F5 has announced an agreement to acquire Boston-based Threat Stack for $68M. The purchase of Threat Stack is F5’s fourth acquisition in the past two years as the company is looking to transform from a hardware-centric network vendor to software and cloud company that provides network and security solutions.
In 2019, the company made its first major move when it purchased NGINX for $670M. This gave F5 an open source platform with high appeal to developers. In 2020, F5 dropped a billion to acquire Shape Security, a provider of AI-based bot detection. This, combined with Silverline, solidified F5’s position as a security vendor, compared to a network vendor that also sells security.
Earlier this year, the company purchased Volterra, a vendor that provides edge and API level network and security services, enabling F5 to compete in the emerging distributed cloud market.
Threat Stack adds to F5’s app security portfolio
While not carrying nearly the price tag as some of the other acquisitions, Threat Stack is an excellent acquisition, as it strengthens F5’s position in application security. The majority of F5’s security products are network-centric. And that’s certainly important, but modernized applications are built on the concept of a distributed cloud where app components scattered across clouds and edges communicate with one another across the network.
A good way to think about the problem is to consider how a road system can be protected by checking cars at the on-ramps but can’t protect against a drone dropping bombs. Similarly, network security can protect the transport, but more and more, threat actors are attacking applications and APIs.
In the near term, Threat Stack’s capabilities add to the observability F5’s platform has in containers and cloud native services. Customers can use the product to monitor and then act quickly to remediate issues and ensure compliance regardless of where the app or app components are deployed. The rise of containers and micro services creates significantly more agility for organizations, but the distributed and dynamic nature of cloud native environments requires something other than WAFs and firewalls.
Automated insights and remediation coming to F5 customers
Looking ahead, Threat Stack’s risk identification and real-time threat detection, combined with F5’s current app insights and controls will enable the vendor to better automate insights, threat detection and mitigation capabilities. A good way to think about this is F5 can deliver XDR at the application layer, where most XDR solutions operate at the network level. The automated remediation is key as lots of vendors can find a breach but are weak in the areas of response.
F5 speaks applications and networking
While F5 is best known as a network vendor, it’s always had strength in applications, which is why its managed to keep much bigger network vendors, such as Cisco and Juniper, at bay. I’ve often referred to F5 as the “Rosetta Stone” of IT as it can talk the language of apps and networking and translate between the two. It’s used this expertise to optimize application performance but now can use it for security purposes.
Acquisition a financial coup for F5
The $68M price tag for Threat Stack appears to be a steal as it has amassed about $70M in funding in six rounds. The start-up touts its strength in the areas of hybrid cloud, containers and edge computing and it might seem a strange time to sell, particularly at this low valuation, given the world is on the verge of everything going cloud native.
I believe Threat Stack has good technology but it’s getting harder for point products to succeed in security. Security professionals are starting to understand that a collection of best of breed point products leads to sub-optimal threat protection, which is why the concept of the security platform has finally taken hold. Evidence of this is the success Fortinet and Palo Alto are having – the two vendors most vocal about the benefits of the platform. F5 has been building its own platform and Threat Stack brings app visibility into it.
The shift to platform will continue to put pressure on the smaller niche vendors like Threat Stack, as they can’t provide enough value on their own. Some may go on their own acquisition spree but I’m expecting to see more M&A activity from the bigger security vendors over the next couple of years.