The Expert's View with Michael Novinson

Managed Detection & Response (MDR) , Security Operations

Why MDR Stalwart eSentire Is Looking to Sell Itself for $1B

Aging Technology and Rising Competition Have Created a Need for Greater Investment
Why MDR Stalwart eSentire Is Looking to Sell Itself for $1B
Kerry Bailey, CEO, eSentire (Image: eSentire)

The rise of cybersecurity platform providers, consulting giants and pure-play vendors in the managed detection and response space has left longtime players feeling the squeeze.

See Also: How to Take the Complexity Out of Cybersecurity

Houston-based Alert Logic entered the scene in 2002 and cashed out its chips two decades later by selling to software conglomerate HelpSystems, now Fortra. Now, a Canadian MDR mainstay whose founding predates Alert Logic might also be heading for the exits.

The owners of eSentire are exploring a potential sale that could value the Waterloo, Ontario-based company at about $1 billion and attract the interest of other private equity firms, Reuters reported this week. The company is hoping to command a valuation equivalent to more than seven times its annual recurring revenue of about $150 million, according to Reuters.

New York-based private equity firm Warburg Pincus bought a majority stake in eSentire in August 2017, and CDPQ and Georgian in February 2022 invested $325 million in eSentire at a valuation of more than $1 billion. CDPQ and Warburg Pincus declined an Information Security Media Group request for comment, and eSentire, Georgian and Evercore - which is advising the sale process - didn't respond (see: eSentire CEO Kerry Bailey on Using XDR to Cut Business Risk).

Forging a Bond With CrowdStrike

The managed detection and response space has seen loads of new entrants since eSentire set up shop in 2001, and product companies such as CrowdStrike and big technology consulting shops such as Accenture and Deloitte have pushed into the market. Over the past decade, a crop of broader security operations players such as Arctic Wolf as well as pure-play MDR startups such as Expel and Red Canary also sprouted up.

This has resulted in a very competitive and fragmented MDR market landscape. Forrester included 13 vendors in last year's Wave, and IDC included 19 vendors in this year's MarketScape. For pretty much all of Warburg Pincus' tenure, eSentire has had a steady hand on the wheel. Former Hewlett Packard Enterprise global channel leader Kerry Bailey took over as the company's chief executive in early 2018.

Since Bailey joined eSentire, the company has sought a closer relationship with CrowdStrike despite eSentire MDR and CrowdStrike's Falcon Complete competing directly against one another. Since 2019, eSentire clients buying the company's top-level bundle could choose between Carbon Black, Microsoft Defender or CrowdStrike's Prevent NGAV and Insight EDR tools, said Chief Channel Officer Bob Layton.

Layton told CRN in 2021 that eSentire saw huge demand for CrowdStrike Falcon among customers that had at least 500 workers in the manufacturing, legal and healthcare sectors. In June of this year, CrowdStrike CEO George Kurtz told investors that eSentire migrated hundreds of customers - and nearly 500,000 endpoints - from Carbon Black, which became part of Broadcom in November, to CrowdStrike (see: George Kurtz: CrowdStrike Falcon Driving Cyber Consolidation).

How eSentire Stacks Up to the Competition

Acquisitions haven't been a major part of eSentire's strategy to date, as the company carried out just two deals in its 23 years of existence. It purchased digital forensics and investigative tool provider CyFIR in June 2021 to help enterprises manage digital security risk and limit financial losses and bought AI-based cybersecurity vendor Versive in October 2018 to help correlate and analyze threat data.

According to IDC, eSentire has more than 630 employees in detect and respond roles as well as a significant presence in the North America and Asia-Pacific regions. Technology analyst firms have diverging views on eSentire's MDR. IDC rates the company fifth out of 19 vendors evaluated - behind only CrowdStrike, Arctic Wolf, IBM and Deloitte - and Forrester rates it ninth out of 13 vendors.

IDC praised eSentire for a high net promoter score and a professional SOC team, but it chided the firm for routing Office 365/Azure Active Directory alerts into the security team rather than the SIEM. Forrester praised eSentire for comprehensive response action and business-relevant messaging, but it criticized the company for an outdated interface, lack of intellectual property and subpar dashboards and reporting.

Roughly 60% of eSentire's workforce is based in Canada, 20% in the United States, 7% in India, 4% in the United Kingdom and the remainder are based elsewhere, according to IT-Harvest. Roughly 45% of eSentire's workers are in engineering, 30% are in sales, 20% in operations, and 5% in human resources, IT-Harvest found. It said headcount has been holding steady since June 2022.

Most managed detection and response tools are either part of venture-backed companies or broader security or technology platforms, so the prospects for MDR consolidation are dim if eSentire is indeed bought by another private equity firm. But with newer platforms afoot and competitive pressure only increasing, eSentire will be looking for a shot in the arm from its buyer - whoever that will be.



About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.