Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Fintech at SaaS Speed
Webinar: Navigating scale and security challenges
Encrypted Traffic Strategies
Webinar: Best practices for enterprise net traffic
Omdia's On-Demand Webinars
Omdia's On-Demand Cybersecurity Webinars
01:00 PM
Eric Parizo
Eric Parizo
Connect Directly
E-Mail vvv

Analysis: Forcepoint Can Still Succeed, but It Needs Committed Ownership

Raytheon intends to sell Forcepoint to PE firm Francisco Partners. Despite a solid product portfolio and bold strategy, Forcepoint's future is now even more uncertain.

About five years ago, Raytheon had a brilliant idea.

The mammoth defense contractor was landing a surprising number of cybersecurity engagements, almost by accident, from within its large base of government clients. Cybersecurity was emerging as the hottest sector in tech, and there seemed to be potential for a lot more cybersecurity revenue.

Raytheon became intrigued by the potential of combining its own expertise with best-of-breed cybersecurity technology to create a standalone cybersecurity company. Not long after, Forcepoint was born.

Raytheon teamed up with Vista Equity Partners in 2015, acquiring long-time secure web gateway titan Websense from Vista in exchange for a minority stake in the new company. It then added network security vendor Stonesoft (purchased from McAfee), some of Raytheon's own cyber assets, and a few minor acquisitions, including UEBA vendor RedOwl and CASB vendor Skyfence.

With these moves, Forcepoint quickly gained a product portfolio with some of the industry's most capable cybersecurity technologies in high-demand product segments including next-generation firewall (NGFW), secure web gateway (SWG), data loss prevention (DLP), and behavioral analytics.

Its collection of capabilities would be more than enough to turn heads in the commercial marketplace, while the Raytheon brand would open plenty of doors in the government sector. Or so it thought.

This week, Raytheon decided to end its middling foray into cybersecurity, signing an agreement to sell Forcepoint to Francisco Partners for an undisclosed sum. It's not the end for Forcepoint, but it's worth taking stock of why Raytheon's strategy missed the mark, and where Forcepoint goes from here.

Raytheon and Forcepoint Disappointed Each Other
Raytheon's decision was hardly a surprise. Research indicates Raytheon offered minimal support to Forcepoint, publicly or behind the scenes. Promised business and technology synergies rarely materialized.

Then in comments last November, Raytheon CEO Tom Kennedy told Baird conference attendees that Forcepoint would not be a "long-term part of the RTX portfolio."

It was a signal that shedding the cybersecurity firm would be a high priority following the completion of its then-pending merger with United Technologies. Another sign came late last year when Raytheon paid nearly $600 million to buy out Vista's roughly 20% stake in Forcepoint, removing the biggest hurdle to a potential sale.

Forcepoint's lackluster financial performance increased Raytheon's urgency. In fiscal 2019, the last full year for which data is available, Forcepoint's net sales totaled $658 million, a modest increase over the prior year, but its operating income totaled only $8 million, up from just $5 million in 2018.

Though Forcepoint is not believed to be losing money, and it has admittedly prioritized product development over profitability, it failed to achieve the early returns Raytheon expected. Put in context, for a company such as Raytheon that earns $29 billion annually, Forcepoint is little more than a rounding error.

Investors had pressured Raytheon to sell Forcepoint. One equity research firm noted last year that Forcepoint was a non-core asset that, because of the ongoing demand for cybersecurity investments, could net Raytheon nearly $1.5 billion in return.

Furthermore, Raytheon completed its merger with United Technologies earlier this year. Its strategy is to double down on the defense industrial base. Fighting malware and warding off insider threats is important work, but it's not hard to see how a struggling enterprise cybersecurity venture didn't quite fit comfortably in the corporate portfolio next to fighter jet engines and missile defense systems.

And it's not the first time in recent years that a defense contractor has had a change of heart with a cybersecurity subsidiary. Raytheon follows General Dynamics, Lockheed Martin, and Northrop Grumman, which have all sold their respective cybersecurity units in the past five years.

Opportunity for Success Still Within Forcepoint's Grasp
Despite new uncertainty for Forcepoint, the company remains on an upward trajectory. It recently reached a major milestone in its long-running effort to unify its product portfolio.

In July, Forcepoint debuted its Dynamic Edge Protection product line, a two-pronged zero-trust access (ZTA) solution combining behavior-based threat protection with unified policy enforcement across Web, network, cloud and data protection instances. 

Two of the biggest contemporary cybersecurity challenges facing enterprises are gaining real-time visibility into public cloud and SaaS applications, and tracing incidents across an evolving IT estate that includes distributed endpoints, networks, and cloud environments. Forcepoint Dynamic Edge Protection is intended to help enterprises address both concerns.

Forcepoint, however, isn't the only vendor pursuing this product strategy. ZTA competitors already include cybersecurity giants like Cisco, Palo Alto Networks, and Fortinet, several pure-play ZTA vendors including Zscaler and Netskope, plus a cadre of hungry startups.  

Forcepoint must find a way to differentiate, but it has a reasonable opportunity to do so. It is working on entity-based risk scoring, enabling protection paradigms based not on specific threats but on behaviors that are indicative of potential compromise. It is an ambitious approach that few top-tier enterprise cybersecurity vendors are pursuing as a core strategy, but one that shows promise in helping enterprise customers more easily focus in on the threats that really matter.

Yet it remains to be seen whether new owner Francisco Partners will tolerate the significant research and development investment Forcepoint has made to modernize, unify, and cloud-enable its product portfolio. The Forcepoint brand is also arguably not as well known as those of its competitors, meaning a sizable ongoing marketing spend is likely necessary to foster awareness in the marketplace.

Historically, private equity firms are not known for supporting these kinds of expensive endeavors. In a statement, Forcepoint said it is committed to delivering on its product roadmap through 2021, but some changes are expected; Francisco Partners will likely be focused on cutting Forcepoint's costs and delivering a return for its investors.

It is also worth noting that Francisco already owns two other firewall companies, SonicWall and WatchGuard, as well as network intelligence vendor Sandvine. Overlapping capabilities within its portfolio isn't unprecedented for Francisco, but such instances are often reconciled before long.

Raytheon may have given up on Forcepoint, but Forcepoint remains one of the more underrated vendors in enterprise cybersecurity. Its vision is bold, its technology is sound, and its potential remains abundant. Forcepoint and its customers can only hope its next owner believes more than the last one.

Related Content:
·         See exclusive Omdia research & commentary on Dark Reading
·         Press release: Forcepoint Delivers Dynamic Edge Protection
·         Press release: Forcepoint Delivers Remote Browser Isolation
·         Forcepoint Snaps Up RedOwl

Eric Parizo supports Omdia's Cybersecurity Accelerator, its research practice supporting vendor, service provider, and enterprise clients in the area of enterprise cybersecurity. Eric covers global cybersecurity trends and top-tier vendors in North America. He has been ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-21
In memory management driver, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185196177
PUBLISHED: 2021-06-21
In memory management driver, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185193932
PUBLISHED: 2021-06-21
Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
PUBLISHED: 2021-06-21
In updateDrawable of StatusBarIconView.java, there is a possible permission bypass due to an uncaught exception. This could lead to local escalation of privilege by running foreground services without notifying the user, with User execution privileges needed. User interaction is not needed for explo...
PUBLISHED: 2021-06-21
In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: ...