DuckDuckGo for Mac, Juniper Networks, Future of InfoSec, & Subpar Products – ESW #269

Actually on the smaller size for Thoma Bravo recently. The PE firm picked up Proofpoint last year for over $12B. Folks have been saying for a while that an increase in large PE deals is a sign of a market correction... and we've got a few of them this week.

$6.2B acquisition by Kaseya - Datto is a 15-year old disaster recovery software vendor. 5 years ago, it was acquired by Vista and taken public 3 years later.

Thoma Bravo acquired Barracuda 4.5 years ago for $1.6B (at somewhere between 4-5x), taking the company private. Since this is a private sale to KKR (another PE firm), we don't know the deal price, but I wouldn't expect it to be drastically different. Barracuda has grown revenue by maybe 30-40% depending on sources, so somewhere around $2-2.5B wouldn't be a total wash for Thoma?

Tufin has about a month to look for other options, but it looks like they're going the PE route as well, for $570M.

So, at first glance, this looked like an acquisition and someone updated Crunchbase to make it so. I took a closer look and it seems like Juniper Networks and Synopsys are actually creating an entirely new company that they will jointly own: https://www.i-micronews.com/synopsys-juniper-networks-to-form-new-company-to-provide-silicon-photonics-platform/?cn-reloaded=1 It's always a bit confusing when Synopsys is in the news for something, because their main business is in semiconductor/chip design, but they also have a large appsec portfolio.

Thanks to the Security, Funded newsletter for the hat tip on this one: "a malware simulation platform for testing endpoint protection tools and threat hunting exercises, raised an undisclosed Seed."

We heard rumors that the FBI had actively fixed some vulnerable Exchange systems a year or so ago, so this doesn't seem totally unprecedented. It's still a bit shocking though. Or is it on-brand for the US? #AmericaWorldPolice

We're in the midst of a CASB 2.0 market trend right now, with more and more startups focusing on security concerns around third party SaaS applications. It appears that Obsidian is going the API, out-of-band route here, which is wise. Few customers back in the CASB 1.0 days seemed comfortable with reverse proxies, forward proxies, or agent-based approaches, all of which could be disruptive and fragile.

There's a ton of chatter out there about how the Metaverse isn't a real thing, or how it's simply a relabeling of existing companies and technologies. There's some truth to that, but this is the first time I've actually seen someone map everything out and categorize it. How is this relevant to an enterprise security podcast? I believe ALL technology trends are potentially relevant to enterprise security. I'll occasionally include news items that I think are strategically important for security practitioners to start familiarizing themselves with. This way, on the day your CEO or marketing team excitedly suggests getting Oculus Quests for the entire staff to improve productivity, you'll be somewhat prepared ;)

https://www.scmagazine.com/analysis/application-security/forallsecure-offering-1k-to-integrate-free-fuzzer-to-open-source-projects

https://www.cnet.com/videos/how-i-automated-my-presence-in-video-calls-for-a-week-and-nobody-knew/