This move continues the trend among security vendors to acquire new capabilities to build out their platforms. This consolidation of the market is good for customers to a degree as it means there is less of a need to ‘roll their own’ security solution. On the other hand it is removing choice from the market. There is also the question of integration where each acquisition needs to be carefully integrated in order to prevent any gap for cybercriminals to exploit.
Corey Thomas, president and chief executive officer of Rapid7 said: “We’re thrilled to add Logentries’ technology and team to Rapid7. The disruptive combination of Rapid7’s industry-leading data collection and security analytics and Logentries’ compelling machine data search technology, enables customers to better understand and quickly respond to risk in their IT environment.
“This is a natural progression of our security data and analytics platform, complementing our value proposition and accelerating our time to market.”
What does the Logentries acquisition deliver to Rapid7
Real-time log management is a core requirement for any security intelligence platform. It provides an opportunity to detect early signs of malware, cyberattacks, advanced persistent threats and the exfiltration of data. It is also an area that poses a significant challenge for many companies due to the quantity of data to be captured and the number of devices whose logs must be examined.
This is where Logentries comes in. It has a well established real-time log capture and analytics platform for the enterprise and more importantly for the cloud. It has integrated its capture technology into AWS and supports Java, iOS and a number of other platforms and languages. It can also deal with both structured and unstructured data allowing it to examine more than just structured log files.
Recently logentries added support for Docker containers. This means that companies can not only search containers for malware before they are deployed on their site but can also continue to monitor them over time to ensure that any attempt to infect the software is identified in real-time.
A side benefit of this is that Logentries is also able to provide information on container usage. There is a lot of concern in operations teams that containers will explode in usage faster than virtual machines (VMs). Many companies admit that the VM sprawl problem in their data centre means they cannot be certain whether they are under licensed, over licensed or are paying the right amount for the software they own.
Andrew Burton, chief executive officer of Logentries commented: “Rapid7’s leading position in the security data and analytics market gives us the opportunity to reach an evolving and expanding market that is looking for lower cost access to machine data, along with advanced security data collection and analytics.”
Challenges for Rapid7
Rapid7 say that this will accelerate their roadmap towards a greater security intelligence platform. This is good news for Rapid7 customers and it puts the company into the big leagues pitching it against the likes of IBM, HP, Symantec and a small number of other security vendors.
However, there is much that has to be done in order for this to be a complete solution. Neither Rapid7 or Logentries are members of the Structured Threat Information Exchange (STIX) or the Trusted Automated eXchange of Indicator Information (TAXII). What they do is allow vendors and even end users to file information about attacks and potential attacks as they occur. It also allows them to access reports filed by other people in order to protect their own systems.
With both STIX and TAXII both transitioning to OASIS in order to create standards for handling threat information, it is important that Rapid7 are seen to be involved with them. It will put them at the heart of the emerging threat intelligence market with a toolset that is capable of detecting, capturing and reporting threat attacks.
It will be important for Rapid7 to explain to customers how it expects Logentries to fit into its future plans and what they can expect to see in terms of new features. It is just as important that Rapid7 talk to Logentries customers and let them know what they can expect as a result of this deal. For example, will they be entitled to upgrade to any of the Rapid7 solutions and products for free? If not, what sort of pricing will there be in order for them to gain access to any of the Rapid7 solutions, products and services?
Logentries customers will also want to know what is happening with the roadmap that Logentries had. Will that be axed? Will Rapid7 continue along the same timeframe? Will there be an acceleration of new features into the product?
These are all important issues and none of them are addressed in the press release.
What is Rapid7 paying?
The final cost of this deal is approximately $68 million as a mix of shares and $36 million in cash. The general view among analysts is that this is a reasonable price for Logentries and Rapid7 should see that money returned pretty soon.
In fact, in the press release Steven Gatoff, chief financial officer of Rapid7 said: “We anticipate the acquisition of Logentries driving an incremental $10-12 million in billings in 2016. Importantly, we do not expect the acquisition to have a material impact on the overall timing of our attainment of positive operating cash flow or on non-GAAP profitability breakeven.”
Interestingly, Rapid7 has announced that 39 members of Logentries staff will get a share of 910,812 shares of restricted common stock. The intent, according to the press release, is: “to retain and incentivize them going forward.” This is an interest move and it’s rare to see any acquisition where the number of staff getting shares in order to persuade them to stay is as high as this.
This deal is good for Rapid7, Logentries and potentially the customers of both companies. Much will depend on how well the integration of the products goes and how many Logentries and Rapid7 customers buy into the new solution. There is no obvious reason for them not to but it will all depend on the cost and time taken to ensure the integration of products and services is complete.
Looking at the bigger picture, this move by Rapid7 to project themselves into the large enterprise space as a major security provider with a comprehensive approach to security intelligence is an interest move. It is also one that we can expect to see from a number of vendors as the security intelligence market continues to consolidate.