Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

SecOps & DevOps collaboration
Webinar: Start transforming DevOps into DevSecOps
The smart home revolution
Webinar: CHIP standard & role of hardware security
Video surveillance & analytics
Webinar: How app stores impact the ecosystem
01:00 PM
Eric Parizo
Eric Parizo
Connect Directly
E-Mail vvv

Analysis: Forcepoint Can Still Succeed, but It Needs Committed Ownership

Raytheon intends to sell Forcepoint to PE firm Francisco Partners. Despite a solid product portfolio and bold strategy, Forcepoint's future is now even more uncertain.

About five years ago, Raytheon had a brilliant idea.

The mammoth defense contractor was landing a surprising number of cybersecurity engagements, almost by accident, from within its large base of government clients. Cybersecurity was emerging as the hottest sector in tech, and there seemed to be potential for a lot more cybersecurity revenue.

Raytheon became intrigued by the potential of combining its own expertise with best-of-breed cybersecurity technology to create a standalone cybersecurity company. Not long after, Forcepoint was born.

Raytheon teamed up with Vista Equity Partners in 2015, acquiring long-time secure web gateway titan Websense from Vista in exchange for a minority stake in the new company. It then added network security vendor Stonesoft (purchased from McAfee), some of Raytheon's own cyber assets, and a few minor acquisitions, including UEBA vendor RedOwl and CASB vendor Skyfence.

With these moves, Forcepoint quickly gained a product portfolio with some of the industry's most capable cybersecurity technologies in high-demand product segments including next-generation firewall (NGFW), secure web gateway (SWG), data loss prevention (DLP), and behavioral analytics.

Its collection of capabilities would be more than enough to turn heads in the commercial marketplace, while the Raytheon brand would open plenty of doors in the government sector. Or so it thought.

This week, Raytheon decided to end its middling foray into cybersecurity, signing an agreement to sell Forcepoint to Francisco Partners for an undisclosed sum. It's not the end for Forcepoint, but it's worth taking stock of why Raytheon's strategy missed the mark, and where Forcepoint goes from here.

Raytheon and Forcepoint Disappointed Each Other
Raytheon's decision was hardly a surprise. Research indicates Raytheon offered minimal support to Forcepoint, publicly or behind the scenes. Promised business and technology synergies rarely materialized.

Then in comments last November, Raytheon CEO Tom Kennedy told Baird conference attendees that Forcepoint would not be a "long-term part of the RTX portfolio."

It was a signal that shedding the cybersecurity firm would be a high priority following the completion of its then-pending merger with United Technologies. Another sign came late last year when Raytheon paid nearly $600 million to buy out Vista's roughly 20% stake in Forcepoint, removing the biggest hurdle to a potential sale.

Forcepoint's lackluster financial performance increased Raytheon's urgency. In fiscal 2019, the last full year for which data is available, Forcepoint's net sales totaled $658 million, a modest increase over the prior year, but its operating income totaled only $8 million, up from just $5 million in 2018.

Though Forcepoint is not believed to be losing money, and it has admittedly prioritized product development over profitability, it failed to achieve the early returns Raytheon expected. Put in context, for a company such as Raytheon that earns $29 billion annually, Forcepoint is little more than a rounding error.

Investors had pressured Raytheon to sell Forcepoint. One equity research firm noted last year that Forcepoint was a non-core asset that, because of the ongoing demand for cybersecurity investments, could net Raytheon nearly $1.5 billion in return.

Furthermore, Raytheon completed its merger with United Technologies earlier this year. Its strategy is to double down on the defense industrial base. Fighting malware and warding off insider threats is important work, but it's not hard to see how a struggling enterprise cybersecurity venture didn't quite fit comfortably in the corporate portfolio next to fighter jet engines and missile defense systems.

And it's not the first time in recent years that a defense contractor has had a change of heart with a cybersecurity subsidiary. Raytheon follows General Dynamics, Lockheed Martin, and Northrop Grumman, which have all sold their respective cybersecurity units in the past five years.

Opportunity for Success Still Within Forcepoint's Grasp
Despite new uncertainty for Forcepoint, the company remains on an upward trajectory. It recently reached a major milestone in its long-running effort to unify its product portfolio.

In July, Forcepoint debuted its Dynamic Edge Protection product line, a two-pronged zero-trust access (ZTA) solution combining behavior-based threat protection with unified policy enforcement across Web, network, cloud and data protection instances. 

Two of the biggest contemporary cybersecurity challenges facing enterprises are gaining real-time visibility into public cloud and SaaS applications, and tracing incidents across an evolving IT estate that includes distributed endpoints, networks, and cloud environments. Forcepoint Dynamic Edge Protection is intended to help enterprises address both concerns.

Forcepoint, however, isn't the only vendor pursuing this product strategy. ZTA competitors already include cybersecurity giants like Cisco, Palo Alto Networks, and Fortinet, several pure-play ZTA vendors including Zscaler and Netskope, plus a cadre of hungry startups.  

Forcepoint must find a way to differentiate, but it has a reasonable opportunity to do so. It is working on entity-based risk scoring, enabling protection paradigms based not on specific threats but on behaviors that are indicative of potential compromise. It is an ambitious approach that few top-tier enterprise cybersecurity vendors are pursuing as a core strategy, but one that shows promise in helping enterprise customers more easily focus in on the threats that really matter.

Yet it remains to be seen whether new owner Francisco Partners will tolerate the significant research and development investment Forcepoint has made to modernize, unify, and cloud-enable its product portfolio. The Forcepoint brand is also arguably not as well known as those of its competitors, meaning a sizable ongoing marketing spend is likely necessary to foster awareness in the marketplace.

Historically, private equity firms are not known for supporting these kinds of expensive endeavors. In a statement, Forcepoint said it is committed to delivering on its product roadmap through 2021, but some changes are expected; Francisco Partners will likely be focused on cutting Forcepoint's costs and delivering a return for its investors.

It is also worth noting that Francisco already owns two other firewall companies, SonicWall and WatchGuard, as well as network intelligence vendor Sandvine. Overlapping capabilities within its portfolio isn't unprecedented for Francisco, but such instances are often reconciled before long.

Raytheon may have given up on Forcepoint, but Forcepoint remains one of the more underrated vendors in enterprise cybersecurity. Its vision is bold, its technology is sound, and its potential remains abundant. Forcepoint and its customers can only hope its next owner believes more than the last one.

Related Content:
·         See exclusive Omdia research & commentary on Dark Reading
·         Press release: Forcepoint Delivers Dynamic Edge Protection
·         Press release: Forcepoint Delivers Remote Browser Isolation
·         Forcepoint Snaps Up RedOwl

Eric Parizo supports Omdia's Cybersecurity Accelerator, its research practice supporting vendor, service provider, and enterprise clients in the area of enterprise cybersecurity. Eric covers global cybersecurity trends and top-tier vendors in North America. He has been ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Look Beyond the 'Big 5' in Cyberattacks
Robert Lemos, Contributing Writer,  11/25/2020
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-12-02
Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem.
PUBLISHED: 2020-12-02
Multiple cross-site scripting (XSS) vulnerabilities in Papermerge before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the rename, tag, upload, or create folder function. The payload can be in a folder, a tag, or a document's filename. If email consumption is configured in ...
PUBLISHED: 2020-12-02
CAPI (Cloud Controller) versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM.
PUBLISHED: 2020-12-02
Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applications.Settings access.
PUBLISHED: 2020-12-02
A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access,...