Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Omdia's On-Demand Webinars
Omdia's On-Demand Cybersecurity Webinars
Boost detection & stop attacks
Webinar: How SOCs can improve threat detection
What's next for DC firewalls?
Webinar: Net security for software-defined DCs
01:00 PM
Eric Parizo
Eric Parizo
Connect Directly
E-Mail vvv

Analysis: Forcepoint Can Still Succeed, but It Needs Committed Ownership

Raytheon intends to sell Forcepoint to PE firm Francisco Partners. Despite a solid product portfolio and bold strategy, Forcepoint's future is now even more uncertain.

About five years ago, Raytheon had a brilliant idea.

The mammoth defense contractor was landing a surprising number of cybersecurity engagements, almost by accident, from within its large base of government clients. Cybersecurity was emerging as the hottest sector in tech, and there seemed to be potential for a lot more cybersecurity revenue.

Raytheon became intrigued by the potential of combining its own expertise with best-of-breed cybersecurity technology to create a standalone cybersecurity company. Not long after, Forcepoint was born.

Raytheon teamed up with Vista Equity Partners in 2015, acquiring long-time secure web gateway titan Websense from Vista in exchange for a minority stake in the new company. It then added network security vendor Stonesoft (purchased from McAfee), some of Raytheon's own cyber assets, and a few minor acquisitions, including UEBA vendor RedOwl and CASB vendor Skyfence.

With these moves, Forcepoint quickly gained a product portfolio with some of the industry's most capable cybersecurity technologies in high-demand product segments including next-generation firewall (NGFW), secure web gateway (SWG), data loss prevention (DLP), and behavioral analytics.

Its collection of capabilities would be more than enough to turn heads in the commercial marketplace, while the Raytheon brand would open plenty of doors in the government sector. Or so it thought.

This week, Raytheon decided to end its middling foray into cybersecurity, signing an agreement to sell Forcepoint to Francisco Partners for an undisclosed sum. It's not the end for Forcepoint, but it's worth taking stock of why Raytheon's strategy missed the mark, and where Forcepoint goes from here.

Raytheon and Forcepoint Disappointed Each Other
Raytheon's decision was hardly a surprise. Research indicates Raytheon offered minimal support to Forcepoint, publicly or behind the scenes. Promised business and technology synergies rarely materialized.

Then in comments last November, Raytheon CEO Tom Kennedy told Baird conference attendees that Forcepoint would not be a "long-term part of the RTX portfolio."

It was a signal that shedding the cybersecurity firm would be a high priority following the completion of its then-pending merger with United Technologies. Another sign came late last year when Raytheon paid nearly $600 million to buy out Vista's roughly 20% stake in Forcepoint, removing the biggest hurdle to a potential sale.

Forcepoint's lackluster financial performance increased Raytheon's urgency. In fiscal 2019, the last full year for which data is available, Forcepoint's net sales totaled $658 million, a modest increase over the prior year, but its operating income totaled only $8 million, up from just $5 million in 2018.

Though Forcepoint is not believed to be losing money, and it has admittedly prioritized product development over profitability, it failed to achieve the early returns Raytheon expected. Put in context, for a company such as Raytheon that earns $29 billion annually, Forcepoint is little more than a rounding error.

Investors had pressured Raytheon to sell Forcepoint. One equity research firm noted last year that Forcepoint was a non-core asset that, because of the ongoing demand for cybersecurity investments, could net Raytheon nearly $1.5 billion in return.

Furthermore, Raytheon completed its merger with United Technologies earlier this year. Its strategy is to double down on the defense industrial base. Fighting malware and warding off insider threats is important work, but it's not hard to see how a struggling enterprise cybersecurity venture didn't quite fit comfortably in the corporate portfolio next to fighter jet engines and missile defense systems.

And it's not the first time in recent years that a defense contractor has had a change of heart with a cybersecurity subsidiary. Raytheon follows General Dynamics, Lockheed Martin, and Northrop Grumman, which have all sold their respective cybersecurity units in the past five years.

Opportunity for Success Still Within Forcepoint's Grasp
Despite new uncertainty for Forcepoint, the company remains on an upward trajectory. It recently reached a major milestone in its long-running effort to unify its product portfolio.

In July, Forcepoint debuted its Dynamic Edge Protection product line, a two-pronged zero-trust access (ZTA) solution combining behavior-based threat protection with unified policy enforcement across Web, network, cloud and data protection instances. 

Two of the biggest contemporary cybersecurity challenges facing enterprises are gaining real-time visibility into public cloud and SaaS applications, and tracing incidents across an evolving IT estate that includes distributed endpoints, networks, and cloud environments. Forcepoint Dynamic Edge Protection is intended to help enterprises address both concerns.

Forcepoint, however, isn't the only vendor pursuing this product strategy. ZTA competitors already include cybersecurity giants like Cisco, Palo Alto Networks, and Fortinet, several pure-play ZTA vendors including Zscaler and Netskope, plus a cadre of hungry startups.  

Forcepoint must find a way to differentiate, but it has a reasonable opportunity to do so. It is working on entity-based risk scoring, enabling protection paradigms based not on specific threats but on behaviors that are indicative of potential compromise. It is an ambitious approach that few top-tier enterprise cybersecurity vendors are pursuing as a core strategy, but one that shows promise in helping enterprise customers more easily focus in on the threats that really matter.

Yet it remains to be seen whether new owner Francisco Partners will tolerate the significant research and development investment Forcepoint has made to modernize, unify, and cloud-enable its product portfolio. The Forcepoint brand is also arguably not as well known as those of its competitors, meaning a sizable ongoing marketing spend is likely necessary to foster awareness in the marketplace.

Historically, private equity firms are not known for supporting these kinds of expensive endeavors. In a statement, Forcepoint said it is committed to delivering on its product roadmap through 2021, but some changes are expected; Francisco Partners will likely be focused on cutting Forcepoint's costs and delivering a return for its investors.

It is also worth noting that Francisco already owns two other firewall companies, SonicWall and WatchGuard, as well as network intelligence vendor Sandvine. Overlapping capabilities within its portfolio isn't unprecedented for Francisco, but such instances are often reconciled before long.

Raytheon may have given up on Forcepoint, but Forcepoint remains one of the more underrated vendors in enterprise cybersecurity. Its vision is bold, its technology is sound, and its potential remains abundant. Forcepoint and its customers can only hope its next owner believes more than the last one.

Related Content:
·         See exclusive Omdia research & commentary on Dark Reading
·         Press release: Forcepoint Delivers Dynamic Edge Protection
·         Press release: Forcepoint Delivers Remote Browser Isolation
·         Forcepoint Snaps Up RedOwl

Eric Parizo supports Omdia's Cybersecurity Accelerator, its research practice supporting vendor, service provider, and enterprise clients in the area of enterprise cybersecurity. Eric covers global cybersecurity trends and top-tier vendors in North America. He has been ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...