Cybersecurity insiders don’t believe the looming bankruptcy of former high-flier IronNet will be an isolated collapse, as the industry battles a tough economy following years of speculative investment.
The network detection and response (NDR) company, founded by former NSA and U.S. Cyber Command chief Keith Alexander, was valued at $1.2 billion when it went public through a special purpose acquisition company in 2021.
But after a rocky 2 1/2 years, a judge in Delaware earlier this month signed off on a Chapter 11 restructuring plan that will see IronNet assets sold off to pay $35 million owed to creditors.
The company’s troubles included being sued by shareholders who claimed it overstated its growth potential ahead of listing on the New York Stock Exchange. It racked up debt as it struggled to finalize deals and secure payment from some clients, leading to a spate of staff layoffs last year.
On Sept. 29 IronNet shut down operations and terminated its remaining 104 employees. The company initially said it expected to face Chapter 7 liquidation but was able to secure a $10 million loan to fund the Chapter 11 bankruptcy asset sales process.
Fears of more failures ahead
Cybersecurity leaders told SC Media the IronNet story isn’t unique, and to expect more NDR and other security companies to follow suit, reduce headcount and be part of a merger or acquisition.
“We will see more of these bankruptcies with highly leveraged cybersecurity companies, even those with ‘unicorn status’,” said Approov CEO Ted Miracco.
Miracco cited a recent IANS Research report stating a 6% growth rate in CISO reported budgets. “This is fundamentally incompatible with the large cadre of VC backed companies that expect triple-digit growth figures, especially in this current economic environment,” he said.
Better positioned to weather the current economic and investment climate are firms already focused on profitability, innovation and a track record of performing in mixed market conditions, he said.
Stamus Networks CEO Ken Gramley said IronNet’s collapse reinforced a need for businesses to focus on differentiated value, product-market fit and running a fiscally sound operation.
“With a fragile economy and a very crowded NDR market, it’s even more critical for those of us in this space to get back to these basic principles,” he said. Tool sprawl among large numbers of vendors can be costly and inefficient. For that reason cybersecurity products will follow a trend of merging into broader platforms.
Additional security related firms listed recently by Intellizence as filing for some type of bankruptcy protection in 2023 include; Quanergy Solutions, SunGard Availability Services and Cyren. Cybersecurity firms recently announcing layoffs include Cisco Systems, Deepwatch, Fortinet, HackerOne, Rapid7 and Secureworks.
Market consolidation or choppy economic waters?
At this year’s Gartner Security and Risk Management Summit Gartner Neil MacDonald analyst and VP at Gartner told attendees 75% of security buyers are pursuing vendor consolidation, up from 29% in 2020.
MacDonald said NDR solutions will increasingly be joined by EDR and identity threat and detection response (ITDR) solutions into streamlined and unified XDR platform. NDR is joined by a number of other insular cybersecurity solutions that rollup to larger parent categories such as data security, workplace security, attack surface management, identity access management and integrated risk management, according to Gartner.
AllegisCyber Capital managing director Bob Ackerman said a rationalization of the security market was underway.
“It’s a healthy thing because of the massive amount of capital that went into cyber over the past two and a half years. We’ve ended up with an oversupply of undifferentiated companies that need to be rationalized, and when we’re done with this, we’ll end up with a healthier market, though a smaller number of players.”
As once emerging cybersecurity solutions become commoditized over time companies with a too narrow solution focus face strong economic headwinds, said Aimei Wei, founder and CTO of Stellar Cyber.
“IronNet had a single focus on detecting threats from network telemetry. [Once] the risk is contained customers can readily look for NDR alternatives,” Wei said.
Indeed, IronNet competitors have been quick to respond to company’s demise. For example, Stamus Networks is now offering affected IronNet customers an IronNet Upgrade Program that includes a free license of its’ NDR solution for the remainder of their current IronNet contract.
“I see a growing interest in ecosystems and best-of-breed-based solutions to ensure there is resiliency built into the operational environment,” Wei said.
She said the predicament IronNet customers faced highlighted cybersecurity’s “philosophical battle” between closed single-stack solutions and open ecosystems. “In such an environment, tools like IronNet can be more readily replaced.”
SPACs lose their sparkle
For other cybersecurity insiders the IronNet story is a harbinger for the role a special purpose acquisition company (SPAC) plays in the initial public offering (IPO) process. A SPAC “is a company without commercial operations and is formed strictly to raise capital through an IPO for the purpose of acquiring or merging with an existing company,” according to an Investopedia definition of the term.
“The IronNet demise is yet another nail in the coffin for SPACs, and their role in accelerating lucrative financial exits for startups,” said Claude Mandy, data security chief evangelist at Symmetry Systems.
SPACs – essentially shell companies that raise money to take over existing businesses – were popular between 2020 and 2022 but fell out of favor as investment capital dried up. Critics say they are a way to sidestep the rigorous initial public offering (IPO) process – designed to protect investors – that is associated with a standard share market listing.
“It will be intriguing to watch how regulators react to this failure and whether further regulation on SPACs is introduced over time,” Mandy said.
Consolidation within the cybersecurity space, beyond the specter of bankruptcies, will continue to include mergers and acquisitions (M&A). According to the latest data from Momentum Cyber (PDF) there were 20 M&A transactions announced in August 2023; a 30% increase YoY. Of note to analysts is the drop in the value of those deals – a reflection of leaner times.
Focus on fundamentals, not investment dollars
“Like many companies that jumped on the SPAC bandwagon, IronNet proves that you have to have great fundamentals and a responsible growth strategy even when investment dollars are relatively easy to come by,” said Traceable AI chief security officer Richard Bird. “Because when times get tough, those easy investment dollars aren’t there anymore.”
Transmosis CEO Chase Norlin said IronNet’s failure reflected the oversaturation of private equity in the enterprise cybersecurity space.
“In the past five years there’s been an explosion of enterprise cybersecurity companies and funding, which has pumped up valuations but also created an extremely competitive environment for these companies to acquire new enterprise customers who are looking to streamline their security operations under multi-product providers,” he said. “Expect this to continue and M&A [mergers and acquisitions] consolidation to increase.”