Forcepoint Acquires RedOwl To Add Security Analytics, UEBA Capabilities

Forcepoint is continuing its acquisition streak as it looks to build out its security platform, announcing on Monday it has completed the acquisition of security analytics company RedOwl.

Terms of the deal were not disclosed.

RedOwl offers a user and entity behavior analytics (UEBA) technology that looks to analyze large amounts of data and human behaviors to pinpoint anomalies and threats. The company won the prestigious RSA Innovation Sandbox startup contest in 2014.

[Related: Forcepoint Acquires Skyfence From Imperva, Unveils New Strategy]

Forcepoint CEO Matt Moynahan said in an interview with CRN that RedOwl builds on the Austin, Texas-based company's strategy to build a security platform that brings a new approach to the market. That strategy focuses on users instead of traditional indicators of compromise that he said have failed to hold up as mobile, cloud, and other emerging technologies dissolve the traditional security perimeter. Moynahan calls this a "human-centric" approach to security.

Moynahan said Forcepoint ultimately would look to build a "set of technology tightly integrated together in a complete solution to understand behaviors and the people in it." He said RedOwl's UEBA technology is an "important building block" in this strategy.

"We're on a mission here at Forcepoint to really start a new paradigm of security that focuses on understanding human risk and people. This acquisition of RedOwl is a key part of that strategy," Moynahan said.

While there are other UEBA players in the space, Moynahan said RedOwl follows a similar approach to Forcepoint, focusing on the same elements of human risk that it is building its strategy around. He said RedOwl also has military roots, similar to Forcepoint, as well as a team of high-quality data scientists.

Moynahan said Forcepoint already had a partnership integration with RedOwl, so the two technologies will be integrated immediately, with further plans to integrate it deeper into the full set of Forcepoint products. He said a "large part" of the RedOwl team would remain with Forcepoint as part of its Data and Insider Threat Security business.

"This technology will be foundational for us," Moynahan said. "You can almost think of it being on top of everything we do. It will be a layer in every single product we have." He said partners and customers would be able to buy the technology as a standalone product or as part of the Forcepoint platform.

Jeremy Wittkop, CTO of Greenwood Village, Co.-based InteliSecure, said the acquisition seems like a "good fit" for Forcepoint, given the company's strategy and what technologies they already have in place around insider threat prevention and DLP. He said it should help "fill the gaps" in some of the company's competition against companies like Symantec, Digital Guardian, and Exabeam.

Wittkop said the RedOwl acquisition also helps bring Forcepoint strong capabilities in the critical area of security analytics, saying it provides Forcepoint with a "unique blend of capabilities that you can't get anywhere else." He said integrating the technologies across the Forcepoint portfolio will be key, as it will provide the analytics engine with a rich set of data from across a company's infrastructure.

"The analytics that I have seen across the industry space are all pretty good at what they do, but the output is only as good as the data you're inputting. The wider platform provides a more complete picture that can make great decisions," Wittkop said.

Forcepoint has been formed over the last year and a half through merger and acquisitions. It was originally formed through the merger of a division of Raytheon, Websense and the McAfee Next-Generation Firewall and McAfee Firewall Enterprise businesses from Intel Security (also known as Stonesoft and Sidewinder, respectively). In February, the company acquired cloud access security brokerage solution Skyfence from Imperva to add to that portfolio, as well as reorganized and launched its human-centric security strategy.

Moynahan said the RedOwl acquisition is a significant move for Forcepoint's partners, saying it will allow them to start a new type of security strategy conversation with their customers around a human-centric approach.

"I think for the channel this is a huge step forward," Moynahan said. "It gives them a set of technologies and a company to back their conversation around people's workforces and anomalies in work force behavior… That's a very different than just having a conversation about hackers or a bad guy."

Moynahan said Forcepoint would continue to build on its partner strategy, soon announcing the launch of a new partner program and global channel leader. He said Forcepoint would be "doubling down" on its channel strategy.

Moynahan said partners could also expect to see Forcepoint continue to make acquisitions that fit around the company's strategy.

"We will do more acquisitions, but they will be very in-line with our corporate strategy – all will be tied to the human-point strategy," Moynahan said. "We're not trying to get big for big's sake. We're trying to get dangerous and deliver world-class security."