‘Insane’ acquisition spree and Blue Coat’s renaissance

• Believes it has shored up its capabilities to be able to offer the ‘Blue Coat stack’
• Claims ‘incredible growth’ in Asia, particularly excited by verticals such as telcos

IN 2012, cybersecurity company Blue Coat Systems Inc – having delisted from Nasdaq after private equity firm Thoma Bravo had acquired it for US$1.3 billion in February 2012 – embarked on an acquisition spree to expand its product portfolio into adjacent security markets.
 
“Thoma Bravo was a partner and during the time we were owned by it, we did four major acquisitions in a row … it was pretty insane,” said Blue Coat chief technology officer and vice president Dr Hugh Thompson.
 
“And they [the acquisitions] were very focused on the advanced threats space because we wanted to offer our customers the ability to detect and remediate against advanced threats,” he told Digital News Asia (DNA) on the sidelines of the recent RSA Conference Asia Pacific & Japan (RSAC APJ) 2015 in Singapore.
 
Thoma Bravo has since sold Blue Coat to private equity firm Bain Capital, but not before having overseen a period of frenetic acquisition activity.
 
In December 2012, Blue Coat acquired Crossbeam Systems, which had a scalable network security platform that can virtualise network security applications from third-party security software vendors.
 
Thompson said that some acquisitions turned out differently than expected. One such example was the acquisition of the SSL appliance product line from Netronome in May 2013.
 
“It was the leader in SSL (Secure Socket Layer) decrypt appliances but not many people knew Netronome.
 
“At the time, SSL was already growing pretty rapidly but it has had a dramatic increase in growth in the last 18 months,” he said.
 
“What we’re seeing with customers is at least 60% of their traffic is encrypted through SSL. A lot of it had to do with Google switching over to encrypting its searches and Gmail, which accounted for a massive amount of traffic.
 
“But also, all the major properties like Microsoft and Yahoo – I think eight of the top 10 websites – are now using HTTPS,” he added.
 
The Internet uses HTTP (HyperText Transfer Protocol) as its communications protocol; HTTPS, sometimes referred to as HTTP Secure, uses SSL to encrypt communications over the Internet.
 
“But while that’s fantastic from a consumer perspective, from an enterprise perspective, it means that all their security equipment from any vendor was blind to the traffic flowing in and out,” said Thompson.
 
Thompson said that it [SSL appliances] is Blue Coat’s fastest growing piece of business to date, as more companies seek to build up encrypted traffic management.
 
Also significant was the May 2013 acquisition of Solera Networks, which makes security analytics products that help businesses detect and resolve threats already on the network.
 
“This was a company that was red hot in Silicon Valley – it did full packet capture and inspection, basically a digital recorder for the network,” said Thompson.
 
“Every single packet that traverses the network, it lays it down to disk – if you have a big network, that’s a lot of lay down to disk, but the benefit is that you can launch some pretty advanced analytics and you can also diagnose and recover from problems very quickly,” he claimed.
 
Finally, in December 2013, the company acquired Oslo-based Norman Shark, which provides threat discovery and malware analysis solutions for enterprises, service providers, and governments.

UPDATE: Just after this story was published, Blue Coat announced it had acquired enterprise cloud data protection solutions provider Perspecsys Inc, expanding its cloud security offerings and strengthening its position in the Cloud Access Security Broker (CASB) segment.
 
The new chapter
 
Thompson (pic) said that in contrast with a few years back when a typical sale from Blue Coat would involve a secure web gateway and a WAN (wide area network) optimisation tool, today the company sells the ‘Blue Coat stack.’
 
This stack includes products such as the Content Analysis System, an appliance with malware scanning and application whitelisting web gateways; and Malware Analysis Appliance, a sandboxing appliance that detects and analyses unknown files and downloads.
 
“If you look at the footprint we have in those big Fortune 500 companies – yes, we’re at the Internet egress, but we’re also analysing everything that goes through it and in-between,” said Thompson.
 
With an expanded portfolio, Blue Coat embraced a new chapter in its ownership history when Thoma Bravo sold it to Bain Capital for US$2.4 billion in March this year.
 
“The sale closed two months ago – we talked to a lot of different folks and Bain had the most in-depth analysis of our business,” said Thompson.
 
“It was a due diligence process unlike any other – these guys were sharp, analytical, and aware of every transaction we did as a company,” he added.
 
Two key factors convinced the Blue Coat management team that Bain was ‘the one,’ according to Thompson.
 
The first was the high level of enthusiasm it had for Blue Coat’s acquisition strategy – more so than Thoma Bravo, with Thompson saying it “takes a lot of faith” for a private equity firm to be okay with going out and buying tech startups.
 
“So look forward to Blue Coat making more noise in that regard in the coming months as there’s a lot of neat stuff happening in the security space,” he said.
 
The second factor was the stated intention from both sides when it came to the general exit strategy, which was to get a company that’s growing to dominate the space, then take it public, he added.
 
Competition and consolidation

The past year has seen a number of security firms opening up operations in Asia. Asked about how he sees Blue Coat faring in an increasingly competitive market, Thompson said he believes that the landscape will soon change.
 
 “I think we’re going to see massive consolidation in the market … . People who are in the core critical architecture infrastructure space are going to be very, very important – and obviously we’re one of them,” he quipped.
 
Thompson said that as newcomers and competitors fill up the “more expensive real estate” in Singapore, he does not foresee Blue Coat’s own real estate downsizing in return.
 
He said Blue Coat has taken the position of being a “best of breed” company, a philosophy that extends beyond its product lines because its customers – global Fortune 2000 to 5000 companies – are going to choose what is best for them.
 
“If they think that our ProxySG secure web gateway is the best for them, they’ll pick that one – and it is, it is – but if they think that some other malware analysis tools is better, they’ll go with that.
 
“They’re not going to go with some vendor that they already have some master service agreement with just because it’s more convenient,” he added.
 
With customers spoilt for choice, it is Blue Coat’s stance to ensure that whatever its customers bring into their ecosystems, that the company is at “the leading edge” and playing well with it, Thompson said.
 
He pointed to the company’s involvement in developing industry standards around STIX and TAXII, as an example.
 
STIX (Structured Threat Information eXpression) is a new language designed to define and describe a broad swath of threat activity. Its transport method, called TAXII (Trusted Automated eXchange of Indicator Information), is a lightweight XML-over-HTTP transport protocol.
 
“Open standards help us and help the industry,” said Thompson. “If you look at any of our products, you’ll find that it’s the most interoperable, supporting the broadest set of standards.
 
“It’s important because we’re in a volatile time in security. Five years ago, who thought sandboxing would become mainstream? We don’t know what the future is going to hold five years from now.
 
“We want to have a future-proofed set of technologies so that when customers buy us, they can be assured that whatever the changes that occur, they are making a good bet,” he added.
 
Religiously securing the cloud, mobile

With a return to being a public-listed company on the cards, Blue Coat is hoping its security solutions around mobility and the cloud will offer a significant avenue of growth.
 
“The big change for us, and the industry at large, is this whole adoption of the cloud,” said Thompson.
 
“I would say that for some organisations the adoption was voluntary, but the reality is that you walk into almost any company now, and there’s all kinds of devices that are non-sanctioned by the company connecting to the network from outside sources,” he added.
 
In line with this trend, the company made a big bet a few years back to build out its global cloud infrastructure, launching a mobile device security service which offers over 40 points of presence around world acting as ‘connection brokerages’ for customers.
 
“So for users, instead of VPN-ing [creating a virtual private network] into the enterprise server before going out into the Internet, they just connect directly to a local ‘pod’ and the same security policies would be applied to their devices the same way they would if they [users] had connected back to their on-premises network.
 
“The truth is, 90% of the data – such as Google searches – is just passing through the network, but if there is any specific violation of enterprise policy, such as ‘you can’t visit gambling sites,’ it will be applied and enforced via the cloud service,” he added.
 
Thompson said all this constituted a “big shift” for Blue Coat, with the last three years of product development centred on a cloud-first mentality, and hybrid offerings for customers.
 
“I’d say we got real religion around the cloud, and so far we’ve been really successful with it in the marketplace and it’s allowed us to build up a significant value proposition for customers,” he added.
 
Next Page: Mobile-fuelled Asian charge, telco excitement