Interview with Nir Zuk, founder of Palo Alto Networks. He gives his view of the current Cybersecurity landscape. Some passages are particularly insightful (below the link to the original article):
“Cybersecurity is undergoing consolidation as larger companies expand and smaller ones find it increasingly challenging. We are witnessing discussions between Wiz and SentinelOne, and more such consolidations will likely occur. The realization is that focusing exclusively on a narrow niche within cybersecurity is unsustainable. In the end, every computing infrastructure market that matures undergoes significant consolidation, with only a few key players remaining.”
What will happen to those companies that remain in the middle and don’t participate in mergers?
“Reaching billion-dollar sales figures will be exceedingly difficult for them. Currently, there are fewer than ten cybersecurity companies with revenues of this magnitude: Palo Alto, Microsoft, Cisco, Fortinet, Zscaler, Check Point, and CrowdStrike. Neither we nor Microsoft achieved these revenues through organic growth but rather through smart acquisitions. We always prefer to acquire rather than develop on our own.”
Why not acquire SentinelOne, given your presence in the endpoint security market?
“We don’t acquire companies solely to increase revenues or eliminate competitors from the market.”
“Cybersecurity companies face a complex situation because recent recruitment was based on extremely high valuation levels, leading to challenges now requiring compromises on valuations. There’s also the issue that there are no longer as many buyers in the cybersecurity market. I anticipate there will be many closures. Symantec, Cisco, and McAfee are no longer making purchases, and those that remain are primarily Microsoft, Fortinet, CrowdStrike, and us, with Check Point playing a smaller role. It becomes challenging to establish startups when there are only 5-6 buyers in the market. It’s preferable to invest human capital in other fields.”
Still, in the near term, he affirmed CrowdStrike is set up to benefit from its M&A strategy.
“It’s always going to be competitive,” Kurtz told the audience. “I think we’re going to be the beneficiaries of some of the movement and noise in the market that we see today, and I think when you look at what we’re doing from a consolidation perspective, the consolidators are going to win and I think that’s going to allow us to compete more effectively in the back half of the year.”
Peter Offringa wrote an article on Zscaler, September 2022. This is just one quote from his legendary Deep Dives. I think it’s relevant to the points made, as outlined by Silviocast from the interview with Zuk, Founder CTO of Palo Alto, he referenced (which I found fascinating on many levels, by the way.
From my notes on 11/2022
Peter-
“For Zero Trust, leading competitors are Palo Alto Networks, Netskope and McAfee. Cloudflare also has a growing presence in this market. Zscaler has been considered the leader in this market for some time. For several years, they were the only provider in the Leader’s quadrant (for Secure Web Gateway). Now, Gartner has redefined Zscaler’s category as SSE to more accurately reflect the latest expectations for a network-based Zero Trust solution that includes secure web gateway (SWG), cloud access security broker (CASB) and Zero Trust network access (ZTNA.”.
“Zscaler management has estimated their SAM to be $72B and only sell into 1-2% of that currently, so winning significant share of this market will provide cash flows for investment into the next big opportunity. And they likely have something else brewing behind the curtain.”
“… the potential merger between Wiz and SentinelOne, which could create a new market giant with a valuation exceeding $10 billion and revenues of over $1 billion.”
Wiz is a privately held cybersecurity company, founded in Jan 2020, that allows companies to find security issues in public cloud infrastructure.
If it goes through, maybe it will help SentinelOne compete?
Indeed, BroadwayDan.
I guess what the Zuk interview made me reflect on is how important is where we stand in the life cycle of a sector/industry in an investment decision. Cybersecurity is becoming a mature space, leading to consolidation and slower growth. And this is an inevitable dynamics affecting pretty much every industry from some point on. So I think the key is really understanding the future potential of a space, trying to get in as early as possible, and riding the growth wave before it inevitably approaches maturity and things slow down/consolidate. Granted, we’re not VCs, and much of the early growth is not accessible to us. But we should try to capture as much of the “later growth” as possible by first choosing carefully which sector/industry to be in, and then picking the winners within that sector/industry.
Nothing wrong with investing in consolidating industries, mind you. Good money can be made there as well. But the metrics to focus on are different.
After re-reading this thread, I’m writing this post in response to what I think was the mist of one of Silviocast’s mentions, which I think might lead us to believe that the Security space is not going to continue in Hypergrowth.
Silviocast-
“Cybersecurity is becoming a mature space, leading to consolidation and slower growth. And this is an inevitable dynamics affecting pretty much every industry from some point on. So I think the key is really understanding the future potential of a space, trying to get in as early as possible, and riding the growth wave before it inevitably approaches maturity and things slow down/consolidate.”
In my post just prior to this one by Silviocast, I quoted Peter Offringa
In my post quoting Peter, I left out my assessment, which is that with greenfield like this how could the few consolidators ‘not’ remain in hypergrowth.
I think the point is valid. If we act on the thesis, we continue to focus on companies with less growth and, possibly a pricing structure (in shares) that is dominated by binary M&A price movements.
Pick the right one and get a lucky 40% single day bump. Pick the wrong one and see underperformance or stagnated pricing as M&A play out.
Trouble here is, we cannot see this activity through the lens of public info releases and quarterly numbers reports.
With the strawman I’ve constructed above, it would be in the too-hard pile. Does the thesis stand?