Open Source Subnet An independent Open Source community View more

Dispelling the myths around Tripwire's nCircle acquisition

Digging into the Thoma Bravo security strategy

The security world has been abuzz this week with the news of Tripwire acquiring nCircle. As widely reported Tripwire, is about a $100 million revenue company acquired by the private equity group Thoma Bravo about two years ago. nCircle is about a $40 million revenue, venture-backed company that was a well-known entry in the vulnerability management and configuration space.

I had a chance to speak with Abe Kleinfeld, CEO of nCircle, and Jim Johnson, CEO of Tripwire, on Monday. Both CEOs were still basking in the glow of the deal. At a high level they envision how the two companies could combine, but they both stressed that a lot of work needed to still be done on both the technical integration of the combined product portfolio, as well as combining the two organizations. 

I have known Abe, as well as many of the nCircle team, for many years. They run a quality company with well-respected products. They compete with Qualys, Rapid 7, Tenable Network Security and several others in the vulnerability management space. nCircle also added a great configuration management capability a few years back via acquisition. They had also recently launched their PureCloud service that was aimed at more of a midmarket and SMB base.

As has been widely reported, including here on Network World by Ellen Messmer, Tripwire is a host-based risk and security management play, while nCircle is more of an agentless, network-based scanning and management tool. Combined, they could provide a more complete view in vulnerability and risk management than many of the leading tools in this space. However, there are also quite a number of myths that are being circulated regarding this deal.

Myth 1: Tripwire paid for this deal out of its highly profitable business. While I don't know what Tripwire paid for nCircle, I do know that nCircle was not running a fire sale. With revenue of $40m, I have to assume the price for nCircle was north of $100m. Tripwire is not that profitable. For the last year, there are records; they made about $4 million in profit on revenue of about $85 million. Even moving to $100m in revenue is not going to yield the kind of profits necessary to buy nCircle for cash.

Now, it is possible that this deal involved a substantial amount of stock in the new entity. But I tend to doubt it. nCircle has been around for about 10 years and I would imagine its investors were looking to cash out. No, I think it much more likely that Thoma Bravo wrote a check for this one.

Myth 2: This creates a monster new security competitor to take on the likes of Symantec and McAfee. Not quite. While both nCircle and Tripwire compete against some Symantec and McAfee products, the combined new company does not come close to matching the breadth and width of the offerings from Symantec or McAfee, not to mention the revenue.

The new Tripwire will be one of a class of mid-sized security companies. Big enough for an IPO if its PE overlords desire it (probably not), but not at the 500m+ level to compete with the really big players in security. Symantec, McAfee, IBM, HP, Cisco and Dell, not to mention Juniper, Checkpoint or recent IPO Palo Alto Networks which all scale from $500m+ into the billions in revenue. That dwarfs the $150m of Tripwire. More than revenue though, most of these companies have a wider base of solutions than Tripwire does.

All that being said, $150m in revenue is nothing to sneeze at. On top of this, with Thoma Bravo money behind them, it has the deep pockets to continue growing this via acquisition.

Myth 3: Tripwire is filling out its plans to become a bigger player in security. While I know personally that Tripwire had been looking for a network-based vulnerability scanner for some time, certainly before the Thoma Bravo buyout, this deal is the vision of Thoma Bravo. In fact, Jim Johnson has said as much in other interviews he has given about this deal. Thoma Bravo is pulling the strings here. They have quietly built an empire in infosec. They now own Tripwire, Blue Coat, Crossbeam, Entrust, Attachmate (Novell and NetIQ) and LanDesk. The question is when and how do they try to pull these all together to really take on the giants in the space.

Myth 4: The new Tripwire is content to be a player in the vulnerability and risk management space. While that is where they play now, Abe Kleinfeld made it plain to me that he thinks the end game is a true security platform. The security industry has been in search of a unifying platform for some time. Many thought that SEIM would represent the platform that all other security technology folded into. However, things did not work out that way. In a new age of computing, the opportunity is to leverage what the companies have into a new platform. Working with other Thoma Bravo companies, this is a vision that is both grand and possible.

While some in the security industry yawned because they felt both companies represented the old way of doing security, the idea of making a true security platform could be the real diamond here.

Myth 5: The vulnerability management space is a mature, static market. I think this deal is going to set off an arms race in the space. Qualys has the cash and publicly traded stock to go out and make some acquisitions to maintain its position in the market. Rapid 7, while undergoing a bit of a management change, has access to VC funds to do some type of smaller acquisitions, or could find itself a takeover target itself. Tenable Network Security recently raised $50m in venture funding and could use that to acquire some technology to stay competitive as well. This deal could set off a wave in the VM and risk space.

Myths or not, building a company and selling it for millions of dollars is quite an accomplishment. Congratulations to all of my friends at nCircle. Also, congratulations to my friends at Tripwire. You bought a great company and with what you already have there is a bright path in front of you.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.