10 Cybersecurity Companies Making Moves: September 2023

We’re taking a look at security vendors that launched notable new products and partner programs, announced key executive hires or unveiled startup acquisitions in September.

Hot Market, Big Moves

September was a nonstop month for announcements and major moves by top cybersecurity industry players. While Cisco’s announcement of a $28 billion acquisition deal for Splunk was the biggest headline of the month among cybersecurity companies, a string of other major acquisitions, product launches, executive hires and funding rounds came out during the month.

Among the other cybersecurity vendors that made big moves in September was CrowdStrike, which had numerous announcements during its Fal.Con 2023 conference — including an acquisition of its own. Meanwhile, AWS revealed details for the first time about its approach to threat intelligence, and signaled that this will be a growing area of focus for the cloud giant going forward.

A number of cybersecurity industry companies also unveiled new or revamped channel programs last month, including what a SonicWall executive called the biggest update to its partner program in seven years.

What follows are the key details on 10 cybersecurity companies that made big moves in September 2023.

Cisco To Acquire Splunk

Cisco announced Sept. 21 that it has reached a $28 billion deal to acquire Splunk, a major provider of data analytics, observability and cybersecurity technologies — including its widely used SIEM (security information and event management) platform. The agreement is by far the largest acquisition deal in the networking giant’s nearly four decades in business, as well as one of largest software M&A deals ever. Partners applauded the deal, saying it should open up major new cybersecurity opportunities for the channel. Cisco is expected to combine Splunk’s SIEM technology — used by security teams to monitor for signs of a cyberattack — with the recently unveiled Cisco XDR platform, which would be a powerful combination, partners said.

The deal also sets up a showdown between Cisco-Splunk and Palo Alto Networks’ fast-growing Cortex XSIAM offering, according to partners.

Cisco’s acquisition of Splunk is expected to be completed by the end of September 2024.

Amazon Discloses Threat Intelligence Capabilities

In the wake of a cloud breach that impacted its top cloud computing rival, Microsoft, Amazon for the first time disclosed details about how it uses threat intelligence to “make the whole internet a safer place,” as AWS’ Mark Ryland put it in a post. Known internally as “MadPot,” Amazon’s threat intelligence system utilizes a “global network of sensors and an associated set of disruption tools,” Ryland said in the post. The sensors — known as honeypots — are decoys made to look like attractive targets for threat actors, which can then gather data about attacker behavior after luring them in.

Threat intelligence analysis “also happens in MadPot,” Ryland wrote, as the system launches the captured malware within a sandboxed environment and correlates data from different attacker techniques to uncover threat patterns. “When the gathered signals provide high enough confidence in a finding, the system acts to disrupt threats whenever possible, such as disconnecting a threat actor’s resources from the AWS network,” he wrote.

Ultimately, Amazon said that its threat intelligence capabilities have supported the identification and disruption of numerous major threat groups — a list that includes Volt Typhoon and Sandworm. And “going forward, you can expect to hear more from us as we develop and enhance our threat intelligence and response systems,” Ryland wrote.

CrowdStrike Launches Accelerate Partner Program

During its Fal.Con 2023 conference, CrowdStrike had a flood of announcements — starting with the debut of its Accelerate partner program. The program constitutes the biggest overhaul of CrowdStrike’s channel program since it debuted in 2015, according to the company, and includes the introduction of new incentives, improved training and increased support resources in areas such as marketing.

CrowdStrike also unveiled a major new version of the Falcon platform — dubbed the “Raptor” release — alongside a handful of other brand-new products in key areas of security such as exposure management.

Meanwhile, CrowdStrike announced its acquisition deal for Bionic, which will deepen the company’s capabilities in security for cloud-native applications. The Bionic technology not only provides visibility into applications, cloud environments and third-party services that are in use, but also stands out as the “only product that takes this visibility one step further to show you the services that are running inside of an application,” CrowdStrike President Michael Sentonas said during Fal.Con.

Dragos Raises $74 Million

Dragos announced the addition of $74 million to its Series D round, bringing the total funding in the round to $274 million, as the industrial cybersecurity vendor looks to “support additional go-to-market initiatives to meet growing demand,” the company said in a news release. The funding followed Dragos’ debut of an overhauled channel program in June that was intended to scale up the company’s work with partners, amid a major growth opportunity in delivering operational technology (OT) security.

The Series D extension for Dragos — which brings the company’s total funding to date to about $440 million — was led by WestCap.

SonicWall Revamps Partner Program

SonicWall unveiled its overhauled SecureFirst Partner Program that introduces a range of improvements aimed at driving accelerated growth with partners, according to SonicWall Global Channel Chief Michelle Ragusa-McBain (pictured). Crucial updates for MSPs and MSSPs in the new program include the introduction of a monthly consumption and billing model, in contrast to previous requirements for commitments of one to three years for procuring product licenses.

In another major update, SonicWall lowered the threshold for revenue or recurring revenue that partners must hit to earn a rebate across the SecureFirst program’s tiers by between 25 and 50 percent, Ragusa-McBain said. In terms of MDF (market development funds), SonicWall also introduced an enhanced system where partners automatically accrue the funds based on their revenue or recurring revenue levels — in contrast to the previous system of proposal-based MDF, Ragusa-McBain said.

Also in September, SonicWall announced the hire of Christine Bartlett as its new CMO. Bartlett was most recently senior director of integrated marketing at Cisco, a role that included responsibilities for channel marketing, the company said.

Tenable Acquires Cloud Security Startup Ermetic

In September, Tenable announced its agreement to acquire cloud identity and permissions management startup Ermetic for $265 million, as the company looks to expand the cloud security capabilities of its vulnerability and risk management platform. The acquisition closed Oct. 2.

With the addition of capabilities from Ermetic, Tenable will be poised to go head-to-head with top players in the cloud security market including Palo Alto Networks, executives told CRN. “This puts us in a very, very strong position” in the CNAPP (cloud-native application protection platform) market versus competitors, said Terry Dolce, executive vice president for operations, global business development and channels at Tenable.

Ultimately, the combination of Ermetic’s CNAPP capabilities with Tenable’s well-known vulnerability and risk management platform, Tenable One, will create a highly differentiated and consolidated offering for partners and customers, executives said.

Armis Launches AI-Powered Centrix Platform

Executives at Armis said the company is taking its next major step toward joining the ranks of the largest cybersecurity vendors, with the launch of new AI-powered functionality across its products. The company’s cyber exposure management platform, which was renamed Centrix, has integrated a number of new generative AI capabilities to enable natural language queries, according to Armis.

The Armis Centrix platform specializes in offering improved visibility for devices and assets across IT, medical, IoT and OT, as well as enhanced management and security for the assets.

When it comes to new GenAI-powered capabilities, the Armis Centrix platform offers the ability to use natural language to query the company’s asset intelligence engine about security issues affecting devices, as well as vulnerabilities and threats. Armis executives said that users can ask questions such as, “what are the most common medical devices with the highest risk?” and “what weaponized CVEs are affecting the most devices in the manufacturing industry?”

Expel Overhauls Partner Program

Managed detection and response provider Expel announced a revamped channel program that introduces enhancements around support and profitability as well as the company’s first-ever partner portal. Expel is now committed to making partners the “primary driving force in our go-to-market,” Expel Co-Founder and CEO Dave Merkel (pictured) told CRN.

Key updates in the new program include the introduction of dedicated support in the form of partner sales, partner development and partner marketing managers, the company said.

Other major improvements are coming to profitability for partners in the new program, Expel executives said. The company previously only offered a flat, 20-percent discount for resellers — but as part of the new program, Expel is offering discounts in three tiers — at 20 percent, 25 percent or 30 percent — in return for commitments from the partners around revenue and certifications.

Additionally, the updated channel program includes the launch of the Expel Partner eXchange, the company’s first partner portal — which includes a deal registration system that replaces the vendor’s previous form-based process for registering deals.

Optiv CFO Marc Cabi (left) and CIO Michael Feliton

Optiv Hires New CFO, CIO In Lead-Up To IPO

Optiv announced it has hired a new CFO and CIO as it continues laying the groundwork for going public. The new hires at the cybersecurity solution and services powerhouse are Marc Cabi as CFO and Michael Feliton as CIO, Denver-based Optiv disclosed.

Cabi was most recently CFO at InvestCloud, a SaaS provider for the wealth management sector, and before that was deputy CFO at customer service software maker Zendesk. He initially joined Zendesk as vice president of strategy and head of investor relations in early 2014, shortly before its 2014 IPO. In a news release, Optiv CEO Kevin Lynch cited Cabi’s “experience in fostering a growth lifecycle, private funding and IPO offerings.”

Feliton was most recently CIO at footwear company Crocs, and before that held the same position at jewelry retailer David Yurman.

Optiv—No. 24 on CRN’s 2023 Solution Provider 500—has been preparing for an IPO that would aim to bring new funds into the business for acquisitions along with creating liquidity for employees, Lynch told CRN recently.

Cloudflare Scales Up With MSSPs

Executives at Cloudflare disclosed how the company is increasingly working with MSSP partners around its secure access service edge (SASE) and zero trust security offerings. The effort to scale up with MSSPs comes after Cloudflare completed updates across provisioning, management and pricing that are key for service providers, Cloudflare Channel Chief Matt Harrell (pictured) told CRN.

Ultimately, “around Cloudflare One, we’re ready” for MSSPs, Harrell said. “The doors are open, and we’re in the process of engaging with MSSPs and on-boarding them into our program.”

The company launched its Cloudflare One Partner Program in mid-2022, but a major expansion of MSSP partnerships is only possible now thanks to work the company has done over the past three months, Harrell noted.

The work has involved updating its products to enable simplified provisioning and management of customer environments using Cloudflare’s technology, he said. With that completed, “we believe we have a product that can scale” with MSSPs, Harrell said.

The other major component has been around developing consumption-based pricing for the Cloudflare One platform that’s easy for MSSPs to understand, he said, so “they can move fast in terms of turning on and provisioning, and they get billed based on actual consumption.”