FireEye has acquired Verodin -- a startup cybersecurity company that measures, tests and validates the effectiveness of cybersecurity controls. The deal's valuation is roughly $250 million. FireEye will gain roughly $20 million in 2019 billings, and more than $70 million in billings in 2020, the buyer asserts.
Verodin, founded in 2014, offers a Security Instrumentation Platform (SIP) that can identify gaps in security effectiveness due to equipment misconfiguration, changes in the IT environment, evolving attacker tactics, and more, the companies say.
Verodin, based in McLean, Virginia,, can test security environments against both known and newly discovered threats. The company's technology remain available via Verodin resellers, as well as through FireEye's channel partners, the companies say.
FireEye Acquires Verodin: Executive Perspectives
In prepared statements, executives from both sides of the M&A table weighed in on the deal.
FireEye CEO Kevin Mandia said:
“Security effort does not equal security effectiveness. That is why security-conscious customers red-team their networks – they need the unvarnished truth of how effective their security programs are. Verodin gives us the ability to automate security effectiveness testing using the sophisticated attacks we spend hundreds of thousands of hours responding to, and provides a systematic, quantifiable, and continuous approach to security program validation. We believe there is no better way to train people and instrument better security than by continually attacking the environment and adapting security controls to the real threats. Finally, organizations will have a reliable and consistent way to quantify cyber risk in a manner understandable to frontline technicians and in the Board room.”
Added Chris Key, Verodin co-founder:
“Cyber security today is based on assumptions – that technologies work as vendors claim, products are deployed and configured correctly, processes are fully effective, and changes to the environment are properly understood, communicated and implemented. However, the reality is much different for almost every organization and often they discover this only after being on the wrong side of a breach. By joining FireEye, Verodin extends its ability to help customers take a proactive approach to understanding and mitigating the unique risks, inefficiencies and vulnerabilities in their environments.”
Verodin will integrate with FireEye Helix security orchestration capabilities to help customers prioritize and automate continuous improvement of security controls, the companies assert. Verodin will also be available as a FireEye Managed Defense service and as an Expertise On Demand automated service.
FireEye Acquires Verodin: A Closer Look
Ironically, the deal comes only a few weeks after Verodin announced multiple executive hires and leadership updates. The company announced $21 million in Series B funding back in mid-2018, bringing total funding to $34 million at the time.
The Verodin deal comes at a key time for FireEye. The company's revenue was $211 million in the first quarter of 2019, up 6 percent from the corresponding quarter last year. Seeking faster growth, FireEye has been seeking to balance channel partnerships along with its own managed security and consulting services. We'll be watching to see how Verodin influences FireEye's partner messaging and go-to-market strategy with MSPs and MSSPs.