10 Companies Symantec Could Acquire With Its $6 Billion War Chest

On The Acquisition Trail

As of Jan. 1, when the company's Veritas sale is expected to close, Symantec will have a coffer full of cash – to the tune of approximately $6 billion. That money won't be burning a hole in Symantec's pockets, CEO Michael Brown told CRN in a recent interview, and the company will "definitely" be looking to make some acquisitions. In particular, Brown said the soon-to-be security-only vendor will be looking to expand its portfolio around threat protection, information protection and cybersecurity services. While we don't know for sure who Symantec will scoop up in the coming months, CRN reached out to partners and analysts to see who they think could be a potential target for an acquisition. Take a look at 10 companies that they said the vendor could (or should) buy.

FireEye Or Palo Alto Networks

One of the first companies to come up in multiple conversations with partners about who Symantec should buy is FireEye. Jason Eberhardt, vice president of strategic alliances at Chicago-based Conventus, said a network security acquisition would round out some gaps in the company's portfolio. Rumors have floated of the possibility that FireEye would get acquired by another vendor, most recently with rumors surfacing in May that Cisco was looking to acquire the security vendor (the rumors were shot down by former CEO John Chambers shortly after). The downside of Symantec looking to buy FireEye or Palo Alto Newtorks is that it would be an expensive move, depleting most, all or more of the company's acquisition budget. FireEye, for example, has a market capitalization of well more than $4 billion, and would likely come at a high premium due to skyrocketing valuations for security startups today. When the Cisco rumors surfaced months ago, it was reported that the networking giant had bid $9 billion for FireEye.


Cylance, based in Irvine, Calif., offers a next-generation endpoint security solution that distinguishes itself by using math and algorithms to detect attacks, instead of signatures. The startup has been growing at a fast clip in a hot market for next-gen endpoint, with 400 percent year-over-year growth and landing $42 million in Series C funding in July. A next-generation endpoint security play could make a lot of sense for Symantec, which already has a strong foothold in the endpoint security market (last year IDC said the vendor had the largest corporate endpoint security market share, with 18.4 percent). In addition to high growth rates in a hot market, Cylance is pushing hard to expand its channel partner play, an area Symantec has said it is committed to developing.


If Symantec is looking to make a play for the end-to-end security stack, a SIEM vendor such as LogRhythm could be a good play, said Doug Cahill, senior analyst, cybersecurity, at Enterprise Strategy Group (ESG). LogRhythm offers what it calls a next-generation SIEM solution, bringing together analytics, log data, network and endpoint monitoring and forensics into a single solution.

"Analytics and what could be described as SIEM 2.0 is topical and arguably real estate Symantec as a market leader who wants to deliver whole stack needs to own since it’s the top of the stack," Cahill said.

The company also already works with Symantec, helping transition customers off Symantec's Security Information Manager (SSIM), which the company discontinued in September 2013, and integrating into the company's DeepSight Threat Intelligence.

Sumo Logic

Another startup that could launch Symantec into the SIEM market is Sumo Logic, a Redwood City, Calif.-based company that focuses on cloud-based machine data analytics. In June, the company landed $80 million in venture capital funding, bringing its total funding raised to $160.5 million. What would make Sumo Logic a little bit of a different play than LogRhythm or other SIEM vendors is that it is more broadly analytics focused, rather than strictly focusing on security. The company doesn't list Symantec as an integration or technology partner, but does count among its solution provider partners a significant number of security VARs.


Another startup that could launch Symantec into the next-generation endpoint market is Crowdstrike. One of the hottest up-and-coming startups in security, Crowdstrike recently landed $100 million in Series C funding. Unlike traditional signature-based endpoint security technologies, Crowdstrike focuses on threat intelligence around what it calls "indicators of attack," and CEO George Kurtz told CRN that it is seen as an additive solution to traditional antivirus, a market that Symantec has a significant and long-standing presence in. The challenge for Symantec with Crowdstrike, though, is that it would be an expensive purchase, with some reports putting the startup's valuation at close to $1 billion.

Bit9 + Carbon Black

Bit9 + Carbon Black might be another endpoint security company that could draw Symantec's acquisition eye, ESG's Cahill said. The two companies joined forces in February 2014, bringing together incident response capabilities with an endpoint security platform. While Bit9 + Carbon Black would likely be a more expensive investment than Crowdstrike, Cahill said the move could be worth it as Bit9 + Carbon Black has a "repeatable business," which he said would justify a higher price.


Based in Cambridge, Mass., Cybereason was co-founded in 2012 by former members of the Unit 8200, Israel's equivalent to the NSA, and offers a real-time detection and response solution that is what CEO Lior Div calls a "super analyst in a box." The company recently landed two rounds of funding, a $25 million Series B round in May and a $59 million Series C round in October. With the previous two endpoint security company options likely stretching the Symantec acquisition budget, the security vendor might choose to pursue a newer entrant into the market, such as Cybereason.

Skyhigh Networks

Symantec remains committed to its DLP solution, and one way the vendor could look to complement that solution is with the addition of a cloud access security broker vendor, ESG's Cahill said. That would also fit into the company's stated aim to put more emphasis behind cloud security. Skyhigh Networks allows cloud users to get visibility into their cloud services usage, identify threats and enforce security policies using tools such as encryption. Being able to add shadow IT capabilities as well as more encryption tools would be an asset for Symantec, Cahill said.


Another option for Symantec to dive into the cloud access security broker market would be CipherCloud, which provides an enterprise-grade solution for cloud monitoring, encryption, key management, malware detection and compliance. The startup, based in San Jose, Calif., last raised financing in November 2014, when it raised $50 million in Series B funding.

Managed Security Services Provider

One move that Symantec could make if it is looking to invest in services is to acquire an MSSP. While probably unlikely, the move could provide Symantec with additional security operations or incident response ammo in a hotly contested market for security talent. However, that type of move would need to be a balancing act between investing in growing services while "being careful to not disenfranchise the channel," ESG's Cahill said.