Source: www.databreachtoday.com – Author: 1
Application Security
,
Next-Generation Technologies & Secure Development
More Competition, Ownership Turnover Among Peers Create an Appealing Time to Sell
Michael Novinson
(MichaelNovinson)
A number of application security mainstays have come under new ownership as the sector faces increased competition from both security giants as well as newer pure-play vendors.
See Also: Introduction to Elastic Security: Modernizing security operations
TA Associates paid $2.5 billion in May 2022 to acquire a majority stake in Veracode from Thoma Bravo, which had spent just $950 million to carve the business unit out of Broadcom in January 2019. Then in May, Francisco Partners and Clearlake Capital agreed to pay $2.1 billion to carve Synopsys’ Software Integrity Group out of the systems design behemoth. The unit has been renamed Black Duck Software (see: Perks of Independence for Synopsys’ Software Integrity
Group).
Now, the private equity owner of Veracode and Black Duck rival Checkmarx is reportedly looking to make it a trifecta of application security businesses changing hands.
Hellman & Friedman has met with several investments banks in recent weeks and will choose one to lead the sale process for Paramus, New Jersey-based Checkmarx, where it hopes to fetch at least $2.5 billion, according to Calcalist. The front-runner is Citibank Israel, which Calcalist said will likely be selected due to its close ties as a major client of Checkmarx.
Hellman & Friedman declined to comment, and Checkmarx and Citibank didn’t respond to Information Security Media Group requests for comment. The private equity firm purchased Checkmarx for $1.15 billion in April 2020 in what was at the time the largest-ever acquisition of an application security firm. Insight Partners owned Checkmarx from 2015 to 2020 following an $84 million investment.
How Checkmarx Fared Under Hellman & Friedman
Hellman & Friedman kicked the tires on doubling down in application security and in March was one of the private equity firms considering a bid for Synopsys’ software integrity business alongside Advent International and Thoma Bravo. But with Black Duck ending up in the hands of rival private equity firms Francisco and Clearlake, Hellman & Friedman is looking to cash out its chips in application security.
Checkmarx has enjoyed impressive growth under Hellman & Friedman’s ownership, Calcalist reported, saying the firm’s revenue doubled despite a slight decline in 2023. But the company laid off 10% of its workforce, or 100 employees, in November 2022. Four months later, Checkmarx replaced founding CEO Emmanuel Benzaquen with Sandeep Johri, who led software testing firm Tricentis from 2013 to 2021 (see: Checkmarx Snags Ex-Tricentis CEO Sandeep Johri as New Leader).
The company’s products are well-regarded by technology analysts. Gartner and Forrester named Checkmarx a leader in application security testing, and Forrester praised Checkmarx for fast time to value, a robust road map, and its ability to secure emerging development technologies. It criticized the company for lacking automated remediation as well as for its complex pricing for products and services (see: Veracode, Synopsys, Checkmarx Dominate SAST Forrester Wave).
Gartner, meanwhile, praised Checkmarx for rolling out native dynamic testing capabilities, focusing on developer integration throughout the life cycle, and correlating findings at the repository level. But the analyst firm chided the company for complicated implementation, expensive and complex pricing models, and a lack of customer support availability during weekends for nonpremium customers.
An Increasingly Crowded Competitive Landscape
Checkmarx also faces greater competition from both newer pure-play vendors as well as broad security platform plays. Snyk’s valuation is nearly triple Hellman & Friedman’s desired sale price for Checkmarx, and the Boston-based firm’s headcount is 30% higher than Checkmarx – despite Snyk being founded nearly a decade after Checkmarx.
Security behemoths also have pushed into the application market. Palo Alto Networks bought Cider Security for $250 million in late 2022 to secure pieces of code from development to its implementation in a runtime environment. And yesterday, cloud security phenom Wiz launched Wiz Code to secure the application life cycle based on its $50 million buy of cloud-based development platform Raftt last year (see: Palo Alto Networks to Buy Startup Cider Security for $250M).
“Customers have some legacy tech vendors in place, which they’re deploying, and they’re trying to use that to take care of supply chain security,” Palo Alto Networks CEO Nikesh Arora told investors in November 2022. “Some of that is older architectures, older ways of doing things. But we decided we want to do it differently.”
With both deep-pocketed platform providers and venture-backed emerging vendors focusing more energy on securing applications and code, longtime players in the space, such as Checkmarx, are feeling the squeeze. As consolidation and more modern approaches accelerate, Checkmarx’s new owners will face an uphill battle to maintain the company’s current market position in its third decade of existence.
Original Post url: https://www.databreachtoday.com/blogs/hellman-friedman-wants-to-unload-checkmarx-for-25b-p-3715
Category & Tags: –
Views: 1