About five years ago, Raytheon had a brilliant idea.
The mammoth defense contractor was landing a surprising number of cybersecurity engagements, almost by accident, from within its large base of government clients. Cybersecurity was emerging as the hottest sector in tech, and there seemed to be potential for a lot more cybersecurity revenue.
Raytheon became intrigued by the potential of combining its own expertise with best-of-breed cybersecurity technology to create a standalone cybersecurity company. Not long after, Forcepoint was born.
Raytheon teamed up with Vista Equity Partners in 2015, acquiring long-time secure web gateway titan Websense from Vista in exchange for a minority stake in the new company. It then added network security vendor Stonesoft (purchased from McAfee), some of Raytheon's own cyber assets, and a few minor acquisitions, including UEBA vendor RedOwl and CASB vendor Skyfence.
With these moves, Forcepoint quickly gained a product portfolio with some of the industry's most capable cybersecurity technologies in high-demand product segments including next-generation firewall (NGFW), secure web gateway (SWG), data loss prevention (DLP), and behavioral analytics.
Its collection of capabilities would be more than enough to turn heads in the commercial marketplace, while the Raytheon brand would open plenty of doors in the government sector. Or so it thought.
This week, Raytheon decided to end its middling foray into cybersecurity, signing an agreement to sell Forcepoint to Francisco Partners for an undisclosed sum. It's not the end for Forcepoint, but it's worth taking stock of why Raytheon's strategy missed the mark, and where Forcepoint goes from here.
Raytheon and Forcepoint Disappointed Each Other
Raytheon's decision was hardly a surprise. Research indicates Raytheon offered minimal support to Forcepoint, publicly or behind the scenes. Promised business and technology synergies rarely materialized.
Then in comments last November, Raytheon CEO Tom Kennedy told Baird conference attendees that Forcepoint would not be a "long-term part of the RTX portfolio."
It was a signal that shedding the cybersecurity firm would be a high priority following the completion of its then-pending merger with United Technologies. Another sign came late last year when Raytheon paid nearly $600 million to buy out Vista's roughly 20% stake in Forcepoint, removing the biggest hurdle to a potential sale.
Forcepoint's lackluster financial performance increased Raytheon's urgency. In fiscal 2019, the last full year for which data is available, Forcepoint's net sales totaled $658 million, a modest increase over the prior year, but its operating income totaled only $8 million, up from just $5 million in 2018.
Though Forcepoint is not believed to be losing money, and it has admittedly prioritized product development over profitability, it failed to achieve the early returns Raytheon expected. Put in context, for a company such as Raytheon that earns $29 billion annually, Forcepoint is little more than a rounding error.
Investors had pressured Raytheon to sell Forcepoint. One equity research firm noted last year that Forcepoint was a non-core asset that, because of the ongoing demand for cybersecurity investments, could net Raytheon nearly $1.5 billion in return.
Furthermore, Raytheon completed its merger with United Technologies earlier this year. Its strategy is to double down on the defense industrial base. Fighting malware and warding off insider threats is important work, but it's not hard to see how a struggling enterprise cybersecurity venture didn't quite fit comfortably in the corporate portfolio next to fighter jet engines and missile defense systems.
And it's not the first time in recent years that a defense contractor has had a change of heart with a cybersecurity subsidiary. Raytheon follows General Dynamics, Lockheed Martin, and Northrop Grumman, which have all sold their respective cybersecurity units in the past five years.
Opportunity for Success Still Within Forcepoint's Grasp
Despite new uncertainty for Forcepoint, the company remains on an upward trajectory. It recently reached a major milestone in its long-running effort to unify its product portfolio.
In July, Forcepoint debuted its Dynamic Edge Protection product line, a two-pronged zero-trust access (ZTA) solution combining behavior-based threat protection with unified policy enforcement across Web, network, cloud and data protection instances.
Two of the biggest contemporary cybersecurity challenges facing enterprises are gaining real-time visibility into public cloud and SaaS applications, and tracing incidents across an evolving IT estate that includes distributed endpoints, networks, and cloud environments. Forcepoint Dynamic Edge Protection is intended to help enterprises address both concerns.
Forcepoint, however, isn't the only vendor pursuing this product strategy. ZTA competitors already include cybersecurity giants like Cisco, Palo Alto Networks, and Fortinet, several pure-play ZTA vendors including Zscaler and Netskope, plus a cadre of hungry startups.
Forcepoint must find a way to differentiate, but it has a reasonable opportunity to do so. It is working on entity-based risk scoring, enabling protection paradigms based not on specific threats but on behaviors that are indicative of potential compromise. It is an ambitious approach that few top-tier enterprise cybersecurity vendors are pursuing as a core strategy, but one that shows promise in helping enterprise customers more easily focus in on the threats that really matter.
Yet it remains to be seen whether new owner Francisco Partners will tolerate the significant research and development investment Forcepoint has made to modernize, unify, and cloud-enable its product portfolio. The Forcepoint brand is also arguably not as well known as those of its competitors, meaning a sizable ongoing marketing spend is likely necessary to foster awareness in the marketplace.
Historically, private equity firms are not known for supporting these kinds of expensive endeavors. In a statement, Forcepoint said it is committed to delivering on its product roadmap through 2021, but some changes are expected; Francisco Partners will likely be focused on cutting Forcepoint's costs and delivering a return for its investors.
It is also worth noting that Francisco already owns two other firewall companies, SonicWall and WatchGuard, as well as network intelligence vendor Sandvine. Overlapping capabilities within its portfolio isn't unprecedented for Francisco, but such instances are often reconciled before long.
Raytheon may have given up on Forcepoint, but Forcepoint remains one of the more underrated vendors in enterprise cybersecurity. Its vision is bold, its technology is sound, and its potential remains abundant. Forcepoint and its customers can only hope its next owner believes more than the last one.
· See exclusive Omdia research & commentary on Dark Reading
· Press release: Forcepoint Delivers Dynamic Edge Protection
· Press release: Forcepoint Delivers Remote Browser Isolation
· Forcepoint Snaps Up RedOwl