Before I begin I want to point out a post by Dartht about Endgame here which is worth a review. https://discussion.fool.com/the-estc-endgame-acquisition-3422461… . He points out some of the synergies with Elastic Beats and Elastic’s move into the SIEM space. Go read it before reading the rest of my post.
Security Overview
You may be wondering why we need yet another company moving into security. “Security” is a huge huge huge market. Gauchochris told me a nice analogy for the security world. ZS is like a border patrol agent, OKTA more similar to a passport issuer. Extending that analogy out then I would say EDR would be your FBI/(some surveillance and enforcement), SIEM (system wide data collection and monitoring) would be the NSA. You can see there are many different approaches to “Security”. All of which are important. Currently there is no one Security company that addresses the whole market. Mcafee, Symantec try but you can tell by the Crowdstrike, Zscaler, and OKTA’s of the world that the incumbents are losing.
The Acquisition
I’ve been delving the depths of the security webzines, awards, reddit, etc. Here is my take. Endgame was hot stuff into early 2018. They were growing at 70+% a year, reportedly had a 450million valuation and were the security sphere darlings with multiple awards and then something happened. I think that something was probably Crowdstrike. Then there were some rumors that Endgame was trying to sell itself for 300 million dollars. You don’t try and sell your company for 300 million dollars after you have a series D (might have been farther along than that) valuing you at 450 million dollars 8 months before. Fast forward to a few weeks ago and we find out that Elastic buys them for 234 million dollars…almost half of what they were trying to sell themselves for initially. Obviously Endgame had run into trouble.
Supposedly Endgame revenue was
https://www.bizjournals.com/washington/news/2019/06/06/this-…
2016: 3.6 million
2017? (must have been around 12 million)
2018: 21.8
2019: goal of 39 million
However in the call Shay says the company TTM billing is about 20 million.
Hard to know how all that matches up because we have no idea how endgame does their subscriptions but that would probably indicate a pretty massive slow down in growth hence them trying to sell themselves.
Looks like ESTC got Endgame for a P/S of 8-12…pretty darn cheap. So now the questions is…was it worth it?
Endpoint Market
This is one seriously fractured market. If you go back and look at the Gartner Magic Quadrant for the last couple of years you will notice many companies are gone or new. Many of gone out of business, been acquired. This is a crowded field with lots of people having solutions out there. The only clear market winner in my mind is Crowdstrike however multiple companies are buying their way in. ESTC acquired Endgame, Sophos just acquired Rook Security
https://solutionsreview.com/endpoint-security/sophos-acquire… .
I think the 2019 magic quadrant for endpoint protection will be totally changed. This market is moving very quickly and by Crowdstrike’s numbers it looks like they are pulling ahead however I’m not sure this is a done deal since much consolidation is happening and the threat environment is changing rapidly. For example, ransomware is now a big thing, cloud protection is a relatively new thing, you have the intel attacks, spectre, meltdown, etc.
https://www.smart.rs/en/news-and-blogs/gartner-magic-quadran….
Here is a link to the most recent Gartner Magic Quadrant for Endpoint protection which was done in april 2018. Cloudstrike is clearly ahead as well as sophos and symantec. Endgame gets points for completeness of vision but doesn’t do well on ability to execute.
Elastic and Endgame
Elastic has made an interesting move by attempting to offer both SIEM (Security and Information Event Management ) and EDR. I briefly touched on SIEM in the beginning. SIEM basically takes in tons of information, from your firewall, from your endpoint detection, file system etc etc and looks for patterns and anomalies.
Here is a nice article on the differences between SIEM and EDR and how they complement each other. https://www.logpoint.com/en/blog/the-difference-between-siem…
Elastic is perfect for SIEM since it is able to parse and show information in near real time from vast data sets. By offering SIEM and EDR in one product Elastic will have a leg up on most competitors. They seem to have purchased a very high quality company in Endgame, Elastic’s technology is definitely good enough. It will be interesting to see if they can provide something that is attractive enough to pull people to their security offering.
I only saw one company in the 2018 EDP and SIEM magic quadrants, Fortinet . They didn’t do well in either SIEM or EDP. At the moment most EDR companies look like they offer the ability to send information into SIEM systems.
Having dual SIEM and EDP capabilities makes a lot of sense to me as it seems like one can inform the other…good synergy. I think the question is can Elastic break into the security market…this isn’t something they will be able to just sort of focus on. They have a bunch of really tough competitors in each individual market, EDP and SIEM, but I do think Elastic has the chance to do something special with an integrated offering. The more I read about this the more I realize that the endgame acquisition is a relatively huge opening for ESTC. This is a long term project. Not an easy acquisition like mlabs was for mongodb. I also think this highlights just how powerful and general elastic’s core technology is. Just think, elastic search core technology is powering APM, Logging, Metrics, Security, Uptime events, Maps, Search and business analytics. I don’t think their move into security is a sure thing, but I do think they have managed to buy a good company with good technology and people at a good price. This is a market that has room for many companies to play in.
My main concern with Elastic is if they will be able to show operational leverage before the market gets fed up with their expenses. They have plenty of money right now, 300 million dollars, a very very attractive valuation EV/S of 20, great revenue growth near 70%. Their expenses are growing just as fast if not faster but we need a few more quarters to tell if that is a bad thing or setting them up for great growth in the future. I’ve been buying.
I do have a few questions though.
Dreamer. Do you mind weighing in on if you think having Elastic’s salesforce sell Endgame will be as seamless as Shay said in the CC.
Does anyone know how well Elastic holds up in the SIEM market? Gartner apparently doesn’t like open source and I couldn’t find a ton of info so I wonder if this is a newer push for them.
Happy investing!
Ethan