I recently scheduled a breakfast meeting in November with an industry buddy who is an executive at RSA. When I first reached out to him late this past summer, I really wanted to arrange this meeting to suggest that RSA take a look at SilverTail Systems, a web fraud detection and security software provider I know quite well.
Looks like I’ll have to find some other topics for conversation because unbeknownst to me, RSA announced its intent to acquire SilverTail Systems yesterday.
In my humble opinion, this deal is your proverbial “no-brainer.” Why? RSA is already all over the anti-fraud space. Most people mistakenly equate RSA with adaptive authentication alone but its anti-fraud portfolio extends to areas like transaction monitoring, its eFraud Network, and its cybercrime intelligence services. There is a lot of brainpower at RSA in anti-fraud as well as a literal who’s who of Fortune 100 customers. So here’s the thing – SilverTail is in the same accounts with the same types of skills and specialization albeit in a different area. Perfect complement and extension play for RSA.
So what exactly does SilverTail do? In simple terms, it collects granular data that tracks the use of the world’s biggest revenue-producing web applications – device data, user data, transaction data, click-through patterns, web session behavior, user behavior, etc. It learns what normal and/or expected behavior should be and can then quickly detect anomalies at the application layer. SilverTail isn’t a Web Application Firewall (WAF) looking for SQL injection attacks; it is a security behavior intelligence system able to detect cyber criminals who have found and exploited coding problems with software business logic. This is sophisticated stuff aimed at sophisticated (and historically successful) adversaries.
I have no doubt that SilverTail would have been successful on its own or acquired by someone else sooner or later. So why would SilverTail sell? I’m sure the price had something to do with it but SilverTail was somewhat of a prisoner of its own success and therefore needed enterprise operations skills and scale sooner rather than later. Once again, RSA/SilverTail is a perfect match.
A few additional thoughts on RSA/SilverTail:
1. SilverTail also plays well with RSA’s focus on the intersection of big data and security analytics. Just combining NetWitness and SilverTail can provide extremely deep security analytics from the networking to application layers.
2. While SilverTail appeals to companies at the top of the enterprise pyramid, most won’t have the skills or resources for this type of security intelligence. RSA should accelerate SilverTail roadmap plans for anti-fraud security intelligence and managed services. This is a potentially lucrative and huge market with few competitors.
3. RSA has an extremely rich portfolio for the public sector. In fact, RSA may secretly be rooting for increased cybersecurity legislation as this would open up immediate increased demand for a SilverTail and NetWitness sandwich offering.
4. Combined with EMC assets like Greenplum, SilverTail can also be a big part of business analytics. In fact, many existing SilverTail customers gain tremendous value in this way. It’s tough for a security company to sell peripheral functionality but EMC/RSA as a solutions company may be able to pull this off.