M&A activity heats up across Security & Observability
More to come following Splunk, New Relic and Sumo Logic acquisitions?
M&A Activity Overview
M&A activity is heating up across the Security and Observability space following Cisco System’s announcement to acquire Splunk. Others in the arena this year include New Relic’s bid from Francisco Partners & TPG and Sumo Logic’s acquisition by Francisco Partners. Each of these companies were acquired at low-to-mid single digit EV/LTM Sales multiples – dramatically different than the sky-high SaaS multiples we’ve grown accustomed to over the last decade.
Acquisition Multiples:
- Splunk 7.9x EV/LTM Sales
- New Relic 6.0x EV/LTM Sales
- Sumo Logic 4.7x EV/LTM Sales
What is Security & Observability?
Security and Observability solutions help companies understand, analyze, and make use of their data, specifically for security, IT, and dev teams. Observability includes logs, metrics, application performance monitoring (APM), infrastructure monitoring while Security encompasses threat detection, anomaly detection, endpoint protection, cloud security and security monitoring.
These providers deliver solutions to customers ranging from small-to-medium sized businesses to Fortune 500 enterprises with customers typically signing up for multiple solutions delivered across public, private and hybrid clouds. While business models vary, consumption-based pricing and term-based licenses are the primary models across security and observability participants.
How big is the market and who are the key players?
The observability market size is approximately $20bn while the security market size is roughly $25bn.
In the Observability market, the key players are Splunk, New Relic, Elastic, Dynatrace, AppDynamics (owned by Cisco Systems) and Datadog.
In the Security market, the key players are McAffee, Symantec (owned by Broadcom), Carbon Black (owned by VMware), CrowdStrike, Elastic, Azure Sentinel (by Microsoft), and Splunk.
What’s driving acquisition activity?
In 2017, Cisco acquired application performance monitoring (APM) and business monitoring company, AppDynamics, to address the increased complexity of application environments due to the rise of connected devices, distributed architectures, and multi-clouds.
In 2019, Broadcom acquired Symantec to bolster its infrastructure technology business with enterprise security offerings that provided endpoint security, web security services, cloud security and data loss prevention. We also saw VMware’s acquisition of Carbon Black to add endpoint security and detection into its compute stack.
Outlook uncertainty and inflation led to general trends seen across the market causing IT spend consolidation and consumption optimization, lowering the near-term growth outlook for a historically high-growth sector. Companies with consumption-based pricing models such as Splunk, New Relic, and Elastic have experienced outsized sell-offs relative to peers that have a greater proportion of term-based revenues.
Furthermore, industry growth was previously supported by tailwinds such as cloud-transitioning and data doubling every year. The acceleration and adoption of generative AI, expanding threats, and multiple cloud environments are expected to create further complexity never seen before and organizations will need a way to manage, protect, and utilize their data.
These trends have contributed to the acquisition activity so far in 2023. To date, we’ve seen two take-private transactions in addition to Cisco’s announcement to acquire security and observability leader, Splunk. The first privatization was in February with Francisco Partners’ acquisition of observability and machine data analytics platform Sumo Logic, and the second was in July with Francisco Partners & TPG teaming up to acquire observability platform, New Relic.
More activity to follow?
The remaining public players in the space include Dynatrace, Datadog, CrowdStrike, and Elastic. Dynatrace and Datadog are both positioned between security and observability providing application monitoring and infrastructure monitoring solutions whereas CrowdStrike is a pure-play security cloud provider. Elastic is slightly differentiated as it offers observability and security solutions, though it’s known for its open-source platform with search at its core, powering enterprise search solutions across websites and applications. Elastic is a founder owned and operated business that’s recently shaken up its management team to focus on the faster growth security segment. Of the remaining public companies operating within the observability and security landscape, Elastic is the only player trading at an EV/Sales multiple like those of precedent transactions.
EV/LTM Sales Multiples:
- Elastic 6.6x EV/LTM Sales
- Dynatrace 10.6x EV/LTM Sales
- Crowdstrike 13.8x EV/LTM Sales
- Datadog 14.5x EV/LTM Sales
While potential risks from Elastic’s open-source model, evolutions in vector search, and management changes shouldn’t be discounted, Elastic could potentially be the next acquisition target by a hyperscaler or infrastructure technology company that’s looking to accelerate its business to more recurring revenue and integrate security and observability into its offerings.
Sources
(1) New Relic to be Acquired by Francisco Partners and TPG for $6.5 Billion
(2) Cisco to Acquire Splunk, to Help Make Organizations More Secure and Resilient in an AI-Powered World
(3) Sumo Logic to be Acquired by Francisco Partners for $1.7 Billion
(4) Broadcom to Acquire Symantec Enterprise Security Business for $10.7 Billion in Cash