Fastly Acquires Signal Sciences

This feels like the biggest Fastly news of the day, Fastly announces agreement to acquire Signal Services for $775m in cash and stock

It describes Signal Sciences as “the fastest growing web application security company in the world”.
https://investors.fastly.com/news/news-details/2020/Fastly-A…

This feels like a very meaningful step to bolster its overall proposition, and offer a unified service, with its function as a CDN, edge computing & security offering - combining Compute@Edge and Secure@Edge as integrated solutions. No one imagined that Fastly would remain just a ‘CDN’ offering in the future, but this future seems to be evolving at a rapid pace.

Security is no doubt at the forefront of Fastly’s future, but I would very much appreciate any insights into what this means for Fastly’s evolution going forwards, and how this can bolster their Edge offering. And ultimately how this will help to drive their growth.

(apologies for the double post, I thought both news items today might be of interest to Fastly investors)

Signal Sciences has the best Web Application Firewall solution in the market. It gets the highest 5.0 mark with 57 reviews @Gartner, compare to Cloudflare 4.4 with 37 reviews. I see $FSLY may get a very good deal acquiring a truly cutting edge and visionary company in the industry.

https://www.gartner.com/reviews/market/web-application-firew…

Zoro
Super Long FSLY with 23% position

Zoro, I woke up to see this news and was going to post here and share it as well, so thanks for doing that.

How do you all analyze an acquisition like this?

What do you look for to decide if it’s a strong acquisition - encouraging you to buy more vs. a poor acquisition?

At first glance it seems like Fastly is strengthening their security offer and are doing so without using all cash for the purchase.

Very interested to know how you all look at this acquisition and others of our high growth names?

Thank you!

Can someone help me sort out the differences or similarities in the security software discussed here. We have ZS which touts a zero trust network and Crowdstrike which uses endpoint security based on global intelligence. Now we have Signal Sciences. Are these three solutions for three problems or are they all doing the same thing?

If I am using ZS, do I need the Signal Sciences Solution?

And of course I haven’t mentioned legacy systems since they don’t seem to be that involved in the cloud — yet, but of course are entering the fray.

Thanks in advance to anyone who can help me make sense of the various security solutions and how they should/are being used.

Gordon

Regarding security among Zs and NET anyway, Here’s what Muji Sydney and POffringa touted:

Muji-

Both Zscaler and Cloudflare provide services that protect all traffic end-to-end across the entirety of their global edge network. Traffic from endpoints securely enter their global network and are now able to be protected all the way to the final destination (SaaS service, internal APIs, etc), then back again. They are protecting both outgoing requests (from a customer’s users to the SaaS services they utilize), and incoming requests (from a customer’s customers or workforce to the internal services they utilize).
Cloudflare has their Argo Tunnel product to bring their edge network all the way into your data center (protecting the edge-to-origin above). Their Magic Transit product goes a step further, and brings Cloudflare’s platform directly onto your enterprise network. They then added another product, Cloudflare Access, to protect incoming traffic, allowing users to safely access a company’s origin server, regardless of where it lives (in the cloud or an on-prem data center). This is accomplished through Zero Trust capabilities they have built, which are possible due to the software-defined networking architecture they’ve adopted.
Using those software tunnels, the only unprotected part left was the Last Mile between the endpoint (requesting device) to the nearest edge server. So Cloudflare then created a Secure Web Gateway (SWG) product called Cloudflare Gateway, to protect the traffic from the endpoint making requests to the SaaS services that an enterprise uses. Between outgoing traffic production in Gateway and incoming traffic protection in Access, Cloudflare now offers end-to-end protection of network traffic for an enterprise’s users.
If this combo sounds familiar, it is because this is entirely what Zscaler (ZS) has built. They protect outgoing traffic from endpoints to external servers (ZIA, their Secure Web Gateway) and incoming traffic from endpoints to origin servers (ZPA, their Zero Trust secure access method). Cloudflare evolved their Gateway and Access products into a new competiting platform called Cloudflare for Teams. [See more details on Cloudflare for Teams in my Cloudflare deep dive from March

How do you all analyze an acquisition like this?
What do you look for to decide if it’s a strong acquisition - encouraging you to buy more vs. a poor acquisition?

My 2 cents:

A ‘bad acquisition’ or ‘Diworsification’ (to paraphrase Peter Lynch) could be where a company acquires a business that is not complimentary to its own, and it is trying to penetrate a new market or stimulate growth that way. These are often unsuccessful. An example could be Coca Cola buying Columbia Pictures in the 1980s (and quickly getting out).

Fastly: Signal Sciences’ technology combined with Fastly’s current solutions will form Fastly’s upcoming new security offering, Secure@Edge

I see the acquisition of Signal Sciences as complimentary to Fastly’s current function, as security comes hand in hand with Fastly’s CDN and edge network capabilities. Secure@Edge becomes a new proposition for Fastly to align with the roll-out of Compute@Edge, and integrates with their current solutions.

Fastly: The acquisition supports Fastly’s mission to provide simplified, secure, and frictionless solutions at scale, and to transform the security landscape by offering an alternative to the existing array of opaque, fragmented and inflexible solutions needed to protect web applications and APIs.

Security is already a key feature of Cloudfare’s proposition, I only see this move as offering greater optionality for Fastly’s end customers and (as Zoro’s article suggests it might) if Fastly were to have a better security offering it could help them win market share vs Cloudfare. It is a growing market in itself and so only expands their total addressable market in my view.

I also like the customers that Signal Sciences supports:

Fastly: The company works with some of the world’s most recognizable companies, as indicated on the company’s website, including Duo Security, Datadog, Under Armour, Twilio SendGrid, and DoorDash.

My first impression of this acquisition, from a business sense, is that it is in step with its stated mission, and that the company acquired is a top quality business with top quality customers. Therefore I like it.

At first glance it seems like Fastly is strengthening their security offer and are doing so without using all cash for the purchase

The market can react negatively to acquisitions which are funded through share dilution. However, in my opinion long term investors should be focused on what Fastly’s acquisition of Signal Sciences means to the business, rather than the share price. As over the long term it is this growth ambition that will drive the share price

I, for one, am becoming more and more excited about Fastly’s future.

In case anyone is interested, this is the investor presentation to accompany the announcement and includes some useful details:

https://investors.fastly.com/files/doc_presentations/2020/08…

acquisition Can someone help me sort out the differences or similarities in the security software discussed here.

I don’t like to invest in security hardware, software, or services because it see it as a commodity. If you’ll pardon the analogy, it’s like clean restrooms in eateries. No one ever says “let’s go to MacDonald’s, they have fabulous restrooms” but they might say “let’s not, they have filthy restrooms.”

Business is divided into core and context. At MacDonald’s food is core, all the rest, like clean restrooms, is context. In horizontal value chains it is recommended to concentrate on core and farm out context. MacDonald’s might hire Fuller to keep restrooms clean. For Fuller, cleaning is core!

I see Fastly buying Signal Sciences so that their clients feel at ease hiring Fastly’s core services, safe Edge and CDN.

Another reason I don’t like investing in security is that while I understand what Zoom and Teladoc customer’s want, I have only a vague idea of what security customers really need in terms of security.

Put another way, I think that Fastly’s Signal Sciences acquisition is a good idea but it really is not a core acquisition, just clean restrooms. For Teladoc, Livongo IS a core acquisition.

Denny Schlesinger

From the investor presentation linked by DoctorRob

Introducing Secure@Edge
A comprehensive, unified solution for web and API protection
Fastly Products
Fastly & SigSci Products Signal Sciences Products
Edge Access Control
Edge Authentication
TLS Acceleration
Platform TLS
DDoS Protection
Web Application Firewall
Rate Limiting
Bot Mitigation
API Protection

Me here: the above is quite extensive, specifically when compared to ESTC security offering so far, after their purchase of Endgame and from my call notes their now only providing DDoS protection. I’m very impressed with what FSLY is doing here. But would love to here more from those here that are of a security background.

Thanks,

Jason

I think this is a great move for Fastly. In comparisons with one of its competitors, Cloudflare, the consensus has been that Fastly was founded for performance and needed more security, while Cloudflare was founded for security, but needed better performance.

As Cloudflare itself says:
The biggest concern that investors and advisors had was that Cloudflare’s solution, which was originally focused on securing websites, would introduce latency.
https://www.cloudflare.com/our-story/

You may recall during its earnings call earlier this month there was some discussion around Fastly’s security offerings:
Brad Zelnick – Credit Suisse – Analyst
"For starters, I think I’ve heard you emphasize the SecOps audience today more so than ever. You also highlighted investments and capabilities like flow control. Can you just double-click on the security use case a bit more because, quite honestly, I think investors had always viewed that side of your business as less mature than others in the market.
https://www.fool.com/earnings/call-transcripts/2020/08/06/fa…

The response should have lead us to believe an acquisition like this was already in the works, as CEO Joshua Bixby responded:
we continue to look for investment opportunities, both organic and inorganic, and we are certainly looking to find both partners in some form of proximity to us that are proven leaders in their space, have revenue and really focus on this DevOps-Sec intersection where we believe the future is.

I like that Fastly found not just a good security solution, but that the company they’re acquiring has the same approach to development and customer focus - the “common DNA” Fastly describes in the deck on the acquisition.

great discussions…

question for Smorgs and others knowledgeable on this topic:

Would you describe this acquisition as FSLY beefing up its security offering to enable better security for hosting apps and others on its edge infrastructure… (meaning it boosts / completes necessary security suite of tools to continue build / accelerate its high performance edge business).

OR

is it a preparation to build ZS type security offering… which NET also recently introduced… to me this is a very different / somewhat independent (adjacent) product category… but it can allow FSLY to go after additional adjacent revenue…

OR a combination of both…

I interpret this as former… (completing security suite to accelerate edge business)… but like to hear your opinion…

thanks in advance…

nilvest

No one ever says “let’s go to MacDonald’s, they have fabulous restrooms” but they might say “let’s not, they have filthy restrooms.”

I beg to differ. If you have children and are out and about in Europe, you not only go to McDonalds because of the fabulous restrooms but you know where McDonalds are before you leave the hotel.

If you are backpacking and out and about in Bangkok or Kuala Lampur or Singapore and got a little intestinal gift from the local food, you go to McDonalds because of the fabulous bathrooms.

I have a car to get from point A to B. Does not mean that others don’t buy a car for different reasons. What is the core of Porsche? Transportation?

Hi Denny,

I really like your use of analogy

Put another way, I think that Fastly’s Signal Sciences acquisition is a good idea but it really is not a core acquisition, just clean restrooms. For Teladoc, Livongo IS a core acquisition.

Perhaps we need a new thread ‘Fastly acquisition vs Livongo acquisition’ or something:

I don’t disagree with the sentiment here, but what I would say is that while security might not seem like a core part of what Fastly is today, in my opinion it is likely to be a core part of what Fastly will be in the future. Perhaps it won’t be the ‘sexy’, marketable side of their business, but it will be part of the package.

Speaking from my own perspective here, selling ‘machine to machine’ connectivity to Enterprise customers, additional IOT solutions are essential in differentiating ourselves from competition, and a combined offering is an integral part of our core and unified IOT proposition. We won’t win new business without having the whole ‘IOT’ package that a competitor is offering. This is how I view Fastly here; without a strong security proposition this is something that might down the line hold the company back when up against competitors that have one (Cloudfare comes to mind). Therefore, in essence, security becomes a core part of Fastly’s proposition - subsidiary to its CDN & Edge opportunity perhaps, but essential nonetheless. One doesn’t ‘work’ without the other.

As an investor, the Teladoc acquisition of Livongo however, confused the story for me. I was invested in Livongo, the high flying growth digital health platform, and then it was subsumed into a bigger beast in TDOC. The story for a Fastly investor seems more simple here, in essence, as Fastly is the one acquiring the smaller higher growth company, one in step with both its current functionality and its long term vision.

I have since reinitiated a small position in LVGO/TDOC after some excellent posts on this board and because I feel digital health will be a long term winner, but my conviction is not as high as it had been when Livongo was a singular entity (hence the smaller position). I want to see how the new TDOC will perform as a combined entity in its next earnings or two. However, with Fastly’s acquisition of Signal Sciences, a high growth, high quality business which complements Fastly’s overall proposition and strategy, my conviction is only that much greater today than it was yesterday.

I feel (perhaps naively) that stories are important for investing, as a story can align to what a company’s vision of the future is. Once that story becomes confused (for me), as an investor I start to have questions about where that company vision is going. For Fastly, if clean restrooms are what’s needed for the rest of the business to thrive, then I’ll take that

I beg to differ. If you have children and are out and about in Europe, you not only go to McDonalds because of the fabulous restrooms but you know where McDonalds are before you leave the hotel.

Granted, exclude backpackers in Europe with children and similar circumstances. What percentage of MacD diners are you talking about?

Reminds me of Yogi Berra saying about a famous restaurant “Nobody goes there anymore, it’s too crowded.”

Denny Schlesinger

I don’t disagree with the sentiment here, but what I would say is that while security might not seem like a core part of what Fastly is today, in my opinion it is likely to be a core part of what Fastly will be in the future. Perhaps it won’t be the ‘sexy’, marketable side of their business, but it will be part of the package.

Speaking from my own perspective here, selling ‘machine to machine’ connectivity to Enterprise customers, additional IOT solutions are essential in differentiating ourselves from competition, and a combined offering is an integral part of our core and unified IOT proposition. We won’t win new business without having the whole ‘IOT’ package that a competitor is offering. This is how I view Fastly here; without a strong security proposition this is something that might down the line hold the company back when up against competitors that have one (Cloudfare comes to mind). Therefore, in essence, security becomes a core part of Fastly’s proposition - subsidiary to its CDN & Edge opportunity perhaps, but essential nonetheless. One doesn’t ‘work’ without the other.

I agree and, yes, Signal Sciences is a key acquisition. The quibble is about the definition of core. You can be perfectly secure by NOT communicating. You don’t communicate to be secure. You need to be secure when communicating. Communication is the core, security is the context.

As for Fastly vs. Teladoc acquisitions, what was confusing you is that with Fastly you were the buying entity while with Teladoc you were the selling entity which required “changing horses midstream” a perilous activity. I was invested in Teladoc long before I met Livongo so there was no midstream adventure for me. I could see both deals from the buyer’s side.

Denny Schlesinger

I think security is core to the edge network premise. Cloudflare Workers and Fastly EdgeCompute extend an org’s internal network forward (out) towards an interaction via a temporary instance of new “internal” computing resources. The security needs to be capable of working simultaneously with that activity.

The alternative would be to add tons of anti-trust logic into the applications on the understanding that anything could communicate directly with them?

I think security is core to the edge network premise.

Like I said above, “The quibble is about the definition of core.” I’m using Geoffrey Moore’s definition in Living on the Fault Line. If by core you mean “very important” or even “vital,” I won’t disagree. The purpose of edge computing being computation in a secure environment, “computation” is core and “secure environment” is context in Geoffrey Moore’s usage.

CORE VERSUS CONTEXT

When investors look at management’s use of their capital, they have but one wish: please employ it in activities that have at least a chance of increasing stock price. From the investors’ view those are the activities that are core to the company’s operations. Everything else is context.

This is actually a somewhat radical view. Customers, for example, do not agree with it. They see core as anything that will impact their customer satisfaction. For them context might well be whatever the company has to do to make itself profitable. Management too often sees core differently, frequently in terms of core competence, what the company is distinctively good at, and employees often see it in terms of what we have always done, or what we are best known for.

All these definitions are legitimate in their own frame of reference, but none of them are appropriate if our goal is to manage for shareholder value. For that we must learn to adopt the investor’s view.

https://www.pdfdrive.com/living-on-the-fault-line-d187129839…

[Free PDF]

This is my last post in this thread.

Denny Schlesinger

Peter Offringa of Software Stack Investing has offered his take on Fastly’s acquisition of Signal Sciences:
https://softwarestackinvesting.com/fastly-and-signal-science…

I think this acquisition significantly improves the investment thesis for Fastly. By adding new product revenue streams, enterprise customers for cross-sell and enhanced capabilities for Compute@Edge, Fastly’s future is looking even brighter as we transition into 2021. They are well-positioned to further disrupt legacy offerings in content delivery, application security and distributed computing. With a seasoned team of thought leaders, we could see even more product innovation down the road, as they rethink the foundational underpinnings of modern application delivery infrastructure.

He has increased his holding to over 30% of his portfolio.

Gap in the market

Frustrated by the limitations of existing security solutions to protect web applications, the Signal Sciences co-founders decided that they could build a better offering…Sound familiar? This is the same impetus that drove Artur Bergman to found Fastly out of frustration with existing CDN solutions.

Like Eric Yuan did with Zoom, Fastly & Signal Sciences identified needs in the market and addressed them with a superior offering.

Awards and TAM

Signal Sciences’ technologies have also been recognized with industry awards:
InfoWorld – 2018 Technology of the Year
Computing – DevOps Excellence Awards 2020 for Best DevOps Security Tool
451 Research – 451 Firestarter Award, October 2019

According to an LA TechWatch article in early 2019, the application security market was estimated at $7B and is the fastest growing segment of information security.

Complementing products

The plan is to integrate the application security capabilities from both companies together into a single new product offering called Secure@Edge. This will complement the Compute@Edge platform, but also be a key component within it. Secure@Edge will be built on top of the Compute@Edge platform, using the same development tooling as any other edge compute application.

Common DNA: Management and Customers

A big part of my bullishness around the Fastly investment thesis centers on the talent base they are building. As investors, I think we sometimes overlook the power of assembling a strong team of highly motivated engineering talent that includes the leading minds in their fields. We tend to focus on the tangible metrics in front of us, like financials or customer growth, as talent is harder to assess and speaks more to future potential for a company’s growth than current performance. We celebrate strong founders/CEOs of software companies, and when they have the technical chops to deliver the first prototype of their product, even better (Yuan, Lawson, McKinnon, Banon). Yet, there is an equally important organizational layer to build in the technology team that drives innovation and leadership long into the future. In this regard, Fastly has been assembling a brain trust of leading thinkers in networking, content delivery, programming languages and now security.

Like Fastly, Signal Sciences targets and attracts innovative, internet-first companies as customers. This is a consequence of the disruptive nature of their product and reflects the benefits in operational efficiency that progressive players would seek as early adopters. A sampling of brand names listed on their web site includes Under Armor, Datadog, Duo, One Medical, O’Reilly, DoorDash, Onelogin, Airtable, Chef, Postmates, Remitly, Procore, Twilio and WeWork.

This example highlights the large cross-sell and customer expansion opportunity available to the combined company. Signal Sciences brings 265 total customers, of which 60 are at the enterprise level (defined as spending more than $100k in the prior 12 months). Of these, 70% (about 42) are new to Fastly. At the end of Q2, Fastly reported 304 enterprise customers, with an average spend of $716k. Signal Sciences’ 42 new enterprise customers would increase Fastly’s count by 14% and could add about $30M in incremental revenue over time, if they could all be cross-sold up to the average Fastly enterprise customer spend.

Outlook

Given these developments, I have become even more bullish on Fastly’s potential going into 2021. Coming out of Q2, I was anticipating them to deliver at least $300M in revenue for 2020, representing growth exceeding 50% year/year. For 2021, I felt that 40-50% growth was achievable over 2020, based on continued momentum in content delivery uptake and the introduction of Compute@Edge, yielding revenue approaching $450M. With the addition of Signal Sciences and the new Secure@Edge product line, we could see an additional $30-50M in revenue for 2021, based on Signal Sciences’ existing ARR of $28M as of June 30th, continued high growth of their product sales and future cross-sell opportunities. This could bring total revenue for 2021 of $500M. Investors can apply their own multiple to this target, but I am optimistic the market cap for the combined company could surpass $15-20B by end of 2021.