguard Cyber for its ability to bring enterprise-grade security to this sector.

Overall, technologies can be pretty straightforward to secure. Teach software not to execute a certain command, block a port, or alert on a set of conditions, and it will abide.

Humans, on the other hand are not as easy to harden against attacks. These attacks are frequently delivered through emails, text messages, social media, or even infected USB drives left in a car park.

It’s no wonder that user behavior consistently remains a high priority for many enterprises.

Following the money

There has been much activity in the user awareness space in recent months. Money has poured in, in the form of investments and acquisitions.

Recent notable market transactions include

February 2018: PhishMe acquired by PE for $400m and rebranded as Cofense

February 2018: Proofpoint acquired Wombat Security for $225m

August 2017: Webroot acquired the assets of Securecast for an undisclosed amount.

October 2017: KnowBe4 raised $30m in a series B round, bringing total funding to date to $43.5m

A broader look at the market

Many years ago, the user awareness market was more fragmented. Each provider delivering a segment of the training. Some would focus only on phishing, others provided a learning management system, whereas others created specialist training content in the form of books, posters, or videos.

The recent trend indicates more providers want to move more towards a user awareness ‘platform’ as opposed to having a single product. It was one of the drivers behind the renaming of PhishMe to Cofense, to present and offer more than just phishing.

Alongside Cofense, ProofPoint (Wombat), Webroot (Securecast), and KnowBe4 are all examples of user awareness companies that have tried to consolidate the different aspects of user awareness to one platform.

But that’s not to say there isn’t still room for specialist providers. Twist & Shout Media has built a sizeable customer base with four seasons of its Restricted Intelligence of comedy-awareness series as well as a number of spin-offs. Similarly, Habitu8 seeks to bring a bit of Hollywood glamour to its Hashtag awareness videos.

Looking forward

Security awareness is a hot space as awareness (no pun intended) increases and money is entering the space faster than before.

But the biggest question that remains over user awareness is it’s ROI and means to measure its effectiveness. Although approaches are improving, the security culture framework tries to put some meaningful metrics around awareness.

The NCSC recently published a somewhat polarizing blog questioning the value of phishing.

All in, we’ll probably continue to see more consolidation in the user awareness space in the coming months, not just to create user awareness platforms, but to truly embed user awareness as a security layer within organizations.


2018 has kicked off with a flurry of M&A activity in the infosec space. There have been four that I’ve been aware of,

Barracuda acquired Phishline
Cyxtera acquired Immunity Inc
Verizon acquired Niddel
Threatcare acquired Savage Security

I wonder how many more deals will be announced between now and RSA. Either way, it looks like it could be a busy year ahead.

Threatcare has announced a $1.4m seed round led by Moonshots Capital and includes Flyover Capital and Firebrand Ventures.

The Austin-based company was founded in 2014 by CEO Marcus Carey. Its flagship product, Violet, is a SaaS-based offering that enables continuous security validation through attack simulations.

For many security departments, the question they are often faced with is, “are we secure?” While that may be a loaded question, there isn’t usually a satisfactory answer.

Security assurance is an established discipline, but is often limited in scope, either by business or technology. The advantage that a product like Threatcare brings is that it can provide broad assurance across multiple technologies. By simulating attacks, Violet is able to see the forest for the trees, and rather than getting tied down with one particular vulnerability, it can be used to assess the overall security effectiveness of an organisation. In that way, it can perhaps be thought of more as a security assurance orchestration offering – tying together multiple technologies and processes.

This is an area we’ll likely see rapid growth in over the coming years as companies stop layering technologies, and stop to see if what they already have is functioning adequately.

Competition in this space is heating up, both from a technology perspective, and the funding competitors have raised, most notably Safebreach raised $19m in mid 2016, while AttackIQ raised a $8.8m series A, and UpGuard raised a $17m series B at the end of 2016.

Other vendors in this space include Picus Security and Cybric.

Fuelled by a twitter conversation both Adrian Sanabria and Anton Chuvakin posted articles here and here, sharing some good tips on what makes a good briefing and common pitfalls to avoid.

As a former (recovering?) analyst, I thought it only right that I jump on the bandwagon and share my thoughts on the topic.

What is a vendor briefing?

If you’re not familiar with vendor briefings, it’s basically where a vendor will speak to an analyst and explain what their product does, how the company is structured, financials, and so forth. The analyst will then, depending on how the analyst firm operates, will either write up a piece on the company, reference it as part of a broader piece of research, or maintain the details in their database of companies they are tracking.

Analyst tips

Both Anton and Adrian were very thorough in their advice to vendors on how to deliver a good briefing. But I’d like to shift focus and point out a few things analysts could be mindful of during such briefings.

1. You don’t know everything. Yes, you speak to very smart people every day and your reports are widely read. But it’s very easy to get on a high horse and think you are all-seeing all-knowing. If that were the case you’d have raised millions in funding and solved all technology problems by now.

2. Let the vendor make their point. You may not agree with them, but let them present their perspective and give the courtesy of hearing them out.

3. A briefing isn’t a fight – it’s not an argument that needs to be “won”. If putting others down makes you sleep better at night that’s cool. But chill out a little, you’re meant to be impartial and balanced.

4. Set expectations – let the vendor know up front what you are hoping to get out of the call. Be open about whether you’re more interested in the product, or the company strategy, or the numbers. Vendors aren’t mind-readers.

5. One of the most useful phrase I learnt as an analyst was, “Can you help me to understand…” It’s a simple and effective line that can mean so many things such as, “I don’t believe you”, “too many buzzwords”, “maybe you need to think this through”. Whatever it may mean, it doesn’t come across as confrontational – it puts you on the same page trying to work through a problem.

6. Be organised – be on time, have your notes in order, don’t just blunder through the briefing. Yes, you’re a busy analyst that has to do many of these a week – but a little organisation can go a long way.

7. Share your plans – be clear as to what the vendor can expect. Do you plan on covering their company, will you include them in a larger piece of research. How frequently would you like them to keep in touch with you. All this can go a long way in ensuring a long and meaningful relationship.

The numbers don’t lie

If I were to add to Adrian and Antons respective blogs as a tip to vendors, that is that while an analyst may disagree on the effectiveness of your product, or its value, the numbers don’t lie. Analysts have a lot of numbers – they spend a lot of time sizing markets, analysing competitors growth projections and targets, most will be able to analyse your numbers, or infer them very quickly. So please don’t try and impress by claiming huge numbers or ridiculous growth. Don’t claim your TAM is your SAM or SOM.

I’ll digress and give an example of what I mean.

Say you are a producer of bottled water.

Every human needs to drink water, so the total available market (TAM) is around 7 billion.

But you’re restricted by geographical reach. Say you can only ship your bottled water to the whole of England , then that is your serviceable available market (SAM).

However, there are other competitors in England, and there are many people who won’t buy bottled water, maybe they drink tap water, or boil their own water, or have their own water filters. So, in reality you’re looking at a much smaller serviceable obtainable market (SOM).

Maybe you’re a vendor that secures IoT devices. Don’t start your pitch by saying that your market is 22billion devices (or whatever the number of estimated IoT devices is) because it’s not. That may be the TAM, but your SOM will be much smaller. So think about how you will convince the analyst your product has the right strategy to get there.

In my opinion, recklessly throwing around numbers is worse than buzzword bingo – you could end up in the vapour-ware category of my vendor heirarchy pyramid.



Market sizing

Seeing as I’ve kicked the hornets nest about numbers – I guess it’s a good time to talk about market sizing. I see a lot of weird and wonderful numbers thrown about and sometimes I’m left scratchiing my rapidly-balding head as to how markets are sized up. Many times I’ll see claims that the {small infosec segment} industry will be worth {huge} billions by 2020 according to {analyst firm}.

I have typically been drawn more towards the bottom-up approach to market sizing, it can be more time consuming, but gives a more sane answer.

It’s rather simple in that you basically take the collective revenue of the current vendors in a given market segment to get todays market size. If you know the rate at which each of the vendors is growing, or predicting to grow, you can estimate how large the market will be in the future.

For example, if you take a list of security awareness providers and calculate their turnover (I’ll save that for another post), and add it all together, maybe the answer will be $200m (as an example). So that’s our market size.

On average, all the companies may be growing sales at 25% every year. Which means that, barring any major disruptions, in two years time – the market size would grow to $300m.

So, if a new security awareness vendor comes onto the scene, they shouldn’t make claims that the market is worth 5bn because every employee in every company in the world needs training, or that they plan on growing to $500m in revenue in five years – an analyst will be justified in rolling their eye and being skeptical.




M&A in the infosec world has waited for the holiday season to go all out splashing its cash. A flurry of activity has occurred at the tail end of the year with considerable consolidation.

Proving that encryption and identity management is no slouch, Thales has made an eye-watering bid of $5.7bn to acquire Gemalto, a few days after Atos failed to make a successful bid.

The merged entity will create a near monopoly in encryption, key management, and HSMs. There is overlap between the two companies, and a fair amount of time will likely be spent picking apart the threads, de-duplicating services, and consolidaing divisions.

While there are alternative HSM offerings in the market, the combined presence of Thales and Gemalto will eclipse all others, both in general purpose, and payment processing HSMs.

The new company will also have a significant play in the identity as a service space. Although, it will remain to be seen if Gemalto will be content in dominating the areas it has greater presence in, or expand its offerings to broader cloud encryption, authentication, identity, and tokenization services.

Subject to regulatory approval, the deal is expected to close in the second half of 2018. Thales was advised by Lazard, Messier Maris & Associés, and Société Générale. Gemalto was advised by Deutsche Bank and JPMorgan.

Infosec companies don’t always get the love they deserve from the markets once they IPO. As Barracuda Networks discovered despite posting respectable profitable growth.

PE firm Thoma Bravo stepped in, paying $27.55 per share for Barracuda in a $1.6bn move taking it private.

The market can be unforgiving, even when a company like Barracuda is profitable, it may not be profitable ‘enough’. One of the main contributing factors in the slower growth was Barracuda’s shift to a more cloud-focussed business model.

While the transition from legacy on-premises billing models to a subscription-based cloud model makes sense in the long run, it does include a degree of disruption – particularly on how the financial numbers are reported.

From that perspective, the deal makes a lot of sense. Thoma Bravo acquires a company that the market isn’t fully in-love with. Helps it get through the transition period to a cloud-based model, and see the value shoot up.

On the other end of public infosec companies lies Proofpoint. A company that has continued to grow through acquisition buying companies like FireLayers, Cloudmark, and most recently

Weblife is a browser isolation provider and makes an almost perfect fit for a company like Proofpoint which has a broad array of security capabilities but had a blind spot around BYOD or personal use of company-issued devices. Weblife provides an answer that may appease many an enterprise wrestling with personal / corporate monitoring and segregation.

The $60m acquisition of Weblife falls within the average purchase price for Proofpoint. Founded in 2013, Weblife had raised $3.5m, so the deal resulted in just over 17x multiple of invested capital.

Bugcrowd has announced a new CEO, Ashish Gupta to take the helm from founder Casey Ellis, who has stepped aside to assume the role of Chairman and CTO of the firm he founded five years ago in 2012.

The move shows a level of maturity on behalf of the company, and indeed Ellis. Startup founders often find it hard to make way for a dedicated CEO that can lead the company through the next level of its growth. By appointing a CEO, Ellis can focus on what he is best at, the technology, the product, the game theory, and the crowd itself.

The Grugq quipped that Ellis has successfully grown the company to the level that he can now outsource the boring work. While it may not be completely factually correct, the sentiment rings true.

Bridging communities
It’s also important to take a step back and examine what factors have led to the success of Bugcrowd as a company.

While its platform has definitely helped, as has funding, the real value Bugcrowd has brought to the table is its ability to bridge together communities.

The word community is thrown around a lot in the security world, almost as much as the Fast and Furious franchise uses the word family. But in this case, the sentiment is true.

Vendors and security researchers have a long and well-documented strained relationship. The debate around responsible disclosure has led to more heated arguments than climate change, or the link between vaccinations and autism.

On the surface, what companies like Bugcrowd offer is no different from any of the other “sharing economy” companies such as Uber or AirBnB. But that is an overly simplistic generalisation.

Companies that open bug bounty programs have a variety of needs, objectives and goals. Some will offer large cash rewards, while others can only afford a public acknowledgement and tip of the hat. Some have very strict requirements as to what is in scope, while others cast a much wider net.

In that regard, it’s a bit more like internet dating. Trying match up the right couples who have complex needs and requirements, whilst trying to ensure neither is an axe murderer in their spare time.

Inevitably, not every bug bounty will satisfy researchers and companies, but despite that, Bugcrowd has managed to build up its brand and influence. Its marketing campaigns and rewards to researchers has helped showcase talents and build trust.

Perhaps the biggest success of the company is that it has been successful in shining the spotlight on its researchers and participating vendors as opposed to itself. Maybe that’s what community is all about –  highlighting the successes of others before yourself.

New York-based Flashpoint was founded in 2010, and has evolved its mission to comb the dark web to provide business risk intelligence to help organizations mitigate risk across the enterprise.

The company is headed up by CEO Josh Lefkowitz, with Evan Kohlmann and Josh Devon serving as chief innovation officer, and chief operating officer respectively.

Over the course of two rounds, Flashpoint has raised a total of $15m in funding. The most recent Series B closed in July 2016 and was led by Greycroft Partners.

The company has 75 employees and over 80 customers in private and public sector across multiple verticals. The majority of customers are in North America, with plans to expand across South America and Europe over 2017.


The Flashpoint offering is a combination of people, data, and technology leveraged to generate business risk intelligence for its customers, from traditional intelligence to intelligence that aids all departments across a company’s enterprise. All aspects of Flashpoint’s offering are tailored to specifically drill into, and find relevant information in the dark web. This includes having multi-lingual analysts that are experienced in embedding themselves within dark web communities and possessing an understanding of the culture and digital-customs.

The Flashpoint technology assists the analysts in working around technical issues such as captcha solving, evading bot detection, collecting timely data, and assisting in maintaining a positive reputation.

According to Flashpoint, this combination of analysts with technology allows analysts to be far more effective and provide the ability to serve a multitude of customers.

The product is sold via a subscription model. Flashpoint customers receive anywhere between three to eight reports a day. Depending on the package, they also get a set number of hours every month which they can use to engage directly with analysts. Customers can also sign onto the online Flashpoint portal and run custom queries, or use the API to import and query data in a local tool.

Breaking the Fourth Wall

Obtaining meaningful threat intelligence from the dark web, and from the internet that is relevant and usable by businesses is a large task. But with its specific focus on the deep and dark web, and mix of technology and specialist staff gives Flashpoint a good foundation upon they can build on.

Perhaps the biggest challenge Flashpoint will have is differentiating itself in an already noisy threat intelligence market. The offering differs from vendors such as FireEye (Mandiant) or Crowdstrike that focus on nation-state or APT’s, or vendors that focus on indicator feeds, or even primarily on the open web. An element of customer education will likely be needed to gain mainstream understanding of how Flashpoint differs, or complements others in this space such as Digital Shadows, InsightPartners, Recorded Future, Cyveillance, and others

In that regard, pursuing technology partnerships, as the company already does, will be key in generating more awareness of its offering as well as getting its intel in front of more customers.

Network security is a major concern for both enterprises and individuals. With threats seemingly around every corner, we focus much of our energy on awareness and mitigation, such as firewalls.

Well, sometimes. It’s not always this simple. Setting up a suitable firewall becomes far more of a challenge the more systems there are in a single network. It can also be difficult to gauge exactly what threats you’re up against and what tools are the best to use for your specific network.

Enter FireMon.

Founded in 2004 in Kansas, FireMon started out offering firewall management solutions. This service spun into what is today FireMon’s premiere product – the FireMon Security Manager.

The FireMon Security Manager is a firewall management platform designed for massive networks with thousands of hosts. Claimed by FireMon to provide real-time threat analysis, the ability to see and clean up overly lenient user permissions as well as firewall policies, and allows for the monitoring of network traffic behavior in order to find policies which may be overly permissive.

Not only that, but FireMon Security Manager is able to isolate, document and detect any change that may exist in your firewall policies.

FireMon offers three modules which can be purchased separately in order to extend the capabilities of Security Manager – Policy Planner, Policy Optimizer, and Risk Analyzer.

Policy Planner recommends certain policy changes and analyzes the impact any policy changes may have on overall security. Policy Optimizer allows for the automation of policy review and changes based on shifting security conditions as well as compliance requirements. Risk Analyzer is a risk-assessment tool designed to evaluate the efficacy of a network’s security infrastructure by determining which vulnerabilities are most likely to be exploited by hackers.

Breaking The Fourth Wall

FireMon continues to address a real need in the market with the FireMon Security Manager as well as its other products. In this age of increased security threats to our networks, the security of an organization’s firewall is vital as well as its durability against external threats and network vulnerabilities. The FireMon Security Manager allows users to see the existence of threats and vulnerabilities, as well as providing analysis for addressing the issue.

However, FireMon isn’t only focusing on bringing intelligence security analytics to the firewall. FireMon announced October 20, 2016 that it had acquired FortyCloud, a Cloud Infrastructure Security Broker.

Thanks to the acquisition, FireMon can now turn its gaze to the cloud and address multi-cloud management and the need for cloud-based intelligent security management capabilities. FortyCloud allows users to connect securely to multi-cloud environments and even provides options for extending cloud security, such as two-factor authentication.

With more and more organizations seeking to bring their networks into the Cloud, security is increasingly a concern. However, being able to work with the FortyCloud team leaves FireMon in a position to develop usable offerings to meet the security needs that will most certainly develop from cloud-based networks.

There is certainly competition in the market from other players, such as Skybox Security, Tufin, and Algosec, however, with the acquisition of FortyCloud, FireMon can continue being a strong player in the rapidly-changing industry.

Despite some of the world’s most innovative minds working tirelessly to develop solutions to security woes, the average user still lags far behind in prioritizing his or her own security online. In fact, the mobile identity company TeleSign conducted a survey  of 2000 people in 2015 and found that consumers have an average of 23 accounts online, however only an average of six passwords are actually used to protect those accounts. 73% of those surveyed used duplicate passwords.

When users continue to practice poor security habits, it puts more than just their own personal accounts at risk. Companies of all sizes have moved servers into  the cloud, and a lack of privileged security could allow but a single compromised user to wreak havoc.

Enter Lieberman Software.

Founded in 1978 as a software consultancy in Los Angeles, California, Lieberman Software’s flagship product today, Enterprise Random Password Management (ERPM), is designed to addressing this risk and more in the field of privileged management.

Lieberman Software recently integrated ERPM with a number of up-and-coming technologies, including Okta.

Okta securely authenticates a user via primary or multi-factor authentication using only a single sign-on from the user. Through ERPM with Okta, there are two methods organizations can require users to log-in.

The first way to log-in is through the ERPM user-interface, which may also use optional methods and steps of authentication. The second way to log-in would be through Okta. There are two paths which may be taken by the user when using the Okta method, both of which are powered by the protocol SAML (Security Assertion Markup Language), which assists in the exchange between authentication and authorization data between separate parties. The first would involve starting from ERPM, being redirected to Okta, and then returning to ERPM. The second allows the user to access ERPM directly through the Okta application menu.

When pricing ERPM for clients, Lieberman Software bases the cost on the number of hosts, rather than the number of total users. It  starts out at $25,000, with all current and future software integrations included in the price.

Along with the integration of Okta, the recent release of ERPM Version 5.5.1 also premiered integration with Ping Identity, OneLogin, and Active Directory Federation Services (ADFS).

Lieberman Software is choosing not to charge for ERPM integration with Okta. In fact, the integration was provided to both new and existing ERPM customers for no extra charge, as Lieberman Software is interested in Okta customers, whom they see as being more concerned with security than the average user.

Breaking The Fourth Wall

Lieberman Software has had a long life in the technical sector and boasts about tackling the issue of privileged management from as early as the mid 1990s. Globally, Lieberman Software has more than 1200 clients, from healthcare providers, financial institutions, and government agencies, to smaller businesses with large and complex networks

Rather than charge for integration with technologies like Okta, Lieberman provides it at no extra cost to both existing and future users of ERPM. Instead of trying to profit off users interested in advanced security, Lieberman is trying to attract those advanced security-minded users.

By integrating with multiple systems of authentication, Lieberman Software is also giving its clients more options to customize security solutions to match their individual needs.

The privileged identity management sector is a crowded field, with Lieberman Software facing stiff competition from CyberArk, BeyondTrust, CA, Centrify, Osirium, Xceedium, and even IBM and Dell. However, by continuing to prioritize the security profile of its users and seeking out the best possible solutions to these privileged security woes as they appear, Lieberman is continuing to build its reputation. But the issue of privileged management is far from solved, and by continuing to prioritize the security of its users, Lieberman could continue to carve out a respectable spot for itself in the industry.

Michael Dell founded Dell in Austin, Texas 1984. As a student he initially ran the company from his dorm. In just four years, Dell was able to file for IPO in 1988.

Dell continued on a growth trajectory, hitting $1bn in revenue by 1994 and launching its online shop in 1996. Within six months online sales reportedly generated $1m in sales per day.

However, it wasn’t all smooth sailing. Dell himself was removed as CEO and the company struggled at times to meet the expectations of the market.

In 2013, with Dell back in the CEO seat, he partnered with Silver Lake Partners to take the company private for $25bn. A figure, many analysts said underpaid shareholders.

By taking the company private, Dell was able to restructure and make changes without having to worry about the market or shareholders. In its attempts to carve out a leaner business, Dell has shed some divisions that didn’t return, notable Perot Systems, Quest Software and SonicWALL.

While it was shedding low-return divisions with one hand, Dell announced a deal worth $67bn with its intention to acquire EMC – the biggest technology integration ever.

However, an integration of this size is not a simple case of signing an agreement, shaking hands, and wiring some money. EMC is a hugely complex company in its own right; made up of several independent companies. Some of which trade independently, such as VMware. Other key components of EMC include Pivotal and RSA.

Looking at EMC, Dell may want to offload some divisions. Documentum, much like Veritas within Symantec was never a natural fit – so could be a candidate to go.

The combined Dell and EMC entity – named Dell Technologies, is estimated to be worth around $74bn in revenue with 140,000 staff. With this considerable horsepower and private status, Dell could choose to delve into the hottest technology markets through R&D or acquisition.

The figures look convincing on paper. But acquisitions – even small ones can get messy quickly. Few companies manage a truly successful integration when there’s only a technology component. Dell still has financial and regulatory challenges to overcome in the process.

Looking ahead, one thing can be sure that the ride is far from over for the company Michael Dell founded in his dorm.

It is no secret that data breaches are a growing epidemic, with the average cost of a data breach being nearly $3.8 million, according to the IBM-sponsored Ponemon 2016 Cost of Data Breach Study. As a result, businesses of all sizes have found themselves searching for tools to better manage the security of their data, with vendors of all types popping up in this growing market, ready to meet security needs.

Keeper, which was founded in 2011 in Chicago, IL, is one such company. Built on the premise that passwords are the greatest single cause of data breaches, Keeper developed their offering with the goal of meeting an increasing need for password management software, both for consumers and businesses.

It first started life as a consumer product. Version 1.0 of Keeper first launched on the iPhone, and has since amassed millions of users. It later added a password management offering for businesses, and has since attracted 3,000 business customers, most of which are SMBs.

The most recent version of Keeper, released in June 2016, was designed for individuals, small to medium sized businesses and enterprises with the goal of improving ease of use, flexibility, and security for the user.

Claimed by Keeper to be unique to its offering are such features as a unified password and data vault, a robust security architecture which Keeper boasts has never been compromised, native apps on every Mobile OS, device and browser, and SOC-2 Type II compliance: a rigorous security audit focused on a business’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system.

From a user behavior perspective, Keeper has built in features to help encourage and enforce healthy password habits. Users can generate strong passwords and store them in a secure vault while administrators have the ability to monitor overall password security using metrics such as password strength or uniqueness.

The latest release included such features as enhanced administration, Duo two-factor authentication, enhanced security through HTTP Public Key Pinning, and more, with each added feature being intended to improve the security of Keeper and the data within it as much as possible.

Breaking The Fourth Wall

After five years, Keeper has resisted the lure of investment that flows into the security industry and has managed to be entirely self-funded.

Keeper manages to both address the needs of the consumer while also allowing for itself to be a product well-positioned for businesses.

Keeper’s platform strategy involves embracing a variety of platforms, including mobile (Android, iOS, Windows Phone), desktop (Linux, Mac, PC) and browser (Chrome, Firefox, IE). It also has an emphasis on creating engaging and appealing experience for users.

One of Keeper’s biggest strengths is that it can mitigate against the fundamental user errors which threaten security. One of the greatest security risks is password reuse or simple passwords (such as “password1”). The latest iteration of Keeper makes it easy for IT admins to ensure that users create unique, strong, and distinct passwords for each online service.

The software has evolved considerably through the years, there still remains ample opportunity to further develop the product through additional features, such as enhanced reporting or analytics.

Keeper has developed a solid product, but it’s in a competitive market with other established and well-funded products, such as LastPass (owned by LogMeIn), Thycotic, and Dashlane. However, is addresses a real need in the security market, and with some effort, the right marketing, and a continued dedication to a secure and user-friendly product, Keeper will be able to continue to make its mark on the market.

Even for the largest organizations, threat awareness is a serious challenge. How can you tell whether sensitive corporate documents have been leaked online, or if someone is impersonating and undermining your brand online, without committing significant numbers of people to finding out?

Digital Shadows aims to make this process much easier. Its flagship product, SearchLight, automates as much of this time-consuming process as it can. For the tasks which can’t be automated, it has a skilled team of researchers and analysts.

Based jointly in San Francisco and London, and with a recently opened third office in Dallas, Texas, Digital Shadows is enjoying a prolonged period of growth. Earlier this year, it concluded a Series B round of funding, during which it at attracted $14 million led by Trinity Ventures. This follows an earlier Series A round in 2015, led by Storm Ventures, where $8 million was pulled in.

According to the company, it is in a process of scaling upwards. It expects to reach 100 employees by the end of the year.

There’s certainly a market for a cyber situational awareness product like SearchLight. According to VP of security strategy Rick Holland, Digital Shadows has already signed more than 60 contracts for it. Financial services were the natural vertical to initially target, but the company has since signed a number of contracts in a diverse mix of organizations including insurance companies, financial institutions, agricultural firms – even a candy manufacturer.


Searchlight works by taking details from a client – email addresses, executive information, document markings, building plans – and then trawling through the dark and light web for traces them. It’s fully automated, and uses open source intelligence. It doesn’t pay for credentials

Once its findings have been aggregated and verified, Searchlight will then generate a report. Most customers receive this via email, but it’s also possible to get it through the SearchLight web portal, or the API. Digital Shadows provides a HTTP REST based API for vendor and client integrations.

When SearchLight identifies a piece of leaked corporate data, it will allow the user to send a takedown request through the app.

Tying this together is a web portal. This is a bit like iGoogle, or NetVibes, and features content aggregation about threats facing a particular corporation, vertical, or industry. This features information on threat actors, news, as well as potentially relevant calendar events.

In addition, Digital Shadows provides every client with eight hours of Request for Information (RFI) time per month, where an analyst will look into specific security threats.  A client could provide SearchLight with an email address or Twitter handle, and Digital Shadows will provide all the information it could find on that particular item. Clients can also use the RFI time for more strategic intelligence products including forecasting of threats against specific verticals.

SearchLight is in a seemingly endless spate of growth and improvement, with some of the biggest changes to the platform to come in Q3.

Digital Shadows expects to release an update to SearchLight, which will allow customers to get an even better understanding of their digital footprint. SearchLight will soon include Passive Infrastructure Monitoring to reveal details on hosts, services, vulnerabilities and expired certificates.

It also intends to launch a new domain fuzzing integration. This will attempt to find sites that use domain and typo squatting, and will identify phishing sites which target the customer’s brand.

Digital Shadows targets small and large enterprises alike. Typical buyers include CSOs, CTOs, CIOs, directors of security, security operations teams, as well as physical security, brand protection and data leakage teams.

Breaking The Fourth Wall

Perhaps the biggest strength of SearchLight is that it does the job of multiple products, but with the cost and management burden of just one. For overstretched IT departments, this is going to be a significant attraction.

It may be the case that vendors which focus on single tasks are best in breed. For example, MarkMonitor may provide better brand protection services. But SearchLight’s biggest strength is that it can offer a broader range of capabilities which will only enhance over time. With Digital Shadows having pulled off not one, but two successful funding rounds, and expanding its workforce to over 100 employees by end of year, this process may accelerate.

However, the threat intelligence space is a crowded one, and Digital Shadows are coming up against some entrenched incumbents, like iSight/FireEye, RecordedFuture, BitSight, Cyveillance/Looking Glass. For it to thrive, it will need to continually innovate and differentiate itself.

With Digital Shadows increasingly targeting the Global 1000 down to SMBs, it could benefit from segmenting its product, in order to be affordable to IT departments with lower budgets. This airline-style pricing model typically performs well for SaaS providers.