2018 Cybersecurity Almanac-1 PDF

Eric McAlpine
Managing Partner
eric@momentumcyber.com
Michael Tedesco
Managing Partner
michael@momentumcyber.com
Keith Skirbe
Director
keith@momentumcyber.com
Dino Boukouris
Director
dino@momentumcyber.com
Jeremy Isagon
Associate
jeremy@momentumcyber.com
Jay Keswani
Analyst
jay@momentumcyber.com
Special Contributors:
Dave DeWalt, Bob Ackerman (AllegisCyber),
Yoav Leitersdorf & Ofer Schreiber (YL Ventures)
Cybersecurity Almanac | 2018
Cybersecurity Almanac | 2018 v1.0
Momentum Cyber Is Pleased To Release Its Inaugural 2018 Almanac.
▪ We are dedicated to consistently providing valuable insights on the fast growing and rapidly evolving Cybersecurity landscape
Purpose ▪ We publish the Almanac with the sole purpose of sharing the document with the growing Cybersecurity ecosystem to create awareness around
key industry topics and trends
▪ The 2018 Almanac takes a deep dive into the year that was and puts focus to key topics on the year ahead
▪ This year’s edition is our most in-depth industry review compared to prior years as we present you a detailed view on key industry trends,
private and public market activity, major news and events, and all things “Cyber”. Some key highlights include:
- A revamped copy of our often referenced CYBERscape to accurately capture the continuously evolving industry taxonomies
- An examination of the past 10 years of Cybersecurity transactions (M&A and VC / PE) to provide valuable insights, identify key industry
Background trends, and 2017 competitive performance
- Profiled some of the year’s high-profile data breaches and provided a rich summary and timeline of events
- Focused on key regulatory changes as well as industry sectors that are center stage with higher than average strategic activity
- Spotlighted leading, Cyber-focused investors that increasingly play an integral role in the industry’s most innovative startups
- Highlighted key M&A and financing transactions as well as IPOs and public market performance
▪ We maintain the industry leading proprietary M&A and Financing Transaction Database – unrivaled in its accuracy, quality, and scale
Disclaimer ▪ We complement our proprietary database with data from various industry leading databases and research publishers, primarily from North
America and around the world, representing millions of data points and decades of institutional industry knowledge and experience
1
Key Cybersecurity Trends & Predictions
Trends & Predictions – Looking Back And Ahead.
Key Trends | 2017 Key Predictions | 2018
Large Tech Vendors Will Look To Break Into Cybersecurity

Another Milestone Year for M&A and Financing Activity
Via M&A – Playing Catch-Up With Incumbents
2017 Was The Year Of Ransomware While High Profile Automation Will Be More Widely Adopted As Skills Shortage
Data Breaches Continued To Make Headlines Is Exacerbated; Emphasis On Efficacy of Big Data Analytics
Public Markets Were Active and Performed Well – 3 IPOs, Consolidation Will Accelerate Across Highly Fragmented &
Strong Stock Performance & Increased Valuations Competitive Sectors Including Endpoint & Authentication
Attack Surface Continued To Increase, More Than Doubling Stricter Compliance Requirements Will Bring Data Centric /
Vulnerabilities – Driven by Migration To The Cloud & IoT Privacy Assets Into Focus – GDPR Is Approaching
MSSP Consolidation Reached New Heights And Was Stock Market Momentum And Strong IPO Pipeline Will Lead
The Most Active Sector To A Robust Cybersecurity IPO Market, Surpassing 2017
Private Equity Continued Its ‘Love Affair’ With Cybersecurity AI vs AI – We Will See A Rise In AI-Based Attacks With
Cybercriminals Leveraging Machine Learning For Attacks
2
Looking Back…A Snapshot of 2017
Records Are Meant To Be Broken – Another Banner Year For Cybersecurity.
in potential costs from WannaCry

$4.0B ransomware attack that infected
Category 5 breach compromises
$20.4B Total M&A Volume
200k computers in over 150
countries including
145.5M $5.1B Total VC Investments
7 ≥ $100M
consumers’ data
$6.5B Physical crosses over
to Cyber 145.5M 209.0K
Capital raises
Private Equity ‘s acquires

$125M $100M $100M
Names, Addresses, Credit Card
Social Security Numbers
Cybersecurity Numbers $125M $100M $150M $100M
4.4x
Cybersecurity multiples continue to rise
101% 83% 49%

3 IPOs $1.4B
acquisition of
EV / Rev 35% 34% 32% Cyber IPO market rebounded to form by
26
MSSP M&A
Transactions 5 Acquisitions
Completed
$6.9B bid tops
Barracuda goes private
led all
acquirers
$5.0B bid for again after 12 quarters
as a public company
…..2nd largest cyber transaction in history
About The Authors
Momentum Cyber Is Pleased To Release Its Inaugural Cybersecurity Almanac For 2018.
Momentum Cyber About Us
Momentum Cyber is the premier trusted advisor to the Cybersecurity industry providing 2018 33 $14B 200+ $200B+
bespoke high-impact advice combined with tailored senior-level access. The firm was Year Founded After Highly Successful Cybersecurity M&A Transactions & Total Deal Total M&A Transactions & Deal
Wall Street & Cybersecurity Executive Value Executed By Team Members Since 2002 Value As A Team Since 1994
founded by world-class operators and advisors and caters to the unique needs of both Careers
earlier stage Founders, CEOs, & Boards as well as the complexity of later stage & public
companies throughout their lifecycle – Incubation to Exit. $433M $140M $20B+ 70+
Average & Median Cybersecurity Value Creation To Shareholders As Combined Years In Cybersecurity As
M&A Deal Value CEO, Board, & Investor World-Class Operators & Advisors
The Founders
World Class Operators & Advisors
Cyber Exit Savvy – Deep Expertise Selling Unparalleled Access Across the Unrivalled Thought Leadership Through
to Strategic & Financial Buyers Cybersecurity Ecosystem with Executives, Insightful Research, Market Reviews, &
Board Members, Investors, & CISOs Speaker Engagements
ADVICE ACCESS EXECUTION

Dave DeWalt Michael Tedesco Eric McAlpine Dino Boukouris Keith Skirbe INCUBATION EXECUTIVES SELLSIDE M&A
Founder & Founder & Founder & Founding Member Founding Member
Chairman Managing Partner Managing Partner & Director & Director OPERATIONS ENTREPRENEURS BUYSIDE M&A
CORPORATE FINANCE BOARD MEMBERS DIVESTITURES
200+ Deals $200+ Billion MANAGING GROWTH

STRATEGY & CORP DEV
INVESTORS
POLICY INFLUENCERS
JOINT VENTURES
VALUATIONS
MERGERS & ACQUISITIONS CHIEF SECURITY OFFICERS CORPORATE DEVELOPMENT
41%
$433M Average 19% Selected Transaction Experience
Strategics PE / VC
59%
47%
34%
$140M Median
Buyside Sellside <$100M $100M - $400M >$400M
4
Special Contributors
We Would Like To Thank Our Special Contributors.
Dave Robert Yoav Ofer

DeWalt Ackerman Jr. Leitersdorf Schreiber
Dave has spent over 30 years in the Technology Bob founded Allegis in 1996 after a successful Yoav, Managing Partner at YL Ventures, Ofer is Partner and Head of the Israeli
industry holding a series of leadership positions in career as a serial entrepreneur, with a mission to has been a successful tech entrepreneur office at YL Ventures and has broad
some of the industry’s most innovative and build a seed and early-stage venture firm that would and investor for 25 years. He founded YL responsibilities across deal sourcing,
successful companies. He is a Founder & Chairman combine operational experience with an Ventures, which invests in early stage investment due diligence and portfolio
at Momentum Cyber and is a Managing Director at entrepreneurial spirit and a focus on forging true cyber and technology companies and company value-add.
Allegis Cyber where he conducts his early and partnerships with portfolio companies to build accelerates their evolution via strategic
growth stage investing activities. successful and sustainable cybertechnology advice and Silicon Valley-based Ofer currently serves as a board observer
companies. He has been recognized as a Fortune operational execution. of Medigate, Axonius, Karamba Security
Dave has been a successful CEO for 17 years, with 100 cybersecurity executive and also as one of and Twistlock. He served as a board
his most recent stint as FireEye’s Chief Executive “CyberSecurity’s Money Men” Yoav currently serves on the boards of observer of Hexadite until it was acquired
Officer from November 2012 to June 2016 and five YL Ventures portfolio companies: by Microsoft and FireLayers until it was
Chairman of the Board from June 2012 to January As an entrepreneur, Bob was the President and CEO Medigate, Axonius, Karamba Security, acquired by Proofpoint. Prior to YL
2017. Dave was President and Chief Executive of UniSoft Systems, a global leading UNIX Systems Twistlock, and Upstream Commerce. Ventures, he was at IVC Research Center
Officer of McAfee, from 2007 until 2011 when House and the Founder and Chairman of InfoGear Yoav's expertise and work has been where he spent nearly three years
McAfee was acquired by Intel Corporation. Technology Corporation, a pioneer in the original featured in The Wall Street Journal, researching and analyzing the technology
integration of web and telephony technology and Bloomberg Businessweek, Fortune, and venture capital industry specializing
Dave was named one of the 25 most influential creator of the original iPhone. Wired, TechCrunch, Re/code, in telecommunications, internet and
executives in high technology by the readers of the VentureBeat, InformationWeek and SC mobile sectors and also conducted
industry publication CRN. He has spoken at the Outside of Allegis, Bob teaches New Venture Magazine. research related to investment firms.
World Economic Forum on the issue of cyber Finance in the MBA program at the University of
security and keynoted at several technology industry California, co-manages his family’s small Napa
conferences including Interop and Software 2008 Valley winery – Ackerman Family Vineyards, and
and RSA. enjoys fly fishing.
5
Table of Contents
A Comprehensive Review Of The Cybersecurity Strategic Landscape In 2017.
I. Executive Summary 7
▪ Cybersecurity Market Year In Review ▪ A Summary of Strategic Activity | 2017
▪ The Cybersecurity Dashboard ▪ CYBERscape
II. Cybersecurity Industry Perspectives 12
▪ Private Equity Continues To Cybersecurity ▪ The Cybersecurity Skills Shortage
▪ Private Equity By The Numbers ▪ Data Privacy
▪ The State of Israel’s Cybersecurity Market ▪ Cloud Security
▪ CYBERscape | Israel ▪ Sector Focus: Cloud Infrastructure, Managed Detection & Response, Continuous Security Assessment, Security
▪ Data Breach Tracker: As of December 31, 2017 Analytics, Strategic Next-Gen MSSP
▪ A Tale of Two Breaches: Equifax & Uber ▪ Investor Spotlight: Cybersecurity Start-up Studios, Highly Specialized Cyber Investors, Corporate VCs
▪ The Cybersecurity Mega Cycle Aftermath ▪ Major Industry Conferences | 2018
▪ Cybersecurity Automation Is Coming To The Rescue
III. Public Company Trading Analysis 34
▪ Cyber Multiples Continue To Increase ▪ The Correlation Of Value To Growth & Profitability Continues To Rise…
▪ Significant Growth in Public Cyber Companies | 2010 to 2018 YTD ▪ …While The Correlation To Growth Alone Remains Weak
▪ Cybersecurity IPO Insights: Three Cybersecurity IPOs In 2017 ▪ Trading Multiples: High Growth & Low Growth
▪ Cybersecurity Sector vs Benchmark Performance ▪ Public Company Trading Analysis & Operating Metrics
▪ Public Cybersecurity Companies Stock Performance ▪ 2017 IPO Cybersecurity Profiles (SailPoint, ForeScout, Okta)
IV. M&A Activity In Cybersecurity 57

▪ Cybersecurity M&A Activity | 2010-2017 ▪ Cybersecurity M&A: A Closer Look At Deal Value & Multiples
▪ Closer Look at Recent Cybersecurity Exits | Part 1 ▪ Notable Cybersecurity M&A Transactions | 2016 to 2017
▪ Closer Look at Recent Cybersecurity Exits | Part 2 ▪ Backup Data For Transaction Stats
V. Financing Activity In Cybersecurity 82

▪ Financing Activity Since 2010
▪ Notable Cybersecurity Financing Activity | 2016 – 2017
▪ Cybersecurity Startups & Investors
▪ Backup Data For Transaction Stats
▪ Cybersecurity Funding By The Numbers
VI. Transaction Profiles 106
▪ Selected Momentum M&A Transactions ▪ Highlighted M&A & Fundraising Activity
VII. About Momentum Cyber 234
▪ Momentum Cyber: Lifecycle Advisory For Cybersecurity ▪ Tremendous M&A Track Record In Cybersecurity
▪ About The Firm ▪ M&A In Cybersecurity | A CEO’s Unique Perspective
▪ The Launch of Momentum Cyber ▪ Momentum’s Vast Cybersecurity Network & Reach
▪ Balanced & Highly Experienced Advisors ▪ Thought Leadership In Cybersecurity
6
I. Executive
Summary
Cybersecurity Market Year In Review
Deal Activity Including IPO, VC / PE Financings, & M&A Surpassed 2016 Across The Board.
Records Are Meant To Be Broken – Another Banner Year for Cybersecurity
▪ The Cybersecurity market continued its torrid and record pace in 2017 with public and private market strategic activity reaching new heights – yet again!
▪ The acceleration of deal activity was driven by an ever-evolving threat landscape that resulted in…
- A number of high profile and unprecedented data breaches (e.g., Equifax and Uber) that levied significant personal impact
- As well as ransomware (e.g., WannaCry and NotPetya) that locked customers out of their data and shut down some organizations across the globe costing billions in damages
I. Public Market Valuations II. IPO Activity III. M&A Activity IV. Financing Activity
Still Off The “Peak” But Well Riding The Wave Of Interest Another Record Year, Led By Another Record Year, Mega
Above the “Trough” In Cybersecurity Increased Deal Velocity Rounds Led The Way
▪ Valuation multiples for our public Cybersecurity ▪ Turning the page from 2016 where there was only 1 ▪ A record 178 M&A transactions were completed ▪ A record 326 transactions and $5.1B in transaction
company universe continued to increase during 2017 Cybersecurity IPO (Secureworks), 2017 saw 3 totaling $20.4B in transaction volume, compared to volume compared to 278 transactions and $4.5B in
and have increased 43% from the “Trough” back in Cybersecurity IPOs (Okta, Forescout, and SailPoint). 158 transactions and $21.0B in volume in 2016 volume in 2016
June 2016 The last time we had as many IPOs was 2015 when
▪ 46% of deals with disclosed values were >$100M in ▪ YoY distribution of number of deals by stage was
Sophos, Rapid7, and Mimecast entered the public
▪ The Cybersecurity HACK index increased 19% during 2017 compared to 29% in 2016 relatively unchanged with 60% of deals Seed / Early
markets
2017, in-line with the S&P 500 at 18%, albeit Stage to Series A and the remaining 40% Series B+.
▪ Symantec continued its acquisition spree and was the
considerably below the NASDAQ at 27%. ▪ We expect to see as many, if not more, IPOs in 2018 Median deal sizes were unchanged across stages,
most active acquirer in 2017 completing 5
Momentum’s High Growth public Cybersecurity with a strong IPO pipeline – Zscaler (confidentially except for Series C+ which increased 27% YoY
acquisitions totaling $464M in disclosed transaction
company index on the other hand outpaced all filed 10/26/17), Carbon Black (confidentially filed
volume ▪ 30 companies raised $40M or more totaling $2.3B in
indices, increasing 35% 10/3/16), Tanium, Darktrace, Pindrop Security,
transaction volume, nearly 50% of volume for the year
Illumio, Cloudflare, and Avast
▪ The top stock price performance movers during 2017
($6.9B) ($1.4B) ▪ 7 companies raised $100M or more
were: ▪ Okta, Forescout and SailPoint have all outperformed
since their IPOs with each currently trading above
their IPO price as of January 25th, 2018 ($614M) ($548M)
118% 86% 64% $150M $100M $125M

($1.5B) ($325M)
60% 55% 53% $100M $100M $89M

(NA) ($1.2B)
55% 80% 42%
44% 28% 25% (~$150M) ($225M) $88M $75M $40M
8
The Cybersecurity Dashboard
$5.1 Billion 326 $20.4 Billion 178
2017 Financing Volume 2017 Financing Transactions 2017 M&A Volume 2017 M&A Transactions
Notable Financing Transactions Financing Activity Monthly Deal Count Pulse Financing M&A
M&A Activity Notable M&A Transactions
$21.0 $20.4 Target Acquirer Amount ($M)
Date Company Amount ($M) $5.1
$4.5 30
12/01/17 $211 25 $6,885
20
10/25/17 150 1,603
15
06/07/17 125 10 1,405
5
08/04/17 125 1,329
2016 2017 Jan-16 Mar-16 May-16 Jul-16 Sep-16 Nov-16 Jan-17 Mar-17 May-17 Jul-17 Sep-17 Nov-17 2016 2017
06/21/17 100 Deal Value ($B) Deal Value ($B) 1,150
Public Comps Cyber M&A Volume Distribution
Max 8.6x 2016 2017 178
06/06/17 100 326 Max 7.9x 158 950
278 Website Security
12% 14%
Median 4.4x 24% 614
05/25/17 100 8%
10%
Median 3.4x 42%
05/17/17 100 548
Min 1.5x
Min 1.3x 17% 13%
04/05/17 89 41% ~400
19%
2016 2017 2016 2017 2016 2017
09/05/17 88 (EV / 2016E Rev) (EV / 2017E Rev) 325
Deal Count Multiple as of 12/31/16 Multiple as of 12/31/17 $0-$25M $25M-$50M $50M-$250M $250M-$1B $1B+ Deal Count
MSSP Financing Activity M&A Activity

Identity & Access Management
15 6 20 9 9 4
Risk & Compliance
18 25 19 44 7 19 6 6 26
Fraud Prevention / Transaction Security 5 9 7
Web Security 16 28 2 7
Specialized Threat Analysis & Protection 30 7 21
17 28 10
Network Security
2016 2017 5 2016 2017 25
Data Security 16 17
12 Total: 278 Total: 326 Total: 158 11 Total: 178
Threat Intel / SecOps / IR
6 6 26 9
Messaging Security 7
8 24 11
Endpoint Security
32 5 17
Industrial / IOT Security 33 35
39 16 12
Mobile Security 12
Application Security 32 15 22 21 8 7 7 12 12
Cloud Security
Note: All Financing data does not include deals with disclosed values of less than $1M. Financings include primary & secondary transactions.
A Summary Of Strategic Activity | 2017
Strategic Activity Continued A Robust Pace In 2017.
Selected Acquisition Activity Selected Financing Activity Public Equity

(Date: Implied Enterprise Value) (Date: $ Raised / Funding Stage) (Date: $ Raised)
12/17: $6.9B 11/17: $1.4B 11/17: NA 11/17: $60M 10/17: $150M / PE 10/17: $70M / D 10/17: $50M / C Filed Confidentially Filed Confidentially
on 10/26/17 on 9/30/16
11/17: NA 11/17: $110M 10/17: $548M 10/17: ~$400M 9/17: $27M / B 9/17: $26M / C 9/17: $88M / D
11/17: IPO: $240M
11/14: PE Buyout
10/17: $1.3B 10/17: $1.3B 9/17: $350M 9/17: $225M 8/17: $125M / PE 7/17: $35M / A 7/17: $75M / D
10/17: IPO: $116M
1/16: Series G: $80M
1/15: Series F: $30M
1/08: Series E: $4M
8/17: ~$150M 8/17: $950M 7/17: $245M 7/17: $200M 7/17: $28M / C 6/17: $125M / D 6/17: $100M / E 10/07: Series D: $14M $159M
3/03: Series C: $10M
12/01: Series B: $12M
9/00: Series A: $9M
7/17: $225M 7/17: $42M 5/17: $100M 4/17: $215M 6/17: $100M / D 5/17: $100M / Venture 5/17: $100M / D
4/17: IPO: $187M

9/15: Series F: $75M
4/17: NA 3/17: $350M 3/17: $614M 2/17: $105M 4/17: $89M / F 3/17: $12M / B 3/17: $15M / D 6/14: Series E: $75M
9/13: Series D: $27M $229M
12/12: Series C: $25M
8/11: Series B: $17M
2/10: Series A: $10M
2/17: $325M 2/17: $120M 1/17: $1.6B 1/17: $1.2B 2/17: $40M / C 1/17: $70M/ C 1/17: $45M / C
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Capital IQ, 451 Group, Crunchbase, and TechCrunch.
10
scape v2.5
Network & Infrastructure Security Web Security Endpoint Security Application Security
Advanced Threat Protection ICS + OT Endpoint Prevention WAF & Application Security
NAC SDN DDoS Protection DNS Security
Vicarius
Network Analysis & Forensics Endpoint Detection & Response
Application Security Testing
Network Firewall
Deception
MSSP Data Security Mobile Security

Traditional MSSP MDR Encryption DLP Data Privacy Other
Risk & Compliance Security Ops & Incident Response Threat Intelligence IoT Messaging Security
Risk Assessment & Visibility Security Ratings SIEM IoT Devices
Automotive
Pen Testing & Breach Simulation GRC Security Awareness & Training
Connected Home
Security Incident Response
Identity & Access Management Digital Risk Management Security Consulting Blockchain
Authentication
Fraud & Transaction Security

IDaaS Security Analytics
Privileged Management
Cloud Security
Infrastructure CASB
Identity Governance Container
Consumer Identity
II. Cybersecurity
Industry
Perspectives
II. Cybersecurity Industry Perspectives
Section Content.
i. Private Equity Continues To Cybersecurity 14
ii. Private Equity By The Numbers 15
iii. The State of Israel’s Cybersecurity Market 16
iv. CYBERscape | Israel 17
v. Data Breach Tracker: As of December 31, 2017 18
vi. A Tale of Two Breaches: Equifax & Uber 19
vii. The Cybersecurity Mega Cycle Aftermath 20
viii. Cybersecurity Automation Is Coming To The Rescue 21
ix. The Cybersecurity Skills Shortage 22
x. Data Privacy 23
xi. Cloud Security 24
xii. Sector Focus: Cloud Infrastructure, MDR, Continuous Security Assessment, Security Analytics, Strategic Next -Gen MSSP 25-29
xvii. Investor Spotlight: Cybersecurity Start-up Studios, Highly Specialized Cyber Investors, Corporate VCs 30-32
xviii. Major Industry Conferences | 2018 33
13
Private Equity Continues To Cybersecurity
The Highly Fragmented Cybersecurity Market Lends Itself To the PE Platform / Roll-Up Playbook.
PE Firm Platform Add-Ons Exit Recent Cybersecurity PE Activity
($2.4B / NA) ($4.7B / 7.9x) Target
None
($971M / 2.7x) ($1.9B / NA) Acquirer
($550M / 1.9x)
Beep Science ($890M / 2.0x)
EV $119M ~$150M NA $325M $1.9B $1.3B $488M $1.5B NA
(NA / NA) ($710M / 6.0x)

▪ These companies and their sponsors are expected to utilize M&A to complement organic growth
(NA / NA) ($1.9B / 2.0x)
Late Stage / Pre-IPO Activity
─
(NA / NA)
─
(NA / NA)
Series A Series D PE / PE Series D Series D Series F Series B Series G / PE
None ─ $180M $100M $150M / $96M $100M $125M $75M $250M $148M / $100M
($1.4B / 3.7x)
─
($600M / NA)
─
($4.2B / NA)
Series D Series F Series E Series D Series D Series C Series D Series C
─ $110M $89M $100M $100M $75M $70M $88M $70M
(NA / NA)
─
(NKA )
▪ PE / late stage and public / cross-over investors have strong appetite for break-out cybersecurity
None ─ stories that could exit via an IPO in 12 – 24 months
($1.3B / 4.4x)
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Capital IQ, 451 Group, Pitchbook, and Crunchbase.
14
Private Equity By The Numbers
Private Equity Activity Has Increased Significantly in Cybersecurity.
M&A Activity By Type of Buyer | 2007 M&A Activity By Type of Buyer | 2017
Private Equity Private Equity
Strategic Strategic
11% 32%
4% 19%
68%
81%
89%
96%
Total Deal Count: 73 Total Amount Spent: $6,126 Total Deal Count: 178 Total Amount Spent: $20,392
Cyber Private Equity Universe Cyber Private Equity Universe
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Capital IQ, 451 Group, Pitchbook, and Crunchbase.
15
The State of Israel’s Cybersecurity Market
Israel’s Cybersecurity Industry Continues Its Tremendous Growth.
Yoav Leitersdorf Ofer Schreiber

Managing Partner Partner
Second only to the U.S., in terms of cybersecurity investment 2017 was another excellent year
for Israeli cybersecurity startups, with dozens of companies being formed, breaking fundraising
records and producing solid exits. The 2017 data also suggest that the Israeli cybersecurity
industry is maturing, as we see a shift in funding towards later stage companies.
In 2017 we witnessed 60 newly founded cybersecurity startups emerge in Israel, a 28% decrease
from the 83 companies founded in 2016. Conversely, the average 2017 seed round increased
16% YoY, growing from $2.85 million to $3.3 million. This is Israel’s fourth consecutive year of
increasing round sizes at the seed stage – a trend that we are observing and contributing to as
we write larger checks to invest in great cybersecurity entrepreneurs.
The global cybersecurity incursions of 2017 illuminate the continuing role that innovation plays
in information security and defense. Looking forward to 2018, we believe Israeli startups will
continue to leverage the immense pool of local talent to build comprehensive solutions
addressing global markets. As the local industry matures, we anticipate that recent trends will
continue in 2018, with fewer startups forming, while large amounts of capital pour into later
rounds to fuel growth and expansion.
Source: Tech Crunch: The State of Israel’s Cybersecurity Market..

16
s c a p e | Israel v1.0
Network & Infrastructure Security Web Security Endpoint Security Application Security
Advanced Threat Protection ICS + OT Endpoint Prevention WAF & Application Security
NAC SDN DDoS Protection DNS Security
Vicarius
Network Analysis & Forensics Endpoint Detection & Response

Application Security Testing
Network Firewall
Deception
MSSP Data Security Mobile Security

Traditional MSSP MDR Encryption DLP Data Privacy Other
Risk & Compliance Security Ops & Incident Response Threat Intelligence IoT Messaging Security
Risk Assessment & Visibility Security Ratings SIEM IoT Devices
Automotive
Pen Testing & Breach Simulation GRC Security Awareness & Training
Connected Home
Security Incident Response
Identity & Access Management Digital Risk Management Security Consulting Blockchain
Authentication
Fraud & Transaction Security

IDaaS Security Analytics
Privileged Management
Cloud Security
Infrastructure CASB
Identity Governance Container
Consumer Identity
Data Breach Tracker: As of December 31, 2017
After A Record Year For Hackers In 2015, The Pace Followed In 2016, & 2017 Set Record Again.
Median Time of Compromise to Discovery

Australian
MySpace
Friend Finder UBER Verizon
Immigration
ClixSense
Equifax
Department
Carefirst
164,000,000 All Mandiant External Internal
57,000,000
AshleyMadison.com British
Airways
145,500,000 Network Wendys Investigations Notification Discovery
Experian / T- 415,000,000 US Office of 99 days 107 days 80 days
mobile Hacking
Banner Health Team
IRS MSpy Weebly
Personnel
CarPhone Premera TalkTalk

Management
Red Cross Source: 2017 Mandiant M-Trends Report
3,700,000 Warehouse
Telegram
Slack Mail.RU
US Office of
Personnel How Compromises Are Being Detected
Staples 25,000,000
Community Securus
Zomato Health Technologies Management
Sony Pictures
Services
JP Morgan (2nd Breach)
Internal Notification 47% 53%
Ebay Chase
of Breach
Anthem Dominios
145,000,000 Wonga
80,000,0
Pizzas (France)
76,000,000 External Notification
Twitch.tv of Breach
European
Central Yahoo Waterly Target
Mozilla
DaFont Bank
3,000,000,000 70,000,000
Japan Airlines
Scribd More than…
UPS
MacRumuors.com
Korea Credit
140 Countries
D&B, Altegrity
Bureau NASDAQ PayAsUGym
Facebook
New York Interpark
AOL Advocate
Taxis have some level of cyber weapon
2,400,000
Medical
Group Home Depot Cellebrite ssndob.ms development program
Apple 56,000,000 Living Social Neiman
Marcus Source: fortune.com
50,000,000 UbiSoft
Adobe
Dropbox
Yahoo Twitter
36,000,000 average cost of a data breach
1,000,000,000
$3.62 Million
decreased 10% over the past year
Year 2015 2016 2017
Source: 2017 Study Ponemon institute
# of U.S. Breaches 780 1,093 ( 40%) 1,579 ( 44%)

Source: Information is Beautiful: World's Biggest Data Breaches and Identity Theft Resource Center (ITRC): 2017 Annual Data Breach Year-End Review.
18
A Tale of Two Breaches: &
High Profile Breaches Continue To Make Headlines, Increasing Awareness & Demand For Improved Security.
Equifax UBER
Timeline of Key Events Timeline of Key Events
▪ Vulnerability in Apache Struts is identified and disclosed ▪ Initial breach occurs
Mar 2017
by U.S. CERT; Equifax's Security organization is aware
▪ Hack started at GitHub, a leading software
Updated estimate of U.S. 145.5M ▪ Company internally instructed personnel to install a fix Initial estimate of global 57.0M development platform where developers can go to host
consumers affected: (as of Oct 2, 2017) Mar 9, 2017 to Apache Struts , application which supports users affected: (as of Nov 21, 2017) Oct 2016 and review each other's code
U.S. online dispute portal ▪ Hackers found the usernames and passwords on
Level of Breach: Category 5 Level of Breach: Category 2 GitHub to access Uber user data stored in an Amazon
May 13, 2017 ▪ Initial breach occurs server
▪ Security team observes suspicious network traffic

Point of Entry: Apache Struts Jul 29, 2017 associated with its U.S. online dispute portal web Point of Entry:
application ▪ Senior legal and security executives arrange a deal of
Time from Breach Discovery to ▪ Additional suspicious activity is caught Time from Breach Discovery to Nov 2016 $100,000 to payoff hackers to destroy stolen
~40 days Jul 30, 2017 ~1 year information
Public Announcement: ▪ Web application is taken offline Public Announcement:
▪ Three senior executives dispose of $1.8 million in

>$140 Million Aug 1, 2017
Initial Estimated Cost: Equifax stocks Initial Estimated Cost: Undisclosed
(as of Nov 10, 2017)
▪ Engages Mandiant to conduct comprehensive forensic ▪ Newly appointed CEO, Dara Khosrowshahi, is informed
Third-party Security Aug 2,2017 Third-party Security Sept 2017
review of breach
Services Hired: Services Hired:
▪ Equifax publicly announces breach
Data Accessed / Stolen Sept 7, 2017 ▪ States investigation is substantially complete Data Accessed / Stolen
▪ Sends support packages to consumers
145M ▪ Names ▪ Publicly announces breach
▪
▪
Social Security Numbers
Birth Dates
Sept 8, 2017 ▪ Equifax’s shares plunge 13.7%; triples call center team
57M ▪ Names
▪ CEO instructs a thorough investigation
▪ Announces Susan Mauldin, CSO and David Webb, CIO ▪ Email Addresses ▪ Matt Olsen is brought in to consult on structure of
▪ Addresses security teams and processes going forward
are retiring and appoints Mark Rohrwasser as interim ▪ Mobile Phone Numbers Nov 11, 2017
▪ Driver’s Licenses (In Some Sept 15, 2017
CIO and Russ Ayres as interim CSO ▪ Engages Mandiant to help with security monitoring
Instances)
▪ Shares declined 34.9% from Sept 7 th close
▪ Joe Sullivan, CSO and Craig Clark, legal director of
209K ▪ Credit Card Numbers Sept 26, 2017
▪ Announces Richard Smith is retiring and appoints
Paulino Rego Barros, Jr. as interim CEO
security and law enforcement are released
▪ Announces an additional 2.5 million consumers had 600K ▪ Drivers Licenses

182K ▪ Dispute Documents with
Personal Identifying Oct 2, 2017
been stolen. Discloses technology officials failed to
implement patch for Apache Struts
Nov 23, 2017
▪ FTC is looking into the data breach and Uber's
subsequent mishandling of the situation
Information ▪ Shares declined 24.5% from Sept 7 th close
Source: Company Press Releases, Public Press Releases, “Categorizing Data Breach Severity with a Breach Level Index.”.
19
The Cybersecurity Mega Cycle Aftermath
“During The Past Decade, We have Witnessed A Virtual Explosion In The Cybersecurity World.” – Dave DeWalt
Virtual Explosion in the Cybersecurity World “Great Chinese IP War” What About Cyber Defenses?
20 military agencies have attacked and

stolen IP from more than… ▪ Most western organizations have increased their
Cybersecurity spending
- Defense-in-depth became the prevailing
Dave DeWalt General (Ret.) David Petraeus ...5,570 based companies from 2008 to 2017 ▪
strategy
Hundreds of security vendors deployed point
solutions to counter the changing threat landscape
▪ During the past decade, we have witnessed a ▪ Chinese military agencies have fed this IP to state-owned enterprises - With each security vendor producing
virtual explosion in the Cybersecurity world (SOEs) to close the gaps in China’s innovation relative to the hundreds or thousands of alerts on average per
▪ While serving as CEO of McAfee and FireEye, and western world day
a U.S. Army commander and CIA director, - The typical organization now has to monitor
respectively, we have lived through and witnessed “Great Russian Information War” and respond to millions of alerts daily; just
first-hand exponential growth in: needs to miss one to be breached
2007 2017 ▪ Compounding the monitoring and response
problem, the hundreds of security companies
Threat Actors <50 >1,000
Threat Types <50 >1,000,000 - Often don't share intelligence
Alerts / Day (Average Per Firm) <1,000 >1,000,000 - Don't integrate their products
Security Vendors <100 >2,300 ▪ Russian military and intelligence agencies have attacked, - Infrequently cooperate when responding to
VC Investments <$500M >$6B manipulated and successfully altered information and could cause threats
Security Spending <$3B >$80B issues for decades
▪ In addition, there is insufficient government and
▪ Outlook
commercial cooperation, a lack of security
– The situation is dire by any measure standards and many outdated regulatory
– The western world is contending with ▪ Hundreds of major breaches of social media platforms, news compliance requirements
significant cyber threats on both its eastern and outlets, political organizations, email providers, telecommunication
western fronts – a virtual cyber sandwich systems and satellite providers have created a very challenging ▪ Collaboration is key; breaches are inevitable, and
situation the consequences are increasing in severity
– The “offense” is clearly winning
Source: Dave DeWalt: The Cyber Security Mega Cycle Aftermath, and General (Ret.) David Petraeus.
20
Cybersecurity Automation Is Coming To The Rescue
Organizations Are Turning To Automation & Analytics To Aid Cyber Specialists & “Force Multiply” The Effective Size Of Cyber Staffs.
Robert Cybersecurity Automation Was Predictable

Ackerman Jr. In the case of cybersecurity, the role of automation boils down to better and far faster management of complexity. Bigger
networks, mobile devices and multiple cloud services are making the workload for IT teams unmanageable. This becomes a crisis
during a cyberattacks, when time is of the essence.
When a data breach occurs, organizations must respond immediately. Credentials are compromised in minutes, and typically
most of an organization’s critical data or intellectual property is lost within the first day. Verizon’s 2016 Data Breach Investigation
Report highlights this sad realty. It found that 82% of organizations surveyed said that a compromise took only minutes to infiltrate
company systems, and 68% said associated data was breached within days.
Threat Detection Must Be Rapid Cyber Automation

The obvious upshot is that a threat detection solution that Humans are still best at identifying previously unknown threats. Cybersecurity automation must be woven into
cannot detect and remediate threats in near real-time is of little use. the fabric of a team; it is not a stand-alone solution and probably never will be.
This is where cybersecurity automation enters the picture. It doesn’t
replace cyber specialists. Rather, it massively extends their reach.
A good automated cybersecurity system detects an alert Cybersecurity Automation Inevitable
immediately and assesses it for legitimacy and severity. Real threats In any case, there is really no alternative but to embrace automation. Statista, a statistics portal, estimates there
are prioritized and steps are taken to address the problem. If the were 23 billion connected devices in 2016 – a number that it adds will grow to 50 billion by 2020, reflecting an
incident can be resolved automatically, without the need for human avalanche of Internet of Things (IoT) devices. In addition, there is an urgent need to reduce the time it takes to spot
input, it will be. and contain organizational breaches – commonly 200 days-plus to spot them and another 69 days to contain them,
Typically, customizable and scalable automated incident according to Ponemon Institute. The longer the timeframe, typically the worse the financial consequences.
response “playbooks” are built and deployed. Their development is Not far away will be the application of artificial intelligence to automation. Human analysts, however, will go
usually based on real-life scenarios and actual incidents, enhancing nowhere. They know their own environment, and they have intuition about how their system operates, making it
their effectiveness in detecting and resolving legitimate incidents relatively easy to distinguish between what is normal and what is questionable. Humans are also good at quickly
quickly. Automated incident response helps substantially reduce the adapting to rapidly changing conditions and, unlike software, are usually good communicators.
time it takes to resolve an issue from weeks and sometimes months What humans cannot do, of course, is scale, and they often make mistakes. They are relatively slow, too. This is
to hours and sometimes even minutes. why they need to team up with cutting-edge software. The best cybersecurity systems are a union of analyst and
machine.
Source: RSA Blog (September 2017): Cybersecurity Automation Is Coming to the Rescue (Robert Ackerman Jr).
21
The Cybersecurity Skills Shortage
A Cybersecurity Talent Gap Exists Across The Entire Country.
Nationwide Cybersecurity Job Postings National Level Cybersecurity Job Market
Total Cybersecurity Job Openings 285,681
Total Job Postings Total Employed Cybersecurity Workforce 746,858
123-595
Nationwide Job Postings By Category
596-1,417
Operate & Maintain
1,418-1,765 6%
Securely Provision 11% 26%

1,766-3,016
3,017-7,059 Protect & Defend

16%
7,060-10,405 Analyze
10,406-33,454 Oversee & Govern 25%

16%
No MSA
Collect & Operate
Top Cybersecurity Job Titles
Risk Manager / Analyst Systems Administrator IT Auditor Cyber Security Engineer Software Developer / Engineer Network Engineer /
Architect
Cyber Security Manager / Administrator Systems Engineer Cyber Security Analyst / Specialist Vulnerability Analyst / Penetration Tester
Source: Cyber Seek: Cybersecurity Supply / Demand Heat Map.
22
Data Privacy
The EU General Data Protection Regulation (GDPR) Is Driving Growth In Software-Based Privacy Solutions.
What is GDPR? Companies Addressing GDPR

▪ GDPR is a regulation designed to enhance the protection of individuals residing in the EU as well as address
the export of “personal data” outside the EU Artificial intelligence, machine learning, automation, identity
▪ It applies to all organizations that do business in the EU and any organization outside the EU handling EU intelligence and big data expertise are key components of Data
citizens’ personal data Privacy platforms
▪ It broadens the definition of “personal data” and includes identifiers such as genetic, mental, cultural,
economic, social identity and online (IP addresses, cookies) Amount Raised
Company Founded HQ CEO
($M)
GDPR Requirements
2015 San Francisco, CA -- Nimrod Luria
Demonstrate
Penalties: 4% of revenue Users may request a Controllers must comply
25 May 2018: GDPR enforcement of customer
or €20M (whichever is copy of personal data in with breach notification
goes into effect consent for personal data 2016 New York, NY 2.1 Dmitri Sirota
greater) a portable format windows
collection
Satisfy customer data portability Implement adequate technical Appointment of data protection 2016 Seattle, WA 3.0 Kristina Bergman
Privacy risk impact assessments
support and enable right-to-be- and organizational measures to officer (DPO) will be mandatory
will be required where privacy
forgotten and erased from protect persons’ data and for companies processing high
risks are high
records systems volumes of personal data 2013 San Jose, CA 7.0 Stuart Lacey
What Is Required Of Companies To Comply? Are Companies Prepared?

2011 New York, NY -- Todd Feinman
organizations that will fully comply by

<50% May 25, 2018 2016 San Francisco, CA -- Balaji Ganesan
of companies did not have a definitive

Know your
data
What data
exists?
Where is the
data held?
How is data
managed?
Who has
access to data? 97% strategy ready in October 2016 2016 London, UK -- Simon Loopuit
of companies expect sanction or

Existing technology stacks alone cannot meet the mandates handed down by
GDPR 23% remedial action on May 25, 2018
2016 Atlanta, GA -- Kabir Barday
Companies must be able to automatically discover and map all personal of recent Gartner client inquiries on
information across networks (unstructured and structured) and apply policies to
the information
70% privacy relate to GDPR
2017 Washington, DC -- Justin Antonipillai
Source: Gartner, Company Websites, IT Governance, and EUGDPR.org.

23
Cloud Security
Global Cloud Security Market Will Be Worth $9B In 2020, Up 21% In 2017 At $5.9B.
Why Cloud-Based Security Vendors Are On The Rise Worldwide Cloud-Based Security Services Forecast by Segment (Millions of Dollars)
The security gap is widening as traditional endpoint + perimeter

$8,924
based security solutions are no longer enough to protect digital data CAGR: 16.5%
which resides in email, file sharing services, and numerous $7,809 $340
endpoints (mobile, tablet, laptop) $607
$6,863 $310 $571
$512
$873
$5,851 $280 $514
Most companies don't have the know how or budgets to deploy, $430
manage and operate enterprise grade, state of the art, on-premise $4,840 $456 $812 $971
$250
security solutions $359 $752 $873
$221 $397
$287 $703 $786 $2,140
$341
As more organizations and consumers migrate to cloud based services $708 $1,788
$655
and infrastructure (AWS, G Suite, Office 365) there is an increased $1,609
$636
need to secure cloud services in addition to endpoints $1,334
$1,051
$3,422
$3,000
Increasing security threats, operational and cost benefits and staffing $2,550
$2,100
$1,650
pressure continue to drive growth of cloud-based service providers,
affording companies with cost effective security solutions
2016 2017 2018 2019 2020
SIEM, IAM and emerging technologies such as cloud-based malware IAM, IDaaS, User Authentication Other Cloud-Based Security
sandboxes, cloud-based data encryption and web application firewalls Secure Web Gateway Secure Email Gateway
are fastest growing cloud-based security services segments Application Security Testing SIEM
Remote Vulnerability Assessment
Source: Gartner: Gartner Forecasts Worldwide Cloud-Based Security Services to Grow 21 Percent in 2017 (2017).
24
Sector Focus: Cloud Infrastructure Security
A New Breed Of “Cloud Security” Vendors, Providing Both Visibility And Protection.
▪ The migration to the cloud significantly increased the attack surface, spawning a new breed of Cloud Infrastructure Security vendors, who provide
visibility across workloads, applications, processes, containers, machines, and / or users
▪ Advanced analytics, breach detection, and seamless deployment underpins some of the leading vendors in the space
▪ Compliance across multiple cloud infrastructure environments drives additional adoption and growth in the sector
▪ Lacework brings automation, speed and scale to cloud ▪ RedLock platform dynamically discovers cloud infrastructure
security, eliminating manual, repetitive tasks and enabling changes, correlates them with configuration, network and
security teams to keep up with DevOps user data, and applies machine learning to create a visual
map for risk visibility, policy monitoring, and incident
▪ Specifically designed for the cloud, the Lacework security response
Founded: 2015 platform monitors workloads, applications, processes, Founded: 2015
containers, machines, users and accounts to automatically ▪ It provides ease of use with frictionless deployment; instant
HQ: Mountain View, CA HQ: Menlo Park, CA visibility by getting a view into all activity across all of a
surface anomalous behaviors out of billions of events per hour
company’s cloud infrastructure environments; continuous
Amt Raised: $8.4M ▪ Lacework provides unprecedented visibility, automates breach Amt Raised: $11.3M monitoring of all workloads regardless of where they are
detection, delivers one-click investigation and simplifies cloud deployed; and easy auditing and investigation tools for
CEO: Stefan Dyckerhoff compliance
CEO: Varun Badhwar
security and compliance teams
▪ Evident.io provides cloud infrastructure security and

compliance automation designed to proactively manage
public cloud security risk
▪ The Evident Security Platform (ESP) enables organizations of all
Founded: 2013
sizes to proactively manage public cloud security risk —
minimizing attack surface and improving overall security
Others
HQ: Pleasanton, CA posture, all from a single dashboard
Vendors
▪ ESP continuously monitors an organization’s entire public
Amt Raised: $49.1M cloud footprint, identifying and assessing security risks,
providing security staff with expert remediation guidance, and
CEO: Timothy Prendergast
enabling painless security auditing and compliance reporting
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Pitchbook, and Company Website.
25
Sector Focus: Managed Detection & Response
New Entrants To MDR Space Are Targeting Smaller Midsize Organizations.
Leading MDR
Companies
▪ HQ: Scottsdale, AZ ▪ HQ: Houston, TX ▪ HQ: Ontario, Canada ▪ HQ: Lake Mary, FL ▪ HQ: Sunnyvale, CA ▪ HQ: Cincinnati, Ohio ▪ HQ: Reston, VA
▪ CEO: Michael Malone ▪ CEO: Gray Hall ▪ CEO: J. Paul Haynes ▪ CEO: Paul Perkinson ▪ CEO: Brian NeSmith ▪ CEO: Brian Minick ▪ CEO: Rajat Mohanty
▪ Offering: Datashield Managed ▪ Offering: Cloud Defender, ▪ Offering: eSentire Managed ▪ Offering: Virtual SOC Service, ▪ Offering: AWN CyberSOC: ▪ Offering: Morphick Managed ▪ Offering: Paladion Managed
Detection & Resposne, Log Manager, Threat Manager, Detection & Response Automated Threat Intelligence Managed Threat Detection Detection & Response Detection & Response,
ShieldVisionTM ActiveWatch Platform Security Consulting & Testing
MDR: A Catalyst To The Transition To ASOC Where MDR Service Providers Sit In Relation To Traditional MSSPs
MDR BENEFITS
ASOC
ADVANCED SECURITY
MSSP MDR
Leverages intelligence Focuses on people, process, OPERATIONS CENTER Enables 24x7 security Communicates patterns and
analysts versus vendor and & technology in collaboration Coverage without requiring trends rather than event-by-
alert reaction full time staffing event analysis
Automated Threat
Knowledge
Intelligence
Management
Incident
Analysis Intelligence Reporting
Threat Gathering Incident
Monitoring Response
Incident
▪ MDR services are still focused at the enterprise and upper-
Analysis
Reporting midmarket customer, but new entrants are targeting smaller
Activity
Monitoring
midsize organizations
SOC
Incident
SECURITY
Response
OPERATIONS
CENTER ▪ By 2020, 15% of midsize and enterprise organizations will be
using services like MDR, up from less than 1% today
▪ By 2020, 50% of worldwide MSSPs will offer MDR

Intelligence Analysts Empowered Autonomy Meaningful Metrics Knowledge Management Countermeasure Capabilities
Training
Source: Momentum Cyber, Gartner, and Lockheed Martin Corp.

26
Sector Focus: Continuous Security Assessment
Automation Enables Security Risk Assessments At Scale And Eliminates Limitations Of Point-In-Time Snapshots.
▪ Automated, evidence-based security ratings ▪ Discover and manage internal and external ▪ Continuous security validation and automated
▪ Some quantify cyber risks in terms of attack paths to valuable network assets penetration testing, at scale
probabilities and dollars, utilizing internal data ▪ Contextualize threat intel and business criticality ▪ Simulations utilize real-world breach methods
Founded: 2011 Founded: 2015 Founded: 2014
Headquarters: Cambridge, MA Headquarters: Albuquerque, NM Headquarters: Sunnyvale, CA
Raised: $94M Raised: $14M Raised: $19M

Headquarters: New York, NY Headquarters: San Francisco, CA Headquarters: San Diego, CA

Headquarters: San Mateo, CA Headquarters: San Francisco, CA Headquarters: Reston, VA
Raised: Acquired by Guidewire Raised: $31M Raised: $13M

Headquarters: San Francisco, CA Headquarters: Chicago, IL Headquarters: Haifa, Israel

Headquarters: Ann Arbor, MI Headquarters: Sunnyvale, CA Headquarters: Boston, MA
Raised: Acquired by FICO Raised: $99M Market Cap: $1.0B
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Capital IQ, and Pitchbook.
27
Sector Focus: Security Analytics
The Security Analytics Sector Has Finally Begun To Consolidate After Months of Speculation.
Transaction & Target Overview Transaction Rationale Other Leading Analytics Candidates
“The LightCyber team’s vision to bring automation and machine
▪ HQ: San Mateo, CA
Date: 2/28/2017 learning to bear in addressing the task of identifying otherwise ▪ Amt Raised ($M): $23.0
▪ CEO: Idan Tendler
undetected and sophisticated attacks inside the network is well-
HQ: Ramat Gan, Israel aligned with our approach. This technology will complement the
acquires existing automated threat prevention capabilities of our platform to ▪ HQ: Redwood City, CA
▪ Amt Raised ($M): $23.7
Founded: 2011 help organizations improve & scale their security protections” ▪ CEO: Matt Jones
– Mark McLaughlin, Chairman & CEO of Palo Alto Networks
CEO: Gonen Fink “With LightCyber added to our platform, it can further prevent ▪ HQ: San Francisco, CA
command-and-control activity and data exfiltration by detecting ▪ Amt Raised ($M): $31.0
$105 Million anomalous behavior.” – Palo Alto Networks Press Release
▪ CEO: Feris Rifai
“Integrating Niara’s advanced behavioral analytics with ClearPass is a ▪ HQ: Los Angeles, CA
Date: 2/1/2017 natural extension that will now deliver network-wide, real time ▪ Amt Raised ($M): $29.0
▪ CEO: Sachin Nayyar
visibility and predictive assessment of potential risks inside the
HQ: Sunnyvale, CA enterprise.” – Sriram Ramachandran, CEO & Co-Founder of Niara
acquires ▪ HQ: San Mateo, CA
“Niara integrates with Aruba’s ClearPass network security portfolio ▪ Amt Raised ($M): $68.0
Founded: 2013 within the wired & wireless network infrastructure market for ▪ CEO: Nir Polak
traditional & IoT devices…After an incident is discovered by Niara, a

CEO: Sriram Ramachandran ClearPass network access policy can be automatically triggered to ▪ HQ: Ottawa, Ontario
isolate or disconnect the user or device from the network .” ▪ Amt Raised ($M): $36.1
▪ CEO: Mark Smialowicz
$40 Million . – HPE Press Release
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Capital IQ, 451 Group, and Pitchbook.
28
Sector Focus: Strategic Next-Gen MSSP
A Market Poised For Significant Strategic Activity Ahead.
Other Leading Next-Gen MSSPs

Date: 08/21/2017 Date: 04/28/17
▪ HQ: Reston, VA
HQ: Cambridge, Ontario HQ: Zurich, Switzerland ▪ Amt Raised ($M): $9.6
acquires majority stake in acquired ▪ CEO: Rajat Mohanty
Founded: 2011 Founded: 1990
CEO: J. Paul Haynes CEO: Martin Bosshardt ▪ HQ: Houston, TX

▪ Amt Raised ($M): Backed
By Welsh, Carson (WCAS)
▪ CEO: Gray Hall
$150 Million Undisclosed
Strategic / Investor Interest In Next-Gen MSSP At All-Time High

Date: 11/14/2017 ▪ Next-gen MSSP / MDR continues to attract strategic ▪ HQ: Toronto, Canada
interest from traditional MSSPs and is attracting new ▪ Amt Raised ($M): NA
HQ: Scottsdale, AZ entrants to the space including IT service providers, ▪ CEO: Robert Herjavec
acquired professional services / consulting firms, and other global

players with no current presence in the security services
Founded: 2009
sector
CEO: Michael Malone ▪ Mid-market and enterprise organizations are increasingly ▪ HQ: Sunnyvale, CA
finding the need for managed and monitored threat ▪ Amt Raised ($M): $43.3
▪ CEO: Brian NeSmith
hunting solutions that address their threat detection and
Undisclosed response use cases
29
Investor Spotlight: Cybersecurity Startup Studios
U.S. / Maryland (DataTribe) & Tel Aviv (Team8).
DataTribe, is an innovative StartUp Studio, co-building the next generation of commercial Team8, Israel’s leading cybersecurity think tank and company creation platform, develops
Cybersecurity, Analytics and Big Data products with game-changing technology and teams disruptive companies that challenge the biggest problems in cybersecurity and give
coming out of the Intelligence Community and research labs in the Washington, D.C. area. organizations the advantage over cyber attackers. We work with innovation leaders and
Overview Overview
The team is a mixed team of Silicon Valley & Intelligence Community founders, investors & entrepreneurs alongside a research group with intimate knowledge of cybersecurity, access
entrepreneurs. Unlike a VC firm or an incubator, DataTribe co-builds a small number of to the best cyber talent and a cyber syndicate of leading global brands that provide access
companies each year and work alongside each one to boost the chances of success. to customers, partners and key influencers.
Team Team
Bob Ackerman Dave DeWalt Mike Janke Steven Witt Wes Blackwell Yonald Chery
Co-Founder & Investment Board Co-Founder & Co-Founder & Fellow CTO Yuval Shachar Nadav Zafrir Israel Grimberg Liran Grinberg Assaf Mischari
Investment Board Investment Board Investment Board Executive Chairman Co-Founder & CEO Co-Founder & CIO Co-Founder & CMO Head of Research
Locations Fulton, Maryland; San Francisco, California Locations New York, New York; Tel Aviv, Israel
Strategic
Investors
Partners
Portfolio Portfolio
Companies Companies
Source: Company Websites.

30
Investor Spotlight: Highly Specialized Cyber Investors
Deep Domain Expertise, Decades of Successful Cyber Operating & Investing Experience, and Extensive Cyber Networks.
Selected Specialized Cybersecurity Focused Venture Capital Groups
HQ: Palo Alto, California HQ: Palm Beach, Florida HQ: Boston, Massachusetts HQ: San Mateo, California
Partners: Bob Ackerman Jr., David DeWalt, Pete Partners: Jay Leek, Alex Weiss, Peter Kuper, and Partners: Alex Doll and Mark Hatfield Partners: Alberto Yépez, Sean Cunningham, Ken
Bodine, and Spencer Tall Patrick Heim Gonzalez, and Donald Dixon
Latest Fund Size: $200M+
Latest Fund Size: $200M-$400M (Target) Latest Fund Size: $300M (Target) Fund Size: $300M
Overview: TenEleven Ventures is a venture capital
Overview: AllegisCyber is a venture capital firm that Overview: ClearSky is a venture capital / growth firm that invests in Cybersecurity companies and is Overview: Trident Capital Cybersecurity is a venture
specializes in seed / early-stage investments. It seeks equity firm that has been operating since 2012. dedicated to helping them thrive. The firm invests capital fund dedicated solely to cybersecurity early
to invest in banking, retail, consumer, financial ClearSky is currently investing through two funds: globally and specializes in early and growth-stage stage investing. It is a spin-out of Trident Capital and
services, industrial, manufacturing, healthcare, cyber ClearSky Power & Technology and ClearSky investments. TenEleven Ventures has a joint prefers to invest in the internet of things, secure
security and its applications in emerging technology Security. ClearSky Security invests in companies investment alliance with KKR payments and fraud, next-generation identity
markets with a focus in the related areas including that offer transformative solutions for cybersecurity, platforms, behavioral analytics and privacy and
big data analytics, Internet of things (IoT) and industrial security and critical infrastructure security security
virtualization
Selected Investments Selected Investments Selected Investments Selected Investments
Source: Firm Press Releases, Capital IQ, Pitchbook and Company Websites.
31
Investor Spotlight: Corporate VCs
A Number of Notable Large Cap Companies Announced A Cybersecurity Focused Corporate Venture Fund.
Selected Corporate VCs
$100 Million $20 Million Corporate VC Balance Sheet $100 Million
HQ: Menlo Park, CA HQ: Palo Alto, California HQ: Mountain View, California HQ: Tokyo, Japan
Partners: Murray Graingers Partners: Chad Kinzelberg (PANW), Jim Goetz Partners: Ken Schneider Partners: Eva Chens
Focus: Early Stage High-Growth (Sequoia), Asheem Chandna (Greylock) Focus: Early Stage Focus: Early Stage
Type: Companies that are strategically Focus: Early Stage & Growth Type: Companies that are strategically Type: Emerging technology markets,
relevant or disruptive to Honeywell Type: Innovative Security Applications for the relevant or disruptive to Symantec especially the IoT market
Other: The group will concentrate on PANW Next-Gen Security Platform Other: Startups will be given access to Other: Portfolio startups will gain access to
partners where Honeywell can accelerate Other: The fund will collaborate with Greylock Symantec’s technology as well as threat the company’s technology and its channel of
their growth through its global presence, Partners and Sequoia Ventures to identify and intelligence data, used for product testing, more than 28,000 partners
access to proven technologies and installed evaluate innovative security applications for validation, machine learning algorithm
base of customers and channels potential strategic co-investment training, and AI system creation
Source: Firm Press Releases, Capital IQ, Pitchbook and Company Websites.
32
Major Industry Conferences | 2018
Momentum Cyber Will Be Speaking At A Number of Cybersecurity Conferences Worldwide.
▪ Cybertech is the most significant ▪ Cyber Week brings together international

conference and exhibition of cyber Cyber Week cybersecurity experts and enthusiasts,
January 29-31, 2018 technologies outside of the United States, June 17-21, 2018 Cyber Week provides the opportunity to
Tel Aviv, Israel bringing together global corporates, SMBs, Tel Aviv, Israel gain insight into the latest global
Tel Aviv Convention Center start-ups, investors, experts, and clients Tel Aviv University developments in cybersecurity
▪ RSA Conference provides an opportunity ▪ Black Hat is the world's leading information
to learn about new approaches to info security event, providing attendees with the
April 16-20, 2018 security, discover the latest technology and August 4-9, 2018 very latest in research, development and
San Francisco, CA interact with top security leaders and Las Vegas, NV trends, including four days of technical
Moscone Center pioneers Mandalay Bay training followed by a two-day conference
▪ Cyber Investing Summit is an all-day ▪ Structure Security highlights the best
conference focusing on the financial practices used to protect the world's largest
May 15, 2018 opportunities, trends, challenges, and September 2018 companies & institutions, and examines the
New York, NY investment strategies available in the high South San Francisco, CA future of security products, services, and
Convene – Financial District South SF Conference Center the threats that aim to take them down
growth cyber security industry
Gartner Security & Risk ▪ Gartner Security & Risk Management ▪ SINET Showcase provides a platform to
Management Summit Summit provides you with proven practices SINET Showcase identify and highlight “best-of-class”
June 4-7, 2018 and strategies needed to maintain cost- November 7 & 8, 2018 security companies that are addressing the
National Harbor, MD effective security and risk programs to Washington DC most pressing needs and requirements in
Gaylord Convention Center support digital businesses National Press Club Cybersecurity
33
III. Public Company
Trading Analysis
III. Public Company Trading Analysis
Section Contents.
i. Cyber Multiples Continue To Increase 36
ii. Significant Growth in Public Cyber Companies | 2010 to 2018 YTD 37
iii. Cybersecurity IPO Insights: Three Cybersecurity IPOs In 2017 38
iv. Cybersecurity Sector vs Benchmark Performance 39
v. Public Cybersecurity Companies Stock Performance 40
vi. The Correlation Of Value To Growth & Profitability Continues To Rise… 41
vii. …While The Correlation To Growth Alone Remains Weak 42
viii. Trading Multiples: High Growth & Low Growth 43
ix. Public Company Trading Analysis & Operating Metrics 44-45
x. 2017 IPO Cybersecurity Profiles (SailPoint, ForeScout, Okta) 46-56
35
Cyber Multiples Continue To Increase
Public Market Valuations For Cybersecurity Continue To Increase Since Their Rapid Decline From ‘The Peak.’
Min % Change Median % Change Max % Change Company EV / 2016E Revenue EV / 2017E Revenue % Change
The Peak 2.4x 8.5x 14.8x
56.2% 63.5% 51.0% 3.8x 6.9x 83.6%
The Trough 1.0x 3.1x 7.3x
4.6x 8.5x 82.7%
2016 2017
3.4x 5.0x 49.1%
Max 8.6x
2.8x 3.7x 34.5%
Max 7.9x 6.4x 8.6x 34.3%
9.4% Increase
2.6x 3.4x 32.3%
3.3x 4.3x 27.8%
5.2x 6.5x 25.1%
2.7x 3.4x 24.4%

Median 4.4x 1.5x 1.7x 9.7%
7.8x 8.3x 6.2%

Median 3.8x
15.5% Increase
2.9x 3.1x 5.9%
4.3x 4.4x 2.2%
2.1x 2.1x 0.4%
7.9x 7.7x 3.1%
6.7x 6.3x 6.8%

12.9% Reduction 3.9x 3.1x 20.0%
Min 1.5x Min 1.3x 1.7x 1.3x 23.4%
EV / 2016E Revenue EV / 2017E Revenue
Multiple as of 12/31/16 Multiple as of 12/31/17 5.9x 4.5x 23.5%
Note: The Peak shows EV / 2015E Revenue Multiple as of 6/23/15, The Trough shows EV / 2016E Revenue Multiple as of 6/30/16. Excludes figures for OKTA, Sailpoint, and ForeScout given all three companies completed IPOs in 2017.
36
Significant Growth in Public Cyber Companies | 2010 to 2018 YTD
Public Cyber Markets Are Thriving.
Explosive
Public Company Stats | 2010 Public Company Stats | 2018 YTD 210%
Growth in Market
Growth Market Market Capitalization
$42.2B $129.7B
in Public Capitalization ($B) Capitalization ($B)
Cybersecurity 182%
Companies Number
of Companies 11
Number
of Companies
31
Growth in Number of Public
Cybersecurity Companies
Public Cyber Companies | 2010 Public Cyber Companies | 2018 YTD
Source: Capital IQ.

Note: Only includes companies with a market capitalization of greater that $200M as of January 16, 2018. Market Cap for McAfee represents implied equity value at time of TPG transaction. 37
Cybersecurity IPO Insights: Three Cybersecurity IPOs In 2017
All 3 Cybersecurity IPOs For 2017 Are Performing Considerably Above Their IPO Price.
Implied Multiple At IPO 5 ‘Take Private’ Deals from 2016-2017 IPO Backlog
(Multiple: EV / LTM Revenue) Acquirer Target EV EV / LTM Revenue

Raised: $183M Raised: $274M
Confidentially Filed: Confidentially Filed:
$1.3B 3.5x
10/26/17 10/03/16
$1.5B 3.4x
PE Backed Raised: $182M
$0.5B 3.8x
Raised: $184M Raised: $268M
$1.3B 4.4x
17.7x
$1.4B 3.8x Raised: $133M Raised: $407M
11.2x 11.5x
8.3x
5.6x 6.2x
Current Median: 6.5x
3.6x 3.1x 4.5x 3.7x 4.8x 4.2x 3.5x
3.5x 2.9x 3.1x Median: 4.4x
*
IPO Timing 2012 2013 2014 2015 2016 2017
Stock
Performance 440% 669% 274% 431% 103% 23% 53% 55% 173% 189% 43% 221% 31% 80% 54% 42%
(since IPO)
EV / LTM Rev
(Current)
10.4x 9.2x 7.2x 9.6x 4.0x 3.7x 3.5x 1.8x 5.1x 7.7x 4.9x 7.9x 1.5x 12.5x 6.1x 8.9x
Total Raised
(In IPO)
$230M $82M $260M $91M $128M $304M $64M $100M $86M $554M $103M $78M $112M $187M $116M $240M
Source: Capital IQ. Stock performance and valuation multiples as of January 25th, 2018.
Note: All IPO figures exclude overallotment shares exercised and associated net cash proceeds. *All figures shown related to Gigamon are as of 12/26/2017 as all financial data was no longer available thereafter.
38
Cybersecurity Sector vs Benchmark Performance
High Growth Performance Out Grows All 3 Indices While Low Growth Out Grows S&P 500 & HACK Indices.
Benchmark 3 Months 6 Months 12 Months

145
High Growth 8.9% 21.0% 34.9%
Low Growth (4.0%) 3.2% 26.6%
NASDAQ 5.9% 12.4% 27.2%
135 S&P 500 5.7% 10.3% 18.4% 34.9%

HACK* 4.3% 5.4% 18.7%
27.2%
125 26.6%
18.7%
18.4%
115
105
95
Jan-17 Feb-17 Mar-17 Apr-17 May-17 Jun-17 Jul-17 Aug-17 Sep-17 Oct-17 Nov-17 Dec-17
High Growth Low Growth S&P 500 NASDAQ HACK
Source: Capital IQ. Public Market Data as of December 31, 2017.

Note: *PureFunds ISE Cybersecurity ETF. 39
Public Cybersecurity Companies Stock Performance
2017 Stock Performance By Growth %.
118% 86% 64% 60% 55% 52% 51% 45%

$7 $65 $33 $85 $60 $20 $32
$32
$60 $31 $80 $19
$30
$6 $29 $55 $30
$18
$55 $75
$27 $28
$5 $50 $17 $28
$50 $25 $70
$16 $26
$23 $26
$4 $45 $65 $45 $15
$21 $24 $24
$40 $60
$19 $14
$3 $40
$35 $55 $22 $22
$17 $13
$2 $30 $15 $50 $35 $12 $20 $20
J F M A M J J A S O N D J F M A M J J A S O N D J F M A M J J A S O N D J F M A M J J A S O N D J F M A M J J A S O N D J F M A M J J A S O N D A M J J A S O N D O N D
44% 28% 25% 22% 20% 16% 16% 16%

$19 $35 $16
$45 $29 $119
$95 $18
$43 $114 $155 $33
$27 $17 $15
$41 $90
$25 $109 $16 $145 $31
$39
$23 $85 $104 $15
$37 $135 $29 $14
$14
$21 $99
$35 $80 $13 $27
$125
$19 $94 $13
$33 $12
$75 $25
$31 $17 $89 $11 $115
$29 $15 $70 $84 $10 $23 $12

$105
J F M A M J J A S O N D J F M A M J J A S O N D J F M A M J J A S O N D J F M A M J J A S O N D J F M A M J J A S O N D J F M A M J J A S O N D N D
J F M A M J J A S O N D
11% 6% 3% 2% 9% 16%
$53 $7
$5 $16 $13
$51 $55
$7 $16
$49 $15 $53 $12
$6
$47 $15 $51
$6
$45 $14 $49 $11
$4 $5 $14
$43 $47
$5 $13 $10
$41 $45
$13
$39 $4 $43
$12 $9
$37 $4 $41
$12
$35 $3
$3 $11 $39 $8
J F M A M J J A S O N D J F M A M J J A S O N D
J F M A M J J A S O N D J F M A M J J A S O N D J F M A M J J A S O N D J F M A M J J A S O N D

Note: Charts pertaining to Okta (April 2017), ForeScout (October 2017), & SailPoint (November 2017) reflect monthly stock prices from their respective IPO dates. 40
The Correlation Of Value To Growth & Profitability Continues To Rise…
Public Markets Today Value A Balance Of Growth & Profitability – Back To Basics.
R2
10.0x 4Q17: 62.4% 3Q17: 50.7%
2Q17: 41.1% 1Q17: 54.1%

$12,993 mn
$16,993 mn
:8.2%, 8.6x
$2,415 mn
8.0x :29.3%, 6.7x
:4.5%, 4.7x
$4,177 mn $4,485 mn
Okta, SailPoint, & ForeScout have
been excluded from R^2
EV / Revenue 2018E
6.0x $14,452 mn
$1,839 mn
$7,684 mn
$1,004 mn
4.0x $1,478 mn $16,833 mn
$2,846 mn $7,897 mn
$758 mn
2.0x $389 mn $1,454 mn $1,515 mn
$588 mn
$782 mn
0.0x
0% 10% 20% 30% 40% 50% 60% 70%
2018E Revenue Growth + 2018E Operating Margin

Note: Size of the bubble indicates Market Cap. In USD. % represents 2018E Revenue Growth + 2018E Operating Margin; the multiple represents EV / 2018E Revenue. 41
…While The Correlation To Growth Alone Remains Weak
Public Markets Today Value A Balance Of Growth & Profitability – Back To Basics.
10.0x
$16,993 mn
$2,415 mn
8.0x
$12,993 mn
$4,177 mn
$14,452 mn
$4,485 mn
EV / Revenue 2018E
6.0x
$16,833 mn
$7,684 mn
$7,897 mn $1,839 mn
R2
$2,846 mn
4Q17: 28.7% 3Q17: 18.0%
4.0x $1,515 mn
2Q17: 14.3% 1Q17: 16.7%
$758 mn
$1,004 mn
$1,478 mn :32.4%, 8.6x
$1,454 mn :24.5%, 6.7x

2.0x $588 mn
:20.5%, 4.7x
$389 mn
$782 mn Okta, SailPoint & ForeScout have
been excluded from R^2
0.0x
0% 5% 10% 15% 20% 25% 30% 35%
2018E Revenue Growth

Note: Size of the bubble indicates Market Cap. In USD. % represents 2018E Revenue Growth; the multiple represents EV / 2018E Revenue. 42
Trading Multiples: High Growth & Low Growth
Valuation Multiples For High Growth & Low Growth Cybersecurity Companies.
EV / 2017E Revenue EV / 2018E Revenue
11.4x
9.7x
9.2x
8.6x 8.3x 8.6x
8.3x Median: 7.8x 7.8x 7.7x 7.9x 7.8x
7.3x 6.7x 6.7x
6.8x 6.4x
5.7x 5.9x 5.7x Median: 6.3x
4.8x 4.7x 4.5x 4.7x
4.2x 4.4x 4.1x 4.1x
4.6x 3.7x 3.5x 3.5x Median: 4.0x 3.9x
3.1x 3.8x 3.4x 3.3x Median: 3.7x
2.9x 2.8x
2.3x 2.1x
1.8x 1.5x 1.6x 1.4x
OKTA SPLK PFPT SAIL MIME PANW FSCT RPD QLYS CHKP SOPH CYBR TREND FTNT SYMC FEYE CUDA IMPV FSC1V VDSI MOBL SCWX OKTA SPLK SAIL PFPT MIME PANW FSCT RPD QLYS CHKP SOPH TREND SYMC CYBR FTNT FEYE CUDA IMPV FSC1V VDSI MOBL SCWX
2016-2017E Revenue Growth 2016-2018E Revenue Growth
58%
32%
30%
39% 25% 24%
36% 24% Median: 24%
22%
31% 31% 30% Median: 31% 21% 21% 20% 19%
17% 16%
27% 26%
22% 14%
19% 17%
16% 10% 9% 8%
14% Median: 9%
8%
12% 8% 8% 7% 7%
8% 7% 7% 6% Median: 8% 6%
4% 3%
-2%
OKTA MIME PFPT SAIL SPLK FSCT RPD PANW IMPV CYBR FTNT QLYS SOPH TREND SCWX FSC1V CUDA CHKP MOBL FEYE VDSI OKTA PFPT SPLK SAIL MIME RPD FSCT PANW SOPH CYBR IMPV QLYS FTNT FSC1V VDSI SCWX FEYE TREND MOBL CUDA CHKP SYMC
High Growth Low Growth High Growth Low Growth

Source: Capital IQ. Public Market data as of January 25th, 2018.
Note: High Growth represented by companies with >20% revenue CAGR; Low Growth represented by companies with <20% revenue CAGR. 43
Public Company Trading Analysis
High Growth & Low Growth Cybersecurity.
Revenue Growth EV / Revenue EV / EBITDA P/E
LTM Price Market Enterprise
Stock Price
Performance Cap ($M) Value ($M) 2016-2017E 2017E-2018E 2018E-2019E LTM CY 2017E CY 2018E CY 2019E LTM CY 2017E CY 2018E CY 2019E LTM CY 2017E CY 2018E CY 2019E
High Growth Cybersecurity (>20% CAGR)

Palo Alto Networks $157.28 7.6% $14,452 $13,480 25.8% 20.4% 16.5% 7.2x 6.8x 5.7x 4.9x NM 28.6x 22.0x 17.9x 54.2x 51.4x 41.7x 35.0x
Splunk $91.85 56.8% 12,993 12,012 30.7% 25.5% 27.4% 10.4x 9.7x 7.7x 6.1x NM NM 57.1x 38.1x NM NM NM 71.7x
Proofpoint $100.03 23.8% 4,485 4,406 35.7% 30.0% 27.5% 9.2x 8.6x 6.7x 5.2x NM 67.4x 48.6x 34.4x NM NM 97.0x 64.1x
Okta* $30.52 79.5% 3,111 2,887 57.8% 32.4% 32.7% 12.5x 11.4x 8.6x 6.5x NM NM NM NM NM NM NM NM
Mimecast $32.08 46.7% 1,839 1,750 39.5% 24.1% 18.4% 7.9x 7.3x 5.9x 5.0x NM NM 57.2x 46.0x NM NM NM NM
SailPoint* $17.05 42.1% 1,459 1,441 31.3% 24.5% 25.2% 8.9x 8.3x 6.7x 5.3x 80.6x 66.2x NM 67.0x NA NM NM NM
ForeScout* $33.98 54.5% 1,288 1,240 30.2% 20.5% 21.6% 6.1x 5.7x 4.7x 3.9x NM NM NM NM NM NM NM NM
Rapid7 $22.87 79.5% 1,004 920 27.4% 19.7% 17.7% 4.9x 4.6x 3.8x 3.3x NM NM NM NM NM NM NM NM
Mean 34.8% 24.6% 23.4% 8.4x 7.8x 6.2x 5.0x 80.6x 54.1x 46.2x 40.7x 54.2x 51.4x 69.4x 56.9x
Median 31.0% 24.3% 23.4% 8.4x 7.8x 6.3x 5.1x 80.6x 66.2x 52.8x 38.1x 54.2x 51.4x 69.4x 64.1x
Low Growth Cybersecurity (<20% CAGR)
Symantec $27.15 (0.4%) $16,833 $21,016 NM 3.4% 6.0% 4.6x 4.2x 4.1x 3.9x 35.3x 9.2x 8.1x 6.8x 20.4x 18.7x 14.4x 13.2x
Check Point Software $103.97 7.6% 16,993 15,483 6.7% 6.3% 6.4% 8.4x 8.3x 7.8x 7.4x 17.0x 14.9x 14.1x 13.1x 27.7x 19.8x 18.2x 16.7x
Trend Micro $55.89 51.3% 7,684 6,381 11.8% 7.6% 5.7% 4.7x 4.7x 4.4x 4.1x 13.1x 14.1x 12.6x 11.6x 31.4x 32.3x 28.7x 26.4x
Fortinet $45.41 38.4% 7,897 6,621 16.6% 13.9% 12.8% 4.6x 4.5x 3.9x 3.5x 39.0x 21.5x 17.8x 14.8x NA 44.7x 37.8x 31.5x
Sophos $8.94 171.2% 4,177 4,413 13.6% 21.5% 22.3% 7.7x 7.8x 6.4x 5.2x NM NM 67.6x 45.8x NM NM 74.5x 71.0x
FireEye $15.42 18.4% 2,846 2,738 4.0% 7.7% 8.5% 3.7x 3.7x 3.4x 3.2x NM 31.3x 27.0x 20.1x NA NM NM 94.9x
Qualys $63.70 76.0% 2,415 2,113 16.1% 16.4% 14.8% 9.6x 9.2x 7.9x 6.9x 37.2x 25.0x 21.6x 18.9x 65.0x 60.5x 54.4x 47.3x
CyberArk $43.62 (16.1%) 1,515 1,241 18.6% 19.2% 17.5% 5.1x 4.8x 4.1x 3.4x 42.3x 22.1x 17.6x 14.4x NM 39.5x 33.1x 26.8x
Barracuda Networks $27.54 15.9% 1,478 1,300 7.0% 7.2% 18.3% 3.5x 3.5x 3.3x 2.8x 40.4x 19.9x 16.3x 12.8x 35.8x 38.1x 31.3x 24.8x
Imperva $42.75 3.9% 1,454 1,111 21.7% 17.2% 15.8% 3.6x 3.5x 2.9x 2.5x NM 25.7x 20.1x 14.7x 57.0x 46.0x 41.8x 32.6x
Secureworks $9.64 (9.3%) 782 682 8.4% 8.4% 10.7% 1.5x 1.5x 1.4x 1.2x NM NM NM 29.1x NM NM NM NM
F-Secure $4.84 34.6% 758 657 8.2% 9.6% 10.3% 3.2x 3.1x 2.8x 2.5x 29.6x 28.1x 18.9x 13.0x 38.7x 48.4x 36.7x 22.9x
VDSI $14.75 (2.3%) 588 430 (1.7%) 9.0% 5.7% 2.3x 2.3x 2.1x 2.0x 41.3x 22.5x 20.1x 15.5x 52.7x 38.3x 37.5x 32.8x
MobileIron $4.05 (8.0%) 389 307 6.3% 7.3% 9.4% 1.8x 1.8x 1.6x 1.5x NM NM NM NM NM NM NM NM
Mean 10.6% 11.1% 11.7% 4.6x 4.5x 4.0x 3.6x 32.8x 21.3x 21.8x 17.7x 41.1x 38.6x 37.1x 36.7x
Median 8.4% 8.7% 10.5% 4.2x 4.0x 3.7x 3.3x 37.2x 22.1x 18.3x 14.7x 37.2x 38.9x 36.7X 29.2x
Source: Capital IQ. Market data as of January 25th, 2018.

Note: NM – Not Meaningful, NA – Not Available. *Price performance from IPO price. Symantec ’16-’17 Revenue Growth Not Meaningful (NM) due to acquisition spree in 2016. 44
Public Company Trading Analysis: Operating Metrics
High Growth & Low Growth Cybersecurity.
Revenue ($M) Revenue Growth (%) EBITDA ($M) EBITDA Margin (%)
Company
LTM 2017E 2018E 2019E 16-’17E 17E-’18E 18E-’19E LTM 2017E 2018P 2019E LTM 2017E 2018E 2019E
High Growth Cybersecurity (>20% CAGR)

Palo Alto Networks $1,869 $1,971 $2,372 $2,765 25.8% 20.4% 16.5% ($81) $471 $613 $754 (4.3%) 23.9% 25.8% 27.3%
Splunk 1,158 1,242 1,558 1,985 30.7% 25.5% 27.4% (255) 146 210 315 (22.1%) 11.8% 13.5% 15.9%
Proofpoint 477 510 663 845 35.7% 30.0% 27.5% (34) 65 91 128 (7.1%) 12.8% 13.7% 15.2%
Okta 231 253 335 444 57.8% 32.4% 32.7% (105) (65) (71) (29) (45.5%) (25.8%) (21.2%) (6.4%)
Mimecast 222 239 296 351 39.5% 24.1% 18.4% 8 22 31 38 3.5% 9.0% 10.3% 10.8%
SailPoint 163 174 216 271 31.3% 24.5% 25.2% 18 22 15 22 11.0% 12.5% 6.8% 7.9%
ForeScout 204 217 262 318 30.2% 20.5% 21.6% (63) 45) (37) (7) (30.7%) (20.5%) (14.1%) (2.2%)
Rapid7 188 201 240 282 27.4% 19.7% 17.7% (40) (21) (14) 8 (21.1%) (10.4%) (5.8%) 2.8%
Low Growth Cybersecurity (<20% CAGR)

Symantec $4,571 $4,945 $5,113 $5,423 NM 3.4% 6.0% $596 $2,290 $2,602 $3,087 13.0% 46.3% 50.9% 56.9%
Check Point Software 1,835 1,857 1,973 2,100 6.7% 6.3% 6.4% 912 1,040 1,100 1,178 49.7% 56.0% 55.7% 56.1%
Trend Micro 1,360 1,358 1,461 1,544 11.8% 7.6% 5.7% 487 454 506 552 35.8% 33.4% 34.6% 35.7%
Fortinet 1,441 1,487 1,695 1,912 16.6% 13.9% 12.8% 170 308 373 449 11.8% 20.7% 22.0% 23.5%
Sophos 571 569 692 846 13.6% 21.5% 22.3% 7 48 65 96 1.2% 8.5% 9.4% 11.4%
FireEye 734 743 800 868 4.0% 7.7% 8.5% (139) 87 102 136 (19.0%) 11.8% 12.7% 15.7%
Qualys 220 230 268 307 16.1% 16.4% 14.8% 57 85 98 112 25.8% 36.8% 36.5% 36.3%
CyberArk 246 257 306 360 18.6% 19.2% 17.5% 29 56 70 86 12.0% 21.8% 23.0% 24.0%
Barracuda Networks 373 372 398 471 7.0% 7.2% 18.3% 32 65 80 102 8.6% 17.5% 20.0% 21.6%
Imperva 309 322 377 436 21.7% 17.2% 15.8% (7) 43 55 76 (2.1%) 13.5% 14.7% 17.3%
Secureworks 466 465 504 558 8.4% 8.4% 10.7% (28) (21) (7) 23 (5.9%) (4.6%) (1.4%) 4.2%
F-Secure 208 214 235 259 8.2% 9.6% 10.3% 22 23 35 50 10.7% 10.9% 14.8% 19.5%
VDSI 186 189 206 218 (1.7%) 9.0% 5.7% 10 19 21 28 5.6% 10.1% 10.4% 12.7%
MobileIron 173 174 187 205 6.3% 7.3% 9.4% (53) (18) (8) (3) (30.6%) (10.2%) (4.3%) (1.5%)
Source: Capital IQ. Market data as of January 25th, 2018.

Note: NA – Not Available. Symantec ’16-’17 Revenue Growth Not Meaningful (NM) due to acquisition spree in 2016. 45
2017
Cybersecurity IPOs
1
20,000,000 Shares 5,280,000 Shares 11,000,000 Shares
Common Stock Class A Common Stock Class A Common Stock
$12.00 Per Share $22.00 Per Share $17.00 Per Share
$240,000,000 $116,160,000 $187,000,000
November 17, 2017 October 27, 2017 April 7, 2017

IPO
November 17th, 2017
SailPoint Was The 3rd Cybersecurity IPO of 2017.
20,000,000 Shares Business Overview Customer Highlights

SailPoint provides enterprise identity solutions to govern the digital identities of employees, contractors &
825 Customers 39 Countries
business partners. Its open identity platform provides organizations with critical visibility into who currently has
access to which resources, who should have access to those resources, and how that access is being used
Focus On Large & Mid-Market
Common Stock
Enterprise Businesses
Compliance Controls Password Management
$12.00 Per Share Access certification and identity policies Reset passwords automatically while
critical to achieving continual compliance enforcing corporate policy Insurance
$240,000,000 Finance Health Care & Gov’t
Pharmaceutical
Access Request & Automated Provisioning Data Access Governance Top Customers Include:
Ensure the right people have the right access Govern access to all data; 80% of
to the right applications at the right time corporate data is unstructured
Key IPO Statistics Summary Financials Stock Performance Since IPO

Headquarters: Austin, Texas Exchange: NYSE
$16.45
Founded: 2004 Stock Price ($): $17.05 $16.50
$15.83 $16.09$16.12
Employees: 765 52 W High / Low ($): $17.75 / $12.82 $15.80
$15.62
Ticker: SAIL Market Cap (USD $M): $1,458.7 $15.50 $15.44
$15.04 $15.02
Listing Date: November 17, 2017 Net Debt ($M): ($17.3) $14.83 $14.60
$14.50
Shares Offered: 20,000,000 (original shares planned at 14.3M) Enterprise Value ($M): $1,441.4 $14.35 $14.39 $14.50
Offer Price: $12.00 (Filing range was $9.00 - $11.00) LTM Revenue ($M): $162.6 $13.50
Amount Raised: $240,000,000 LTM EBITDA ($M): $17.9
$13.00
Ownership: Thoma Bravo owns 60.5% of outstanding shares EV / LTM Revenue: 8.9x $12.50
11/17 12/1 12/15 12/29 1/12
Source: SEC filings and Capital IQ.

Note: Valuation metrics and stock price performance as of January 25th, 2017. LTM numbers as of September 30, 2017. 3 49
SailPoint Was The 3rd Cybersecurity IPO of 2017.
Financial Snapshot Management Team

Revenue ($M) Adjusted EBITDA ($M) Mark McClain, Chief Executive Officer & Co-Founder
▪ Has served as Chief Executive Officer & Board Member since co-
$200 $19.9
$162.6 $20 founding SailPoint in 2005
$132.4 $15.1 ▪ Prior to SailPoint, Mark co-founded Waveset Technologies which was
$150 $16
acquired by Sun Microsystems in 2003
$95.4
$12
$100 $7.5 Kevin Cunningham, Chief Strategy Officer & Co-Founder
$8 ▪ Has served as Chief Strategy Officer since co-founding SailPoint in
$50 2005
$4
▪ Prior to SailPoint, Kevin was Director of Software Marketing for Sun
$0 $0
Microsystem
FY 15 FY 16 LTM FY 15 FY 16 LTM
Cam McMartin, Chief Financial Officer
Growth Strategy ▪ Cam has served as Chief Financial Officer since 2011
▪ Prior to SailPoint, Cam served as MD and CFO for CenterPoint
Drive New Customer Growth Further Penetrate Existing Customer Base
Ventures & held senior financial management positions for Convex
▪ Total addressable market of 80,000 companies having at ▪ As customers realize the value of their investment, new Computer & Dazel
least 1,000 employees use cases and deployments are identified, allowing SAIL
▪ Penetrated approximately 1% of approximately 65,000 to sell more products to existing customers and to Howard Greenfield, Chief Revenue Officer
companies in the countries where customers are today expand the number of identities covered within their ▪ Howard has served as Chief Revenue Officer since Oct 2017 and
organizations previously served as SVP of Worldwide Sales
▪ Prior to SailPoint, Howard served as Vice President of Worldwide
Continue to Expand Global Presence Expand Market & Product Across Other Verticals Mobility Sales for Zenprise (acquired by Citrix Systems)
▪ Generated 30% of revenue outside of U.S. in 2016 ▪ Penetrate target vertical markets by providing vertical-
▪ Gartner estimates more than 62% of worldwide specific identity solutions & focusing marketing efforts
spending on security products was outside the U.S. to address the use cases of those customers
Directors
Board of
Leverage & Expand Existing Partner Network Continue To Invest In Platform
▪ Partnerships with global SIs and resellers have helped ▪ Continue investing to extend its position as the leader
extend SAIL’s reach to serve customers more effectively in identity governance by developing or acquiring Mark McClain Marcel Bernard William Bock Seth Boro Jim Pflaging Chip Virnig
▪ Significant opportunity to offer solutions to customers by new products and technologies

collaborating with adjacent technology vendors

Note: LTM numbers as of September 30, 2017. 3 50
IPO
October 27th, 2017
ForeScout Was The 2nd Cybersecurity IPO of 2017.
5,280,000 Shares Business Overview Key Metrics

ForeScout offers a heterogeneous security solution that can see devices, control them and orchestrate 2,500+
system-wide threat response across your wired and wireless campus, data center, cloud and operational Customers
technology deployments without agents.
Class A Common Stock 70+
Countries
See: Control: Orchestrate:
$22.00 Per Share Agentless Visibility Policy-based Segmentation Security Automation 42M+
Endpoint Licenses Sold
Continuously discover, classify, Automate policy-based notifications Orchestrate information sharing and
$116,160,000
assess and monitor the expanding and access control (devices, users policy-based security enforcement 1M+
number of physical and applications), limit access to operations among IT and security Devices Supported In A Single
endpoints, IoT, OT devices and appropriate resources, streamline management products to accelerate Deployment
virtual instances connected to your guest onboarding, find and fix system-wide threat response 70+
network—without requiring agents endpoint security gaps without human intervention Integrations

Headquarters San Jose, California Exchange NASDAQ $34.00 $33.69
$32.89
Founded 2000 Stock Price ($) $33.98 $31.89
$32.00
Employees 898 52 W High / Low ($) $35.00 / $21.56 $30.97 $30.97
$30.00 $28.66
Ticker FSCT Market Cap (USD $M) $1,288.1
$28.00 $28.61
Listing Date Oct 27, 2017 Net Debt ($M) ($47.7) $25.50 $26.94 $27.48
$26.00
Shares Offered 5,280,000 (original shares planned at 4.8M) Enterprise Value ($M) $1,240.4 $24.35
$24.00 $25.11
Offer Price $22.00 (Filing range was $20.00 - $22.00) LTM Revenue ($M) $204.3
$22.00 $22.41
Amount Raised $116,160,000 LTM EBITDA ($M) ($62.7) $21.92
$20.00
Ownership Directors & Executive Officers own 39.5% of EV / LTM Revenue 6.1x 10/27 11/10 11/24 12/8 12/22 1/5 1/19
Structure outstanding shares EV / LTM EBITDA NM

Note: Valuation metrics and stock price performance as of January 25th, 2017. LTM Numbers as of September 30, 2017. 3 52
ForeScout Was The 2nd Cybersecurity IPO of 2017.

Revenue ($M) Adjusted EBITDA ($M) Michael DeCesare, Chief Executive Officer and President
▪ Chief Executive Officer, President and Board of Directors member of ForeScout
$200 FY 14 FY 15 FY 16 ▪ Has more than 25 years of industry experience, including serving as President of
$166.8
$0 Intel Security and Executive Vice President of Worldwide Sales at McAfee
$150 $126.0
($7.6) Pedro Abreu, Chief Strategy Officer
$100 ($20) ▪ Leads Corporate Strategy
$71.1
▪ Prior to joining ForeScout, Pedro was Senior Vice President of Strategy and Go-
To-Market Operations at Intel Security
$50 ($40) ($34.1) ▪ He has held several senior-level strategy and operations roles with EMC,
Documentum and McKinsey.
$0 ($51.0)
($60)
FY 14 FY 15 FY 16 Oded Comway, Co-Founder and CTO
▪ Prior to founding Forescout in 2000, Oded managed the Tel Aviv University
Growth Strategy Systems
▪ He was a co-founder of Tap Guard Technologies
Expand Within Existing End-Customers Expand New Parts Of Existing Customers Networks
Dror Comay, Co-Founder and Chief Architect
▪ Expected to grow within our end-customer base ▪ Expected to grow as end-customers broaden ▪ Prior to founding ForeScout, Dror served in a variety of roles at various
as more devices come online within the their use of FSCT’s solution across wired organizations, including Nortel
enterprise networks (on-premise), wireless networks ▪ Dror earned a bachelor’s degree in Mathematics from Tel Aviv University
▪ Product revenue is directly tied to the number of (remote and visitor devices), data centers, Julie Cullivan, CIO and Senior Vice President, Business Operations
licensed devices managed. As of June 30, 2017, branch offices, geographies, and public cloud ▪ Julie has extensive operational and technical leadership experience, having held
FSCT sold products with licenses covering over environments prior roles at FireEye, Autodesk, McAfee and Oracle
42 million devices
Grow Global End-Customer Base Increase Sales Of Extended Module
▪ Invested in sales organization to drive new end- ▪ Strong demand for FSCT’s third-party product
Directors
Board of
customer adoption and to introduce our products integrations, or Extended Modules
to new markets ▪ Continue to productize these integrations and
▪ These investments will allow FSCT to pursue new leverage joint go-to-market efforts with channel Theresia Gouw David DeWalt James Beer Hezy Yeshurun T. Kent Elliot
large enterprise opportunities locally & globally partners
Note: Fiscal Year Ends December.

4 53
IPO
April 7, 2017
Okta Was The 1st Cybersecurity IPO of 2017.
11,000,000 Shares Business Overview
Okta operates an integrated system that connects persons via devices. The company’s identity cloud connects various companies to pre-integrated apps and
devices every day. It offers single sign-on, mobility management, adaptive multi-factor authentication, lifecycle management, and universal directory products
for IT customers; and complete authentication, user management, flexible administration, API access management, and developer tools for developers.
Class A Common Stock
Secure Remote User Access Platform Integration Secure User Management Industry Services
$17.00 Per Share
▪ Implement strong authentication ▪ Integrate all business ▪ Deploy one user database and ▪ Industry specific solutions for
$187,000,000 policies to verify users and applications and technologies authentication system for any Healthcare, Government,
reduce security incidence threats into one entity set of connected applications Education, Energy, Financial
▪ Give employees secure access to ▪ Maintain security while ▪ Create one consolidated profile Services, Technology, and
needed tools while maintaining connecting with all parties that for each user, then analyze their Non-Profit Institutions
control of IT environment your company interacts with engagement

Headquarters San Francisco, California Exchange NASDAQ
$32.00 $31.28
Founded 2009 Current Price ($) $30.52 $30.19
Employees 898 52 W High / Low ($) $33.64 / $21.52 $30.00 $29.80
Ticker OKTA $27.31 $28.46
Market Cap (USD $M) $3,110.7 $28.00
Listing Date April 07, 2017 Total Debt ($M) $0.0 $27.00
$26.00 $26.58
Shares Offered 11,000,000 $26.31 $25.61
Enterprise Value ($M) $2,887.1
Offer Price $17.00 (Initial range was $13.00 - $15.00) LTM Revenue ($M) $231.1 $24.00
Amount Raised $187,000,000 (Net Proceeds: $173,910,000) LTM EBITDA ($M) ($105.1) $22.00 $23.51
Directors & Executive Officers owns 51.1% of EV / LTM Revenue 12.5x $22.19
Ownership
outstanding shares and have 61.8% of voting $20.00
Structure EV / LTM EBITDA NM
power 4/7 5/12 6/16 7/21 8/25 9/29 11/3 12/8 1/12

Note: Valuation metrics and stock price performance as of January 25th, 2018. 3 55
Okta Was The 1st Cybersecurity IPO of 2017.

Revenue ($M) Adjusted EBITDA ($M) Todd McKinnon, Chief Executive Officer and Co-Founder
$200
▪ Prior to Okta, he served as the Head of Engineering at
$160.3 FY 15 FY 16 FY 17 Salesforce.com and worked for nearly a decade in various
$150
$0 engineering and leadership roles at PeopleSoft
($20)
$100
$85.9 J. Frederic Kerrest, COO & Co-Founder
▪ He previously worked at Hummer Winblad Venture Partners and
$41.0 ($40)
$50 Salesforce.com
($60) ($49.3)
$0 ($63.0) ($61.2)
FY 15 FY 16 FY 17 ($80) Charles Race, President, Worldwide Field Operations
▪ He brings leadership experience from serving as EVP of
Growth Strategy Worldwide Field Operations at Informatica
Drive New Customer Growth Expand Integrations and Partner Ecosystem

Bill Losch, Chief Financial Officer
▪ Grow customer base with focus on key ▪ Continue current partnerships (e.g., AWS, ▪ Prior to Okta, he served as CFO at MobiTV, Inc. and Chief
verticals, including highly-regulated sectors Atlassian, Box, Google Cloud) while adding Accounting Officer at DreamWorks Animation and Yahoo!
such as financial services, government and new integration partners (5k integrations with
healthcare (880 net new customers in FY17) cloud, mobile & web apps currently)
Jonathan Runyan, General Counsel
▪ Expand international footprint (13% of ▪ Expand indirect sales network to leverage sales ▪ Prior to Okta, Jonathan served as a Partner & Associate at
revenue outside of U.S. in FY17) efforts of additional ISVs and channel partners Goodwin Procter LLP
Deepen Existing Client Relationships Advance Platform With New Products

▪ Increase revenue from existing customers by ▪ Continue to make significant investments in
Directors
cross-selling and upselling additional products research and development, hiring top talent,
Board of
▪ Focus on current customers that limit use cases to and maintaining an agile organization
internal identity management and further their ▪ Address new use cases and offer increasing Ben Horowitz Patrick Grady Michelle Wilson Michael Stankey Michael Kourey
use of Okta platform for external use cases value to existing and potential customers
General Partner Partner Board of Director Vice Chairman CFO
Note: Fiscal Year Ends January.
4 56
IV. M&A Activity In
Cybersecurity
IV. M&A Activity In Cybersecurity
Section Contents.
i. Cybersecurity M&A Activity | 2010-2017 59
ii. Closer Look at Recent Cybersecurity Exits | Part 1 60
iii. Closer Look at Recent Cybersecurity Exits | Part 2 61
iv. Cybersecurity M&A: A Closer Look At Deal Value & Multiples 62
v. Notable Cybersecurity M&A Transactions | 2016 to 2017 (Disclosed Values) 63
vi. Backup Data: M&A Transaction Disclosed Deal Values | 2016 to 2017 64-69
vii. Notable Cybersecurity M&A Transactions | 2016 to 2017 (Undisclosed Values) 70
viii. Backup Data: M&A Transaction Undisclosed Deal Values | 2016 to 2017 71-81
58
Cybersecurity M&A Activity | 2010-2017
Cybersecurity Company M&A Transactions of $94.5 Billion Across 1,043 Deals Since 2010.
Annual M&A Deals And Volume Quarterly M&A Deals And Volume
($B) (2010 – 2017) ($M) (Q1 2010 – Q4 2017)
$25.0 200 53 $11,985
177 178
$21.0 180 46
$20.4 45 44
$20.0 160 47 46 42
39 38
158 $9,081 39
140 34 45
34 35
135 32 $7,747
29 30 36 32
$15.0 120
$12.6 26 26 27 27 $6,349
113 $12.5 25 $6,305
$11.5 100 23 22 22 29
105
20 $4,845
$10.0 90 $8.6 80 18 17 $4,385 $4,544
87 $4,397
15 $3,881
60 $2,960
$3,334
$2,910
$12.1 $11.1
$2,660 $2,260 $2,675
$5.0 $4.0 $4.3 $11.2 40 $1,931
$8.6 $1,809 $1,483 $1,656
$7.7 $1,396
20 $1,047$818 $580 $887
$486 $748
$3.8 $264 $480
$2.3 $2.8 $252 $184 $158
$0.0 -
2010 2011 2012 2013 2014 2015 2016 2017
Q1'10
Q2'10
Q3'10
Q4'10
Q1'11
Q2'11
Q3'11
Q4'11
Q1'12
Q2'12
Q3'12
Q4'12
Q1'13
Q2'13
Q3'13
Q4'13
Q1'14
Q2'14
Q3'14
Q4'14
Q1'15
Q2'15
Q3'15
Q4'15
Q1'16
Q2'16
Q3'16
Q4'16
Q1'17
Q2'17
Q3'17
Q4'17
Private Co. Volume ($B) Public Co. Volume ($B) Number of Deals Volume ($M) Number of Deals
▪ Number of deals reached new heights in 2017 with ▪ Over the last eight quarters financial and strategic buyers have completed $41B in M&A transactions
178, just above the previous record of 177 in 2015 ▪ Q4’17 was the strongest quarter for transaction volume since Q3’13 totaling $12B; surpassed previous high of
▪ Public company acquisitions / divestitures surpassed $9B set in Q3’10
2016 figures with 15 deals completed (up 114%) at a ▪ Though transaction volume remained low earlier in the year, 2017 was a milestone year for M&A transactions
combined deal value of $12.7B (up 27%) with some of the biggest deals closing in the last quarter (e.g., Gemalto / Thales)
Note: Includes private and public company M&A transactions including acquisitions of public companies and divestures of assets / operations / business units from public companies. 59
Closer Look at Recent Cybersecurity “Exits” | Part 1
Breaking Down The Cybersecurity “Exits” In 2016 And 2017.
Time to Exit
4.4% Selected Companies
<2 Years
25.4% 2 to 5 years
40.5%
5 to 7 years
14.7%
15.1% 7 to 10 years
10+ years
Deal Value
Selected Companies
6.0%
$0-$25M
9.5% $25M-$50M
38.1% $50M-$100M
16.7%
$100M-$250M
14.3% $250M-$500M
15.5%
$500M+
Note: Excludes deals with undisclosed deal values (typically < $50M). Deals with undisclosed deal values account for 66% of total exits.
Note: “Exits” excludes targets that were previously acquired or listed on a public exchange. 60
Closer Look at Recent Cybersecurity “Exits” | Part 2
Breaking Down The Cybersecurity “Exits” In 2016 And 2017.
Last Round Prior to Exit

Selected Companies
Early Stage
25.0% 25.8%
Series A
24.2% Series B
25.0%
Series C+
Note: Excludes self-funded companies.
Total $ Raised Prior to Exit
Selected Companies
17.0% $1M-$10M
33.7% $10M-$20M
29.0% $20M-$50M
$50M+
21.0%
Note: Excludes companies that raised <$1M.

Note: “Exits” excludes targets that were previously acquired or listed on a public exchange. 61
Cybersecurity M&A: A Closer Look At Deal Value & Multiples
Cybersecurity M&A Activity Since 2010 With Disclosed Transaction Values And Multiples.
M&A By Deal Value M&A By Valuation Multiples (EV / LTM Rev)

68.0%
14.0% 37.6%
$50M-
100M 56
54.0%
23.1% 24.2%
70
$0M- 216 15.1%

$50M
16.5% 43 45
10.0%
28
66 5.5%
40
22
>$0M - $100M $100M - $300M $300M - $1B $1B+ >0.0x - 3.0x 3.0x - 5.0x 5.0x - 10x 10.0x+
▪ The average and median enterprise value for Cybersecurity transactions since 2010 ▪ Valuations for M&A Cybersecurity targets vary for many reasons – growth, market
was $229M and $42M, respectively leadership, customer validation, technology, team, and transaction dynamics
▪ M&A exits in Cybersecurity are typically below $100M 68.2% of the time ▪ Transactions >10x are a minority (15.1%) where the buyers are typically cash rich and
willing to pay what it takes (median cash balance of the buyers at time of acquisition
▪ Transactions > $1B are rare, representing 5.5% of all deals (13 public* and 9 private
was $1.1B and median market cap was $12.8B)
company transactions)
Note: *Includes acquisitions of public companies and divestures of assets / operations / business units from public companies. 62
Notable Cybersecurity M&A Transactions | 2016 to 2017
Cybersecurity M&A Transactions With Disclosed Transaction Values.
The Buyers The Sellers

(Networking Biz)
(Cyber Biz Unit)
(Email Fraud Protection)
(Cyber Solutions Biz)
Enterprise Value ($M) LTM Revenue ($M) EV / LTM Revenue

For Additional Information on Backup Data (Pages 64-69) Supporting Transaction
Mean $363.2 $218.4 6.3x
Data, Please Contact Momentum Cyber at almanac@momentumcyber.com
Median $54.7 $35.0 4.3x
63
Notable Cybersecurity M&A Transactions | 2016 to 2017
Cybersecurity M&A Transactions With Undisclosed Transaction Values.
The Buyers The Sellers
(SST Unit)
(AppGuard Biz) (IAM Biz)
(Business Div) (SSL Security)
(US Fed Gov’t Services)
(Secure Partnership Biz)
(Email Security Biz)
(Identity Biz)
(Web Security Biz)
(iDefense Security)
For Additional Information on Backup Data (Pages 71-81) Supporting Transaction Data, Please Contact Momentum Cyber at almanac@momentumcyber.com
70
V. Financing Activity
In Cybersecurity
V. Financing Activity In Cybersecurity
Section Contents.
i. Financing Activity Since 2010 84
ii. Cybersecurity Startups And Investors 85
iii. Cybersecurity Funding By The Numbers 86
iv. Notable Cybersecurity Financing Activity | 2016 to 2017 87-88
v. Backup Data: Cybersecurity Financing Activity | 2016 to 2017 89-105
83
Financing Activity Since 2010
Cybersecurity Startups Raised $20.7 Billion Across 1,626 Deals Since 2010.
Annual Investment Deals And Dollars Quarterly Investment Deals And Dollars
($B) (2010 – 2017) ($M) (Q1 2010 – Q4 2017)
$1,804
326
350 96
278 $1,531 $1,466
300
$5.1 $1,239 71 $1,238 80 $1,427
229
201 208 250
$4.5 $1,124 79
59 60 73 75
200 51 49 57 $949 $921 71
156 $3.8 47 49 $844 53 49 49
42 $818 59
120 40 66
108 150 35 33 36 $545 54 $653
$2.7 27 30 28 30 31 $510 $515 $513 $520
23 24 $500
100 $446 $427
$259 $264
$1.7 $212 $236 $219 $242$248 $269 $261
$1.2 50 $197 $141 $130
$0.8 $0.8
0
Q1'10
Q2'10
Q3'10
Q4'10
Q1'11
Q2'11
Q3'11
Q4'11
Q1'12
Q2'12
Q3'12
Q4'12
Q1'13
Q2'13
Q3'13
Q4'13
Q1'14
Q2'14
Q3'14
Q4'14
Q1'15
Q2'15
Q3'15
Q4'15
Q1'16
Q2'16
Q3'16
Q4'16
Q1'17
Q2'17
Q3'17
Q4'17
2010 2011 2012 2013 2014 2015 2016 2017
Investments ($B) Deals

Investments ($M) Deals
▪ 2017 reached record levels yet again, with $5.1B ▪ Over the last eight quarters investors have poured $9.6B into Cybersecurity
raised across 326 transactions ▪ After a slow start in Q1, Q4 closed out 2017 with funding totaling $1.5B across 79 transactions
▪ 2017 outpaced 2016 by $594M in funding volume ▪ 4Q17 ended strong with 24 deals ($654M raised) in September, 25 deals ($285M raised) in August, and 30
and 48 transactions deals ($528M raised) in December
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Capital IQ, CBInsights, and Pitchbook.
Note: Data for 2014 – 2017 includes only deals with amounts raised >$1M. 84
Cybersecurity Startups And Investors
List of Most Well-Funded Startups And Most Active VC Investors.
Top 15 Most Well-Funded Cybersecurity Startups ($M) Top 15 Most Active Investors in Cybersecurity*
$407
32 32
31
Confidentially 30
For Filed IPO
$331 27
26
$305 $301
$288 $281 $274 $268 22
20 20 20
$237 $236 19
17
$198 $198 $190 16
$187 $184
14
12
▪ The top most well-funded startups have raised $3.9B over their lifespan ▪ During 2017 NEA & Accel became the most active investors in Cybersecurity, having
▪ Tanium continues to top the list of most well-funded ahead of Lookout, having raised invested in 32 company rounds since 2010
$100M in 2017 & $212M in 2015, totaling over $400M since 2007 ▪ 4Q17 was an active quarter with Trident Capital Cybersecurity making 3 investments
while Accel Partners, Sequoia Capital, Intel Capital, and Battery Ventures made 2
▪ An additional 23 companies have raised between $100M and $180M for a total of $3.0B,
including Zscaler ($183M), Cloudflare ($182M), Cylance ($180M), Armor ($150M), investments each
Forgerock ($148M), Code42 ($138M), Pindrop Security ($133M), Bracket Computing
($132M), Silent Circle ($130M), Digital Guardian ($126M), Ionic Security ($123M),
LogRhythm ($122M), Duo Security ($130M), Bromium ($116M), and SentinelOne ($110M)
Note: *Total number of investments made in rounds with a minimum of $5 million raised. 85
Cybersecurity Funding By The Numbers
A Breakdown of Capital Raises By Stage in 2016 & 2017.
# of Deals By Stage Selected Companies By Stage

Growth 27.1% 10.2% 25.0% 10.3%
89 88
97 Early
75
70 68 Stage
50
40
2016
2017
Early Stage Series A Series B Series C+ Series A

2016 $2.2M $7.9M $15.2M $21.6M
Median
Deal Size
2017 $2.2M $7.0M $15.5M $27.5M
Capital Raised By Stage ($M)

Growth 79.9% (25.9%) 32.9% 15.8%
Series B
$2,903
$2,507
2016 $1,053
$781 $689 $916
2017 $169 $304 Series C+
Early Stage Series A Series B Series C+
Note: Includes investments of greater than of $1 million and excludes grants and straight debt/loan financings. Follow-on financings (e.g., A, A1) in same year combined to represent one deal for that stage. 86
Notable Cybersecurity Financing Activity | 2016 to 2017
Minority Investments >$10M.
$10M - $25M $25M - $50M $50M+
$100M+
For Additional Information on Backup Data (Pages 89-105) Supporting Transaction Data, Please Contact Total Amount Raised ($M) $8,085.0
Momentum Cyber at almanac@momentumcyber.com Median Amount Raised ($M) $20.0
87
Notable Cybersecurity Financing Activity | 2016 to 2017
Minority Investments >$10M.
$10M - $25M $25M - $50M $50M+
$100M+
For Additional Information on Backup Data (Pages 89-105) Supporting Transaction Stats, Please Contact
Momentum Cyber at almanac@momentumcyber.com
Note: Represents total size of funding rounds participated by each investor. 88
VI. Transaction
Profiles
VI. Transaction Profiles
Section Contents.
i. Selected Momentum M&A Transactions 108-118
ii. Highlighted M&A Transactions 119-159
iii. Highlighted Fundraising Activity 160-233
107
Selected Momentum
M&A Transactions
1
acquires acquires acquires
$60.0M Undisclosed Undisclosed
November 29, 2017 November 14, 2017 August 31, 2017

Proofpoint Acquires Weblife
Momentum Cyber Acted As The Exclusive Financial Advisor To Weblife.
Transaction Overview Other Notable Web Isolation Transactions

▪ On November 29, 2017, Proofpoint, Inc (“Proofpoint”) announced it acquired Weblife Balance
Inc. (“Weblife”) for a total consideration of $60M, representing a 17.1x multiple of invested capital Date: 07/06/17
▪ “In an era of constant connectivity and eroding boundaries between a professional and personal HQ: Tel Aviv, Israel
digital life, it is critical to have email protection that is both broad and deep. The acquisition of acquired
Weblife gives us greater ability to help protect our customers from today’s rapidly evolving
Founded: 2014
has been acquired by cyberattacks, as cybercriminals look for new ways to abuse email channels. We are thrilled to
welcome Weblife’s employees to the Proofpoint team.” – Gary Steele, CEO, Proofpoint
CEO: Guy Guzner
▪ “Organizations are having to confront the reality that employees will check their personal
webmail from the corporate network, and will also use their corporate devices to check their $225 Million
webmail at home after work, on the road, and everywhere in between. By combining Proofpoint’s
advanced threat detection capabilities with our unique browser isolation solution, enterprises can Date: 05/09/16
now secure both corporate and personal email from advanced threats and compliance risks.”
– David Melnick, CEO, Weblife HQ: Los Gatos California
for total consideration of acquired
Transaction Significance
Founded: 2012
▪ By combining Weblife’s web-isolation technology with Proofpoint’s industry leading threat
$60M detection and intelligence, companies can now secure both corporate and personal email from
CEO: Branden Spikes
advanced threats and compliance risks
Momentum Cyber acted as exclusive - Unique combination of web-isolation and advanced threat detection delivers Undisclosed
financial advisor to Weblife comprehensive protection from both malware and credential stealing phishing links
▪ The integrated solution will become part of Proofpoint’s Targeted Attack Protection advanced Other Primary Competitors
threat solution suite, and will be available in the first half of 2018
Company Headquarters Amount Raised
Momentum’s Role
Mountain View, CA $14.2M
▪ Momentum Cyber acted as exclusive Financial Advisor to Weblife
November 29, 2017 ▪ This transaction demonstrates Momentum's continued success in advising innovative, next-
Baltimore, MD Undisclosed
generation Cybersecurity companies and further establishes the firm's leadership position as the
Menlo Park, CA $35.5M
‘go to’ advisor exclusively focused on Cybersecurity
110
Proofpoint Acquires Weblife (Continued)
Secure, Empower, And Simplify Employee Web Access.
Company Profile Product Overview
Weblife fundamentally changes how organizations approach employee Internet Weblife secures, empowers, and simplifies employee Internet use with a complete cloud-based service to isolate and
usage simply by providing a separate, private, and secure space for employees secure web use providing employees greater freedom and anonymity to conduct personal and high-risk web browsing
to conduct personal web browsing. Current employee web-use policies don't ONLY SAFE CONTENTS HIGH RISK CONTENTS
(HTML-CSS) (.JS, .EXE, ETC.)
address the fact that employees will continue to spend some portion of their
How It
Description time on personal web browsing. Weblife acknowledges this reality and brings Works
employees back into policy compliance by securely separating personal and SECURE CONNECTION ANONYMOUS
Browser (HTTPS) Weblife Service WEBSITE TRAFFIC Public Internet
business web activity. By doing so, this program provides an additional benefit
to employees, improves a company’s security posture, reduces its liability, and
Weblife Solutions
enhances its compliance with global privacy obligations.
Web Isolation Webmail GDPR Compliance Clandestine Browsing
Management Empowers IT, Security, and

Separate trusted business activity Grant all employees web mail Ensure your security monitoring of
Investigative teams to safely &
from untrusted personal use to access without compromising employee internet use complies
David Melnick Adrian Roston Kenny Lee Michael Jones anonymously research &
CEO CTO CPO Product Manager manage and reduce risk security posture with EU GDPR requirements
investigate without increased risk
Founded 2013
HQ
Los Angeles, California / Woking, United Kingdom
Isolation Is Critical
(US & EMEA)
Amount announces Weblife’sRemoteBrowseras #2 of Distribution By Type Of Attack On Enterprise Users
$3.5M from
Raised
Top 10 Security technologies for 2017
Value Proposition Adobe Flash Player, 5%
▪ By 2021, 20% of enterprises will adopt a remote browser solution to isolate Adobe Reader, 7%
SECURE WEB EMPOWER SIMPLIFY Browsers, 58%
internet browsing from enterprise systems, up from less than 1% in 2016 Android, 7%
USE EMPLOYEES GOVERNANCE
▪ By 2021, 50% of enterprises will actively isolate internet browsing activities Java, 11%
Secure web use by Simplify IT governance,
Empower IT and to reduce the impact of attacks, up from less than 5% in 2016
isolating DLP and compliance and
employees with greater
malware threats in the control of employee ▪ Through 2021, organizations that isolate internet browsing will experience a Office, 12%
web use freedom
cloud web access 70% reduction in attacks compromising end-user systems
Source: Company Website and Pitchbook.
111
Proofpoint Acquires Weblife (Continued)
Acquisition Extends Proofpoint’s Protection Capabilities to Enterprise Users’ Personal Webmail.
Company Profile Product Overview
Proofpoint Inc. (NASDAQ:PFPT) is a leading next-generation security and Proofpoint’s Technology Platform
compliance company that provides cloud-based solutions to protect the way
The Proofpoint Nexus™ security and compliance platform blends security
people work today. Proofpoint solutions enable organizations to protect their
Description research, technology and threat data to protect every stage of the attack
users from advanced attacks delivered via email, social media and mobile apps, lifecycle. This modern, cloud-based graph database architecture drives the
protect the information their users create from advanced attacks and compliance effectiveness of Proofpoint’s products and powers Proofpoint’s ecosystem
of partners and integrations. Nexus extracts and correlates intelligence
risks, and respond quickly when incidents occur. across email, social media, mobile, and SaaS applications — learning from
each new attack to stay ahead of evolving threats
Advanced Threat Protection Information Protection Archiving & Compliance Email Protection
Leadership
Targeted Attach Protection Email Data Loss Prevention Enterprise Archive Email Protection
Gary Steele Paul Auvil Marcel DePaolis Manish Sarin David Knight
CEO CFO CTO EVP, Corp Dev EVP/GM Small & Medium Business
Threat Response Email Encryption E-Discovery and Analytics
Threat Systems Essentials
Founded 2002
ET Intelligence SaaS Protection Intelligent Supervision Email Fraud Defense
HQ Sunnyvale, California
Employees 1,800+ Mobile Defense Data Discover Social Media Compliance Sendmail Sentrion
Trading Profile Proofpoint Acquisition History Since 2013

Summary Financials LTM Stock Performance Date Announced Target Amt ($M) Date Announced Target Amt ($M)
Exchange NASDAQ $100.00
$96.11 $92.45 Nov 7, 2017 $110.0 Oct 23, 2014 $33.7
Stock Price ($) $92.45 $95.00 $92.42
$90.00 Oct 20, 2016 55.0 May 20, 2014 24.0
52 W High / Low ($) $97.92 / $69.19
12 Month Target $105.81 $85.00 $81.52 Oct 1, 2013 23.0
$84.47 Aug 24, 2016 18.0
$80.00
Market Cap ($M) $4,116.7
Nov 3, 2015 9.0 Aug 9, 2013 24.2
$75.00
Enterprise Value ($M) $4,038.3
$70.00 $71.00 Aug 5, 2015 8.5 Jul 25, 2013 2.5
EV / LTM Revenue 8.5x $69.41 (Certain Assets)
$65.00
EV / 2018E Revenue 6.1x Mar 2, 2015 32.3 Apr 9, 2013 4.4
Nov-16 Jan-17 Mar-17 May-17 Jul-17 Sep-17 Nov-17
Source: Company Website, Capital IQ and Pitchbook. Public Market Data as of November 28, 2017.
112
ADT Acquires DATASHIELD
Momentum Cyber Acted As The Exclusive Financial Advisor To DATASHIELD & Strategic Cybersecurity Advisor To ADT.
Transaction Overview Other Notable MSSP Transactions

▪ On November 14, 2017, The ADT Corporation (“ADT”) announced it has acquired
Date: 10/20/17
DATASHIELD, LLC (“DATASHIELD”)
▪ DATASHIELD was founded in 2009 and is the premier Managed Detection & Response (MDR) HQ: Cincinnati, Ohio
provider offering the next-generation of managed security services for Mid-Market and
has acquired
Enterprise businesses
Founded: 2015
- DATASHIELD is the only MDR Provider to provide full packet capture and inspection
beyond headers and metadata behind the firewall CEO: Brian Minick
has acquired - DATASHIELD’s SHIELDVision™ is a unified platform for organizing, managing and
collecting cyber intelligence in real-time as well as automating security analyst workflows to Undisclosed
close the gap between cyberattack and breach detection time and remediation for
customers Date: 08/21/2017
Transaction Significance HQ: Cambridge, Ontario

▪ ADT launches “ADT Cybersecurity” with the newly combined entity utilizing DATASHIELD’s has acquired a majority stake in
cutting-edge SHIELDVision™platform and deep security industry expertise to create an Founded: 2011
Momentum Cyber acted as exclusive financial
unmatched real-time Cyber detection and response solution
advisor to DATASHIELD & is serving
CEO: J.Paul Haynes
as ADT’s strategic cybersecurity advisor ▪ MDR is a Top 10 Cybersecurity technology for 2017 according to Gartner
▪ Data breaches are on the rise and increasingly more damaging to companies and individuals – ~$150 Million
MDR reduces time to detection from months to minutes
Momentum’s Role Date: 04/28/2017
▪ Momentum Cyber acted as exclusive Financial Advisor to DATASHIELD and is serving as ADT’s
HQ: Zurich, Switzerland
Strategic Cybersecurity Advisor
has acquired
▪ Momentum Cyber identified MDR as a strategic category to leverage ADT’s security footprint Founded: 1990
and sourced DATASHIELD as a proprietary target
November 14, 2017 ▪ This transaction demonstrates Momentum's continued success in advising innovative, next- CEO: Martin Bosshardt
generation Cybersecurity companies and further establishes the firm's leadership position as the
‘go to’ advisor exclusively focused on Cybersecurity Undisclosed
* Transaction Values were not disclosed at the time of announcement.

113
ADT Acquires DATASHIELD (Continued)
Premier MDR Provider Offering The Next-Generation of Managed Security Services To Mid-Market & Enterprise.
Company Overview Product Overview

DATASHIELD is a leading provider of managed detection & response security services, DATASHIELD is the only MDR Provider to provide full packet capture and inspection beyond
combining cutting-edge technology with deep industry expertise to build threat-driven security headers and metadata behind the firewall (i.e., full session reconstruction)
operations. DATASHIELD offers fully-managed security and critical incident response services
Description to its customers through an Advanced Security Operations Center (“ASOC”). DATASHIELD SHIELDVisionTM integrates and analyses Indicators of Compromise (IoC) from diverse intelligence feeds, and
provides these capabilities to both Mid-Market and Enterprise-level companies to help deploys automated responses, queries and scans. The result is superior customer value:
accelerate the detection, investigation, remediation and management of security incidents and ▪ Fewer false positives  Efficiency for the client DATASHIELD Appliance
vulnerabilities. ▪ Full threat analysis  Trace, forensics, and long term remediation
▪ Change recommendations  Continuous network improvement
▪ IoC automation and response  Faster reaction to threats
Leadership ASOC Network Visibility Cyber Analytics Threat Intelligence Incident Response Compliance
Michael Malone Joel Menk Maria Mastakas Eldon Jenkins Ben Johnson
Co-Founder & CEO Co-Founder & COO EVP Sales CTO Chief Security
Architect
Founded 2009 DATASHIELD Security Appliance™ with DATASHIELD Managed Detection and Response™
Locations Scottsdale, AZ (HQ, ASOC) & Salt Lake City, UT Built specifically to combat overwhelming resource and budget constraints that prevent companies
from establishing suitable cyber security programs for their businesses
ASOC vs. SOC: Proactive & Intelligence Driven Security
While most conventional security solutions provide REAL-TIME Threat Detection Leveraging
limited visibility and prevention capability, the People, Process & Technology
DATASHIELD Appliance is equipped with:
DATASHIELD
Threat Incident Automated Threat Knowledge Incident Appliance
Reporting
Monitoring Analysis Intelligence Management Response
Software
Full Packet Capture Log Analysis ASOC/Human

Intelligence Empowered Meaningful Knowledge Intelligence
Countermeasure
Analysis Training Autonomy Metrics Management Capabilities
Analyst Infusion & Exercise- Provide Oversight to Operationalize Measure Effectiveness & Effort Improve Depth of Analysis & Increased Effectiveness of Countermeasures
Based Learning Cyber Kill Chain Solutions Collaboration Across Sites Through Knowledge Management
Activity Incident Reporting Incident

Monitoring Analysis Response Endpoint Detection Proprietary Software
Source: Company Website, Pitchbook, and Capital IQ.

114
ADT Acquires DATASHIELD (Continued)
ADT Launches “ADT Cybersecurity” For Commercial Business Customers With Acquisition of DATASHIELD.
Company Overview Home Security, Business, & Automation System Features
The ADT Corporation provides monitored security, interactive home and business automation, and related
Your Business Security, Monitored 24/7
monitoring services, whose offerings include the installation and monitoring of residential and business security,
and premises automation systems designed to detect intrusion, control access and react to movement, smoke,
VIDEO SURVEILLANCE BURGLARY MONITORING
carbon monoxide, flooding, temperature, and other environmental conditions and hazards, as well as to
Description ADT video surveillance gives you windows into the activity in Monitoring window, door & motion sensors 24/7 allows us to
address personal emergencies. It also provides various alternate and back-up alarm transmission methods &
and around your business, even when you’re not there respond to events immediately & help secure your business
monitoring center supported personal emergency response system products and services. The company offers
its products primarily under the brand ADT and ADT Pulse to residential customers as well as small & medium ACCESS CONTROL FIRE ALARM MONITORING
sized businesses. Protection 1 & ADT operate under the ADT Brand, backed by Apollo Global Management.
Control who enters your facilities, and keep unauthorized Provides round-the-clock fire alarm monitoring that will alert
people out of sensitive areas both you and the fire department at the first sign of trouble
SMART SECURITY CUSTOM SETTINGS

Leadership Turn your mobile device into a business security system Manage your business singlehandedly.
remote control allowing access from virtually anywhere Create modes that coordinate lights, climate control & more
Timothy Whall Jim DeVries Dan Bresingham Jamie Haenggi Donald Young Jay Darfler
CEO President Chief Administrative Chief Sales & CIO SVP, Secured
Officer Marketing Officer by ADT Key Metrics
Founded 1874
HQ Boca Raton, FL (ADT); Romeoville, IL (Protection One)

OVER 140 YEARS 8 MILLION 15 MILLION 6 MONITORING CENTERS MORE THAN 200
Employees 17,000+ in the security total customers alarm signals ensuring 24/7 home branch locations. The
business & growing answered each year security response largest in the industry
ADT Transaction History
ADT Cybersecurity – Acquisition of DATASHIELD
Apollo Acquired Protection 1 & ASG Security Protection 1 Acquired ADT
“Our goal is to provide ADT customers with the most comprehensive security solution to protect their
business, and in today’s world, this not only means their physical premise, but also their network. For more
Date Target Acquirer TV Date 02/14/17
than 143 years, ADT has been monitoring physical properties, and DATASHIELD will now allow us to extend
Transaction that same level of security monitoring to the digital world. Michael and his team will infuse cybersecurity DNA
05/18/15 $1.5B $6.9B into our core business, allowing us to provide an offering that will distinguish our brand as the premiere
Value
acquired resource for end-to-end security.” — Timothy Whall, CEO, ADT
EV/Revenue 3.5x
“This is a landmark opportunity to combine the brand and reach of ADT, with the technology and innovation
05/18/15 $500M of DATASHIELD to establish the new standard in the most comprehensive digital protection for Mid-Market
EV/EBITDA 6.8x and Enterprise businesses.” — Michael Malone, CEO, DATASHIELD

115
Juniper Networks Acquires Cyphort
Momentum Cyber Advises Cyphort On Its Acquisition By Juniper Networks.
Transaction Overview Recent Cybersecurity AI-Driven & Analytics M&A

▪ On August 31, 2017, Cyphort, Inc. (“Cyphort”) announced it had entered into a definitive
Date Target Acquirer TV ($M)
agreement to be acquired by Juniper Networks (“Juniper”)
▪ The acquisition is subject to customary closing conditions and expected to close by the end
of September 08/31/17 NA*
▪ Headquartered in Santa Clara, CA, Cyphort was founded in 2011 and provides a Security
Analytics and Mitigation Platform for Advanced Threat Defense
Has Been Acquired By
− Cyphort is the only comprehensive Advanced Threat Protection platform, for on-
prem and cloud across Web, Email, Lateral Spread, File & CASB upload 08/28/17 NA*
− Cyphort’s machine learning and behavioral analytics target the SIEM “gap” by
combining detection and analytics on raw data and ingested 3rd party sources
− Investors included Sapphire Ventures, Foundation Capital, Matrix Partners, Trinity
Ventures, Zouk Capital and Dell Technologies Capital 06/08/17 100.0
Transaction Significance
Exclusive Strategic & ▪ Acquisition strengthens Juniper’s leadership position in the next-gen firewall market and is
Financial Advisor To Cyphort a critical addition to Juniper’s Software-Defined Secure Network vision 02/28/17 105.0
▪ Cyphort will integrate into Juniper’s Sky ATP platform to provide customers with improved
performance, an increased range of supported file types and additional threat detection
capabilities
▪ Cyphort marks Juniper’s return to Cybersecurity M&A after an over 4 year absence 02/08/17 120.0
Momentum’s Role
▪ Momentum Cyber served as exclusive strategic and financial advisor to Cyphort
August 31, 2017 ▪ This transaction demonstrates Momentum's continued success advising innovative, next- 02/01/17 40.0
generation Cybersecurity companies and furthers the firm's leadership position as the ‘go-
to’ advisor exclusively focused on Cybersecurity
* Transaction Values were not disclosed at the time of announcement.

116
Advanced Threat Detection + Advanced Threat Analytics + One-Touch Threat Mitigation.

Cyphort protects enterprises with its innovative Adaptive Detection Fabric (ADF), a scalable, Cyphort’s Anti-SIEM helps security teams regain visibility and control, accelerate incident
distributed platform that combines advanced threat defense with integrated security analytics
response, and ensure a stronger security posture for the organization.
and simplified mitigation features. Cyphort provides a single view across perimeter and laterally
Description moving threats, correlates relevant data from existing security tools, and then provides security
analysts with a consolidated, timeline view of critical security incidents. Cyphort leverages the Advanced Threat Advanced One-Touch
power of machine learning and its open API architecture allows it to address customers’ security Detection Threat Analytics Threat Mitigation
gaps, improve incident response operations, and accelerate threat resolution.
Cyphort’s Adaptive Detection Fabric

Cyphort’s advanced threat detection One click can update policies in
continuously examines web, email,
technology pinpoints the alerts based firewalls, IPS, & SWGs so similar
& lateral spread traffic using machine
Leadership on importance & sets up a process to threats are blocked immediately in
learning & behavioral analysis to find
identify the infected user. the future.
threats that bypass other tools.
Manoj Leelanivas Frank Jas Steve Morgan Gururaj Singh Franklyn Jones
President & CEO CTO CFO VP, Engineering CMO
Improving The Productivity Of Security Analysts Deliver Stronger Security And Protection
The Anti-SIEM
Importance of
Founded 2011 And Incident Responders Against Advanced Cyber Attacks
HQ Santa Clara, CA (HQ), Bangalore ▪ Quality of actionable info can eliminate hours of
2014 Leader in Forrester Wave™
▪ Cyphort’s ability to find the advanced threats that
Amt Raised $53.7M Automated Malware Analysis
manual work & accelerate the incident response others miss, then link related events to that threat, helps
▪ Productivity gains can eliminate the need to hire security teams not only improve productivity, but also
their security posture
The Quilt Security Ecosystem Business Overview additional staff & improve retention of staff
Cyphort's open API enables it to weave together with other enterprise

security vendors to form an incredibly strong security architecture
Flexible Deployment Options Funding Summary: $53.7M
Date Stage Amount Raised ($M) Selected Investors
June 2015 Series C $30.0
CASB Network Access Control SIEM Intrusion Prevention Systems
Cloud Virtual Low-Cost
Machine Hardware October 2013 Series B $15.5
Firewall Secure Web Gateway Endpoint

April 2012 Series A $7.0
F50-F2000 1M+ Endpoints
Customer Base Protected
March 2011 Seed $1.2

117
Cyphort Is A Critical Addition To Juniper’s Software-Defined Secure Network Vision & Will Integrate Into Juniper’s Sky ATP Platform.
Company Overview Security Overview

Juniper Networks designs, develops, and sells network products and services worldwide. The SRX Series Firewalls Sky Advanced Threat Prevention (ATP)
company offers various routing products & switching products. In addition, the company offers
High-performance security with advanced threat intelligence, Cloud based service that provides advanced
security products including firewall capabilities, cloud-based services for static and dynamic
delivered on the industry's most scalable & resilient platform. malware protection.
analysis, & threat intelligence that aggregates threat feeds from various sources. Further, it offers
Description Junos Space Security Director Spotlight Secure Threat Platform
a network operating system & platform for creating network management applications. Juniper
Networks also provides technical support and professional services, as well as education and Next-Generation Firewall Services Secure Analytics
training programs. It sells its products through direct sales, distributors, VARs, and original
equipment manufacturer partners to end-users in the service provider and enterprise markets.
Juniper Identity Management Service Contrail Security
Sky Advanced Threat Prevention
Sky ATP provides an extra layer of protection, extending defense beyond traditional security solutions by
detecting never-before-seen malware attachments and stopping them.
Leadership
Cloud-Based Analysis Email Analysis & Remediation
Features
Rami Rahim Pradeep Sindu Kevin Hutchins Ken Miller Bob Worrall
CEO Founder, CTO & SVP, Strategy & EVP, CFO SVP, CIO Instant Identification of Malware Quarantine of Systems
Chief Scientist Product Line Mgmt.
Threat Intelligence Spotlight Secure Integration
Founded 1996
HQ Sunnyvale, California Rich Reporting & Analytics Command-and-Control Data
Employees 9,500+ Track Record In Security

Summary Financials LTM Stock Performance “…in the domain of security, I think any sort of inorganic activity that we would contemplate or explore would
be more around the new modes of security...around enabling customers to migrate to public cloud or to hybrid
Share Price ($) $27.68 $33.00 cloud offerings without compromising their data, their users, their workloads. I think there's quite a bit of
$30.49 innovation right now in the industry in that domain” – Rami Rahim (CEO), 2Q17 Earnings Call
Mkt. Cap ($M) $10,526.9 $31.00
$29.46
EV ($M) $9,516.7 $28.61 Security Acquisitions (Since 2010)
$29.00 $28.18
$27.64
Date Target TV Date Target TV
LTM Revenue ($M) $5,200.8 $27.00 $26.34
$24.57 $26.45 08/31/17 NA 12/06/10 $100M
Cash ($M) $3,145.2 $25.00
EV / LTM Revenue 1.8x $23.00 02/01/13 $11M 07/27/10 $69M

$22.43
$21.00
EV / LTM EBITDA 7.9x Sep-16Oct-16 Nov- Dec- Jan-17 Feb-17 Mar- Apr-17 May- Jun-17 Jul-17 Aug-17
02/22/12 $83M
16 16 17 17
Source: Company Website, Pitchbook, and Capital IQ. Public Market Data as of September 1, 2017
118
Highlighted M&A
Transactions
acquires acquires acquires acquires acquires acquires acquires acquires
Dec. ’17 | $6.9B Dec. ’17 Nov. ’17 | $1.4B Nov. ’17 Nov. ’17 | $119M Nov. ’17 | $110M Nov. ’17 | $548M Oct. ’17 | ~$400M
Oct. ’17 | $1.3B Oct. ’17 Oct. ’17 | $266M Sept. ’17 Sept. ’17 Sept. ’17 | $350M Aug. ’17 | $225M Aug. ’17 | $60M

CYBER DEFENSE GLOBAL
Aug. ’17 | ~$150M Aug. ’17 Aug. ’17 Aug. ’17 | $950M Jul. ’17 | $50M Jul. ’17 Jul. ’17 Jul. ’17 | $200M

open
systems
Jul. ’17 | $225M Jun. ’17 Jun. ’17 | $100M May ’17 | $42M Apr. ’17 Apr. ’17 | $215M Mar. ’17 | $614M Mar. ’17 | $325M
StackPath
U.S. Federal Gov’t iDefense Security

Services Business Intelligence Services
Business
Feb. ’17 | $105M Feb. ’17 Feb. ’17 | $120M Feb. ’17 Jan. ’17 | $1.6M Jan. ’17 | $50M Jan. ’17 | $20M Jan. ’17 | $1.2B
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Capital IQ, 451 Research & Pitchbook. Note: Palo Alto Networks / Light Cyber Deal Highlighted on Page 28.
Thales Group Acquires Gemalto
Acquisition Assists in Extending Thales’s Overall Capacity for Digital Identity and Data Security Technology.
Transaction Overview Gemalto Overview and Synergy Outlook

Delivers easy to use payment and enterprise security technologies and services to business and governments by
Date: 12/17/2017 authenticating identities and protecting data so that these entities stay safe and enable services in personal devices,
acquires connected objects, and the cloud in the scope of the internet of things.
Amsterdam,
HQ:
The Netherlands
Powering and Securing the Complete Critical Digital Decision Chain
Critical Decision Sensing and Data Transmission Data Processing and

acquires Founded: 2006 Chain Data Gathering and Storage Decision Making
Application Application
CEO: Olivier Piou Computing / Network & Connectivity
Sensors Connectivity Gateway Platform
& Big Data / & Analytics /
Critical Digital AI Platform AI
Decision Chain
TEV / LTM Rev: 1.8x
End-Point Protection Network Cloud and Data Protection

Example: IoT
Identity & Access Management $6.9 Billion Cyber-Security
Thales Group Acquisition History Transaction Commentary

Date Company Amount ($M) Date Company Amount ($M) ▪ “Together with Gemalto’s management, we have big ambitions based on a shared vision of the digital
transformation of our industries and customers. Our project will be beneficial to innovation and employment,
04/29/17 $215 02/21/13 NA whilst respecting sovereign strategic technologies. We have a tremendous respect for Gemalto’s technological
achievements, and our two Groups share the same culture and DNA.” — Patrice Caine, Chairman and Chief
Executive Officer, Thales Group
10/21/16 NA 02/21/13 NA
▪ “I am convinced that the combination with Thales is the best and the most promising option for Gemalto and the
most positive outcome for our Company, employees, clients, shareholders and other stakeholders. We share the
03/17/14 NA 12/18/08 NA same values and Gemalto will be able to pursue its strategy, accelerate its development and deliver its digital
security vision, as part of Thales.”— Philippe Vallée, Chief Executive Officer, Gemalto
Source: Company Press Release and Website, Pitchbook, 451 Research, and Capital IQ.
121
Blackstone Acquires Majority Stake In TITUS
Blackstone Will Help TITUS Expands Its Geographical Reach & Accelerate Its Innovation Strategy.
Transaction Overview Overview

Provides solutions that enable clients to discover, classify, protect and confidently share information, and meet regulatory
Date: 12/07/2017 compliance requirements by identifying and securing unstructured data. Also provides products that enhance DLP by
acquires classifying and protecting sensitive information in emails, documents, and other file types on any device
Enterprise Information Protection Industry Awards and Recognition

HQ: Ottawa, Canada
acquires Data Classification: From automated classification to user-driven
classification, TITUS Classification provides advanced and
Founded: 2005 flexible solutions to meet business needs
Discover: Comprehensive search function to find data where it Most Valuable 5-star Review And
resides including the network, Office 365, and cloud file shares Partner 2014 Recommended Product
CEO: Tim Upton (including OneDrive, SharePoint Online, Box, and Dropbox)
Mobile Data Security: Email classification and document security

solution for mobile devices that enables users to identify email
Data Security sensitivity, protect documents, and enforce sharing policies
One of the Fastest Growing
Canadian Companies
Cool Vendor in
User and Data Security
Customers Transaction Commentary

▪ “We are excited to combine Blackstone’s flexible capital and experience with TITUS market-leading solutions to
continue to transform data-centric security. With data breaches at an all-time high, each day brings another
example of the importance of protecting information.” — Viral Patel, Managing Director, Blackstone Tactical
Opportunities
▪ “Partnering with Blackstone will allow us to expand our geographic reach and to accelerate our innovation
strategy with the backing of one of the world’s leading investment firms.” — Tim Upton, CEO and co-founder
of TITUS
122
Thoma Bravo Acquires Barracuda Networks
Acquisition By Thoma Bravo Will Accelerate Growth of Industry-Leading Security Platform.
Transaction Overview Barracuda Networks Overview

Barracuda Networks offers cloud-enabled solutions that enable customers to address security threats, enhance
Date: 11/27/2017 network performance, and protect and store their data
Products The Barracuda Difference

HQ: Campbell, CA
Single Source: One vendor for security, storage, application delivery solutions and support
frees your resources
acquires Founded: 2003 Network +
Application Security Unmatched Flexibility: Purpose-built hardware, efficient virtual appliances and convenient
cloud services let you deploy IT your way
CEO: BJ Jenkins Rapid Deployment: Renowned ease-of-use makes Barracuda products and services fast to
Email Security and set up and simple to manage
Archiving
TEV / LTM Rev: 3.8x No Hidden Fees: Simple, competitive pricing makes Barracuda products affordable with
no extraneous or unexpected costs
Network Security $1.4 Billion Data Protection

Human Support: Award-winning support available to customers 24x7
Barracuda (NYSE:CUDA) Price Performance Transaction Commentary

$30 ($ USD price per share) Deal Announced ▪ "We believe the proposed transaction offers an opportunity for us to accelerate our growth with our industry-
(November 27, 2017) $27.59 leading security platform that's purpose-built for highly distributed, diverse cloud and hybrid environments. We
$28
will continue Barracuda's tradition of delivering easy-to-use, full-featured solutions that can be deployed in the
$26 way that makes sense for our customers.” -BJ Jenkins, CEO, Barracuda
$24 ▪ "Barracuda is a proven industry leader, consistently bringing powerful, comprehensive solutions to customers in
$22 an increasingly prevalent, hostile, and complex threat environment. We believe that Barracuda is at the
forefront of innovation in several highly strategic areas of the cybersecurity market and are excited to be the
$20
company's partner in the next phase of its growth.” -Seth Boro, Managing Partner, Thoma Bravo
Jun-17 Jul-17 Aug-17 Sep-17 Oct-17 Nov-17 Dec-17
123
McAfee Acquires Skyhigh Networks
McAfee’s Acquisition Of Skyhigh Networks Will Enhance & Boost Its Cloud Security Business.
Transaction Overview Skyhigh Networks Overview

Skyhigh Networks provides risk analysis SaaS for endpoint and cloud-based applications used by businesses to determine security
Date: 11/27/2017 threats. Platform helps businesses discover the services employees are using, analyze risk, and enforce security policies
Data Security For The Cloud Era Key Platform Features

HQ: Campbell, CA Identify: Enables complete visibility into data,
context, and user behavior across all cloud
services, users, and devices
acquires Founded: 2011
Control: Corrects policy violations and stops Unified Pre-Built Privacy User Behavior
Policy Engine Policy Templates Guard Analytics
security threats in real-time action deep within
cloud services
Total Raised: $106.5M
Protect: Applies persistent protection to
sensitive information / data wherever it goes
Policy Creation Cloud AI-Driven Guided
CEO: Rajit Gupta inside or outside the cloud Wizard Registry Activity Mapper Learning
Cloud Security Customers
Skyhigh Networks Funding Snapshot Transaction Commentary

Date Stage Amount Raised ($M) Investors ▪ “Skyhigh is an ideal complement to McAfee’s strategy—one focused on building and optimizing mission-critical cybersecurity
environments for the future. Cloud security has historically been an afterthought of, or impediment to, cloud adoption. With
Sept 2016 Series D $40.0
customers’ most valuable asset, data, increasingly finding residence in the cloud, it’s time security move to the forefront. At the
Jun 2014 Series C $40.0 same time, security cannot hinder cloud adoption, as the transformation the cloud promises extends far beyond the corridors of
IT to every facet of modern business.” – Christopher D. Young, CEO, McAfee
May 2013 Series B $20.0
▪ "We both want to create a world where enterprises can operate freely and securely to reach their full potential. As part of
McAfee, we will have access to even greater resources to accelerate delivery of Skyhigh’s product roadmap, further advancing
Apr 2012 Series A $6.5
our vision of making cloud the most secure environment for business.” —Rajiv Gupta, CEO, Skyhigh
124
Warburg Pincus Commences Cash Tender Offer For Cyren
Warburg Pincus Has Commenced Offer To Purchase Up To 31.2M Ordinary Shares Of Cyren For $2.50 Per Share.
Transaction Overview Cyren Overview

Cyren Web Security provides a quick-to-deploy, easy-to-manage SaaS secure web gateway for businesses. Cyren’s multi-layered cloud
defenses protect users from advanced malware, ransomware, and phishing wherever they are, and on whatever device they may be
Date: 11/20/2017
using, while a powerful policy and reporting engine provides superior visibility and control of web usage
Block malware, phishing, ransomware, Protect any user, anywhere,

HQ: McLean, Virginia and malicious sites on any device
Stop zero-day threats and advanced evasive malware via cloud
Lower costs compared to security appliances
sandboxing
acquires Founded: 1991 Enforce web usage policies
Deploy and manage easily; SaaS delivery model enables
simplicity
Cloud-Wide Detection
CEO: Lior Samuelson
Cross-Vector Cross-Geo Real-Time
TEV / LTM Rev: 3.8x Full coverage of all internet threat Comprehensive view of global traffic ranging Leverage big data analytics, AI &
vectors including web, email & DNS across geographies, languages & protocols machine learning to identify threats
Web Security $119.3 Million
Transaction Commentary
▪ Warburg Pincus announced its intention to commence a Special Cash Tender Offer pursuant
to Israeli law to increase its ownership in Cyren, up to a maximum of 75% of Cyren's shares
▪ Warburg Pincus owns 21.3% of Cyren shares, following its previously announced purchase of
10.6M shares for $1.85 Exploits Bots Malware Apt
▪ The tender offer is conditioned upon a few things including:
- Cyren shares representing at least 5.0% of the issued and outstanding shares and voting
power of Cyren having been validly tendered
- German Federal Cartel Office has approved the purchase of the Cyren shares tendered
- 5,411,117 Cyren shares having been validly tendered and not properly withdrawn prior to Headquarters Branch Stores Factories Roaming Home Mobile Internet
the completion of the initial offer period Offices Employees Office Devices Of Things
125
Proofpoint Acquires Cloudmark
Acquisition Will Better Protect Proofpoint’s Enterprise And ISP Clients With New Threat Intelligence Expansion.
Transaction Overview Cloudmark Overview

Cloudmark Security Platform for Email
Date: 11/07/2017 Cloudmark Security Platform is a high-performance, carrier-grade messaging security solution that automatically detects & mitigates all
categories of email abuse and threats across a service provider’s network.
HQ: San Francisco, CA
acquires Founded: 2001 Threat Intelligence Global Threat Network
Email Email
Total Raised: $39.0M Security Platform

SMS/MMS SMS/MMS
Protects Infrastructure
Blocks Threats
DNS DNS
CEO: Jason Donahue
Detects Anomalies
Messaging Security $110.0 Million Anti-Abuse Protection Highly Extensible Reduce Power Requirement Intelligent Flow Control
Features & Supports Authentication & Secure
External Data Source Integration Reporting and Analytics
Cloudmark Funding Snapshot Benefits Messaging Standards
Date Stage Amount Raised ($M) Investors Horizontally Scalable Flexible Policy Engine Unified Cluster Management
Mar 2010 Venture $23.0

Sept 2004 Series C $11.0
▪ “We are excited to welcome Cloudmark’s ISP and mobile carrier customers to Proofpoint. By combining the threat
intelligence from Cloudmark with the Proofpoint Nexus platform, we can better protect all of our customers –
both enterprises and ISPs – from today’s rapidly evolving threats.” - Gary Steele, CEO, Proofpoint
Jul 2003 Series B $4.5
▪ Messaging has been the number one threat vector for years, but with ransomware and BEC, it’s never been a more
Dec 2002 Series A $0.5 urgent issue. We’re thrilled to be continuing our work to fight advanced threats in messaging as part of
Proofpoint.” - Jason Donahue, CEO, Cloudmark
126
Synopsys Acquires Black Duck Software
Black Duck Will Strengthen Synopsys’ Ability To Push Security And Quality Testing, Reducing Risk For Customers.
Transaction Overview Black Duck Overview

Black Duck Hub
Date: 11/02/17
Identifies open source
throughout code base
HQ: Burlington, MA
Automatically maps open

acquires Founded: 2002 source in use to known open
source vulnerabilities

Flags policy violations and
Open Source enters your code from everywhere it is used, bringing
tracks remediation progress
diverse security vulnerabilities with it.
CEO: Louis Shipley
Automotive Financial Continuously monitors for
Federal
Application Security $548.0 Million + Connected Services & newly identified open source
Government
Vehicles FinTech vulnerabilities
Synopsys Security Acquisitions Summary Transaction Commentary
Date Company Amount Date Company Amount ▪ "We're excited to join an organization that shares our commitment to addressing security and quality issues at the
earliest phases of the software development process. Doing so will enable us to provide leading solutions that
11/02/17 $548M 05/28/15 NA enable customers to develop and deliver more secure and higher-quality software faster than ever before.“ – Lou
Shipley, CEO, Black Duck Software
11/07/16 $160M 04/20/15 NA
▪ "Development processes continue to evolve and accelerate, and the addition of Black Duck will strengthen our
11/07/16 $30M 02/19/14 $375M
ability to push security and quality testing throughout the software development lifecycle, reducing risk for our
customers. We look forward to working with Black Duck's experienced team as we drive our combined solution
11/06/15 NA
to the next level of value for our customers." – Andreas Kuehlmann, SVP and GM, Synopsys Software
Integrity Group
127
Continental Acquires Argus Cyber Security
Continental Acquires Argus Cyber Security To Strengthen Its Capabilities In Automotive Cybersecurity.
Transaction Overview Argus Security Overview

Argus Protects Private And Commercial Vehicles, Fleets, Connectivity Platforms And Dealerships From Cyber Attacks
Date: 10/30/2017 With Advanced Cyber Security Solutions And Services.
Threat Analysis
HQ: Tel-Aviv, Israel About the Company
Risk Assessment
Argus is the world’s largest automotive cyber security company, integrating
acquires innovative computer networking and security methods with a deep
Founded: 2013 understanding of automotive practices Vulnerability Analysis
Code Review
Safety Without Recalls Car Hacking
Penetration Testing
Given the potential for physical harm to Works with private and commercial
motorists, passengers and property in OEMs, Tier 1s, fleet managers,
Incident Response
CEO: Ofer Ben-Noon case of a breach, Argus’ mission is to dealerships and aftermarket
maintain road safety and to prevent connectivity providers to defend
costly vehicle recalls against vehicle hacking Cyber Threat Intelligence
IoT Security ~$400.0 Million

Argus Cyber Security Funding Snapshot ▪ “With the acquisition of Argus Cyber Security we are enhancing our abilities to directly develop and offer solutions
and services with some of the world's leading automotive cyber security experts to our customers around the globe
Date Stage Amount Raised ($M) Investors in order to truly make mobility more intelligent and secure.”– Helmut Matschi, Member of the Executive Board at
Continental
Sep 2015 Series B $26.0 ▪ “Argus was founded with a vision to protect all vehicles on the road from cyber threats. To this end we have
developed the most comprehensive automotive cyber security offering in the industry and enjoy global recognition
of our leadership. Joining forces with Continental and EB will enable us to further accelerate the realization of that
Sep 2014 Series A $4.0 vision.” – Ofer Ben-Noon, CEO, Argus Cyber Security
128
Elliott Management Acquires Gigamon
Elliott Management Will Drive Gigamon’s Long-Term Growth Through Product Development.
Transaction Overview Gigamon Overview

Gigamon provides network visibility and data traffic management software. It provides stronger security and
Date: 10/26/2017
acquires performance by offering active visibility into data-in-motion network traffic – allowing security, network, and
application management services to operate more efficiently and effectively.
HQ: Santa Clara, CA
Visibility Platform Features Platform Benefits Industry Solutions
acquires Founded: 2004 Automated Traffic Insight: Enhances
and secures software-defined data
center (SDDC)
CEO: Paul Hooper
Speed: Visibility-powered virtualization
Financial
boosts data center agility and scale Services
Healthcare
EV / LTM Revenue: 4.4x
Low downtime: Intelligent traffic
Manage and Full Maximizes management prevents data center
automate transparency of performance of downtime
Network Security $1.6 Billion network traffic what is security tools
happening on Software-defined visibility: Complete Technology
Public Sector
network visibility of software-defined networks
Gigamon (NYSE:GIMO) Price Performance
($ USD price per share)
$43.00 ▪ "This transaction represents a unique opportunity to invest in the industry-leading visibility solution in a product
category that is critical to enterprise security… Working alongside our team of operating executives, we look
$38.00 forward to supporting the Company to drive long-term growth through continued product development,
$36.15 investment in the Company's large community of channel partners and exploring acquisitions to further bolster
$33.00 Deal Announced innovation.” – Isaac Kim, Managing Director of Evergreen (Elliot’s private equity arm)
(October 26, 2017)
▪ “Elliott and Evergreen have deep technology experience and share our long-term vision for next-generation
$28.00
traffic visibility across on-premises, cloud and hybrid infrastructure.” – Paul Hooper, CEO of Gigamon
Jan-17 Mar-17 May-17 Jul-17 Sep-17 Nov-17
129
Booz Allen Hamilton Acquires Morphick Cyber Security
The Acquisition of Morphick Extends And Complements Booz’s Existing Cyber4Sight Threat Detection Service.
Transaction Overview Morphick Cyber Security Overview

Proactive Threat Hunting Services
Date: 10/20/2017 Incident Response Services Managed EDR Compromise Assessment
▪ Iterative Incident Response Process: SCOPE, CONTAIN, ANALYZE, ▪ Managed by 24/7 Threat Intelligence Center Experts
HUNT ▪ Delivers complete analysis of all endpoints and identification of
HQ: Cincinnati, Ohio ▪ Immediately deploys NSA-CIRA Accredited Incident Responders to compromised systems
quickly assess the situation ▪ Technology Deployment, Threat Identification, and Actionable
▪ Implement a comprehensive approach to address the full extent Recommendations over a 6-week period
and impact of an attack
acquires Founded: 2015
Threat Hunting / Malware Reverse Engineering Security Defense
▪ Merger & Acquisitions Threat Assessment: Preventative threat ▪ Application & Network Security Architecture Tests
Total Raised: $10.0M assessment services as part of the due diligence process ▪ Compromise Assessment
▪ Threat detection system that learns progressively to proactively ▪ Network Security Visibility Assessment
identify breaches faster ▪ Incident Response Readiness Assessment
CEO: Brian Minick Morphick Defense Platform

▪ Advanced Threat Detection & Response ▪ Morphing Defense Postures (Learn & Morph)
▪ Unparalleled Visibility ▪ Incident Response
▪ Dynamic Detection ▪ Reverse Engineering & Proactive Threat Hunting Services
MSSP ▪ Tailored Threat Intelligence
Morphick Funding Snapshot ▪ “The talented teams at Booz Allen and Morphick share a common point of view: cyber defense is not a compliance only activity.
This is a multi-dimensional, quickly evolving threat requiring much more than automated, one-size-fits-all services. We’re pairing
Date Stage Amount Raised ($M) Investors Morphick’s leading platform and approach with Booz Allen’s reach and expertise in advanced cyber defense services – a move
that anticipates the client need for protection from the most advanced cyber threat actors.” – Brian Minick, CEO of Morphick
Sep 2015 Series A $10.0 ▪ “Morphick complements Booz Allen’s current managed threat intelligence service, Cyber4Sight – helping clients use their insight
into adversaries to better detect and respond to attacks. Morphick will initially support the firm's commercial clients, and in the
future, the capabilities will extend to support other client demands.” – Booz Allen Hamilton’s Press Release
130
Guidewire Acquires Cyence
Transaction Will Assist Insurers in Addressing and Underwriting Modern Risks Through New Data-Based Service.
Transaction Overview The Cyence Approach to Risk

Cyence combines data science, cybersecurity, & economics into a unique analytics platform that quantifies
the financial impact of cyber risk
Date: 10/06/2017
HQ: San Mateo, CA The Cyber Risk The The Economic The Data
Modeling People/Process Modeling Collection
Challenge Challenge Challenge Challenge
acquires Founded: 2014 ▪ Cybersecurity is not just a ▪ Cyber events are driven ▪ A comprehensive economic ▪ Cyence created a diverse
technical problem but a by human & behavioral model can accurately and scalable data factory
business risk factors, however, predict cyber risk to accurately and non-
▪ Challenges in building a technology must also be ▪ Insurers need to understand invasively collect human
Total Raised: $40.0M cyber risk model is data, analyzed alongside people the organization’s many and machine data
analyzing people & and processes for an possible threats & their ▪ This continually evolving
processes & economic accurate assessment of impact in dollars and behavioral and technical
modeling risk probabilities data drives the Cyence
CEO: Arvind Parthasarathi risk models
Risk & Compliance $266 Million ▪ "Cyence is an exceptional technology company that, like Guidewire, focuses on serving the strategic needs of the P&C
industry. While Guidewire has focused on core operations, data management, and digital engagement, Cyence applies
expertise in data science and machine learning to the modeling needs of insurance product design, pricing, and
Cyence Funding Snapshot underwriting for 21st century risks. As traditional actuarial approaches struggle to address the unique characteristics of
emerging risks like cyber, Cyence’s next-generation approach will enable insurers to broaden the scope and value of the
Date Stage Amount Raised ($M) Investors
products their policyholders need.“ -Marcus Ryu, Co-Founder & CEO, Guidewire Software
▪ "Cyence started applying our data science engine to cyber risk given the significant demand from the insurance industry
Sep 2016 Venture $40.0 on what is an existential threat for their insureds. We are excited by the opportunity to power our approach with
operational data and policy lifecycle support from Guidewire’s core systems and to join forces with the technology leader
serving the P&C insurance industry.“ -Arvind Parthasarathi, Co-Founder & CEO, Cyence
131
Google Acquires Bitium
Google Cloud Will Deliver Comprehensive Solution for Identity & Access Management to Its Enterprise Customers.
Transaction Overview Bitium Overview

Bitium aims to give growing companies the ability to manage access to all of their web-based applications — including
Date: 9/26/2017 Google Apps & Office 365, social networks & CRM, collaboration & marketing tools — in one place, without hindering
acquires employee adoption of these applications
HQ: Santa Monica, CA

The Bitium Difference
acquires Provides cloud-based identity and access management solutions, including single sign-on, password management and analytics for
small, medium and enterprise businesses.
Founded: 2012
Security Flexibility Easy of Use
Visibility into all apps and users provides Adaptability around changes in directory An easy-to-adopt service with world-class
CEO: Scott Kriz organizations with the intelligence infrastructure, new apps and an support reduces cost and IT burden while
required to increase security increasing user base delivers better agility increasing efficiency
Identity & Access Management ***_
Federation & Credential App Directory Secure User Provisioning Reporting &
Bitium Funding Summary Single Sign-On Management Management Integration Access & Deprovisioning Compliance
Aug 2016 Series A-1 $6.0 ▪ “With the acquisition of Bitium, Google Cloud will gain capabilities to help us deliver on our Cloud Identity vision. Our
enterprise customers want a comprehensive solution for identity and access management and SSO that works across
their modern cloud and mobile environments. Bitium helps us deliver a broad portfolio of app integrations for
Feb 2014 Series A $6.5
provisioning and SSO that complements our best in class device management capabilities in the enterprise. As we add
Bitium’s capabilities, we’ll continue to work closely with our vibrant ecosystem of identity partners so that customers are
Aug 2013 Seed $2.4 able to choose the best solutions to meet their needs. - Karthik Lakshminarayanan, Director, Product Management, G
Suite and Cloud Identity
132
Marlin Equity Partners Acquires Appriver
Marlin Partners With AppRiver To Help Strengthen Their Product Offering & Expand Their Geographical Footprint.
Transaction Overview AppRiver Services

Spam & Virus Web Email Secure Hosted Email
Date: 9/25/2017 Protection Protection Encryption Exchange Continuity
acquires
SecureTide® keeps your SecureSurf constantly CipherPost Pro ensures Secure Hosted Exchange Effective way to protect your
HQ: Gulf Breeze, FL email free of spam and monitors outbound traffic your message remains service gives you control of company from costly email
viruses. 99% of unwanted and will send you Automatic encrypted all the way to your email system without outages
messages never reach your Threat Notifications instantly the recipient the complications & expense
acquires Founded: 2002 inbox of managing servers
Email
Employees: ~220 Office 365 Migration DNS Hosting Email Threat
Archiving &
Plus Services Plus Intelligence
Compliance
CEO: Michael Murdoch With Office 365 Plus, you Store your business records Complete migration Partnered with Akamai to Customizable, consultative
get expert migration securely and retrieve them solution will move calendar, put our customers' DNS service offered to
assistance along with easily contacts, emails, tasks, records on thousands of organizations that want to
Email & Web Security Phenomenal Care® journals, and notes from
one system to another
servers worldwide build or reinforce their cyber
defense capability
Marlin Equity Cybersecurity Portfolio Transaction Commentary

Date Target Amount ▪ “In a world with new and complex cybersecurity threats emerging daily, small and medium-sized businesses are increasingly
looking to AppRiver as a trusted partner to keep their businesses productive and their information secure. We are excited to
9/25/2017 NA
mark a new chapter in AppRiver’s growth by partnering with Marlin and leveraging its extensive sector expertise and operational
resources to further strengthen our product offering and expand our geographical footprint.” - Michael Murdoch, CEO & Co-
5/12/2015 NA Founder, AppRiver
▪ “We are thrilled to partner with AppRiver & build upon its deep and long-standing customer relationships that have been
4/14/2015 $200M
established through a superior product offering and commitment to world-class support. AppRiver is ideally positioned to lead
and innovate in today’s security-conscious environment as businesses of all sizes continue to transition to a cloud-based
7/7/2014 $170M
deployment model.“ Peter Chung, Principal, Marlin Equity Partners
133
SAP Acquires Gigya
Gigya Will Help SAP Hybris To Better Profile Individuals Across Different Channels.
Transaction Overview Gigya Overview

Gigya’s Customer Identity Management Platform Gigya's Enterprise Platform Features
Date: 9/24/2017 Web Scale Performance Privacy & Compliance
acquires CIAM platform accommodations Centralizes management of
millions of identities & billions consumer data with single
of data points end to end solution
HQ: Mountain View, CA Easy to Manage & Comprehensive &

Administer Intelligent Security
Features advanced
acquires Saves time & resources while
offering max flexibility authentication, encryption &
DDoS protection
Founded: 2006 Featured Customers
Connect Collect Convert
Registration-as-a- Profile, Preference Customer Insights,
CEO: Patrick Salyer Service, & Privacy ETL & Identity
Authentication & Management Exchange Platform
Federation
Identity & Access Mgmt. $350.0 Million
Gigya’s platform enables businesses to identify and engage customers across devices; consolidate data into rich, privacy-compliant
Gigya Funding Summary customer profiles, and integrate data into marketing and service applications to provide better services, products and experiences
Nov 2014 Series F $35.0
▪ “The idea will be to integrate those features into SAP’s wider e-commerce operation to expand the kinds of services it offers to existing
Sep 2013 Series E $25.0 customers, and to help sell more e-commerce services to Gigya’s base.” –Techcrunch
Jun 2012 Series D $15.4 ▪ “Gigya brings a wealth of skills and expertise that will significantly enhance the SAP Hybris Profile solution & allow us to take leadership
of the emerging customer identity and access management market.” -Carsten Thoma, President and Co-founder of SAP Hybris
Mar 2011 Series C $16.0
▪ “This is a vital step for digitalizing businesses because companies need to be able to draw accurate conclusions seamlessly across all
Mar 2008 Series B $9.6 channels, including web, mobile, in-store or connected devices, and the Internet of Things, as well as collect data about consumer
preferences. Together we are well positioned to drive more effective marketing, sales and service through data, while the customer stays
in control of how much data is shared.” -Patrick Salyer, CEO of Gigya
http://fortune.com/2017/09/25/gigya-sap-hybris-israel/ 134
K1 Acquires SecureAuth & Merges With Core Security
Core Security + SecureAuth Brings Together Network, Endpoint, Vulnerability, & Identity Security.
Transaction Overview Company Overview
Develops identity and access management software that utilizes adaptive authentication to provide
Date:
acquires9/20/2017 innovative secure access control solutions for cloud, mobile, web, and VPN systems. Solutions include
identity and access security, endpoint, network, and threat detection.
HQ: Irvine, CA
SecureAuth IdP Benefits SecureAuth Cloud Access Features
merges with
Founded: 2005 Single Sign-on
Multi-layered Multi-Factor Secure, Rapid

CEO: Jeff Kukowski Protection Authentication connectivity Multi-Factor Authentication
Identity & Access Mgmt. Software $225.0 Million

Hybrid Cloud / On-Prem
Behavioral Non-disruptive Infinite
Funding Summary Biometrics User Experience Workflows
$5.0
Sep 2017 Series E
▪ “SecureAuth is merging with Core to create one of the industry’s only security companies that incorporates
Jan 2016 Series D $9.0
identity with network, endpoint and vulnerability detection.” – Jeff Nolan, CMO at SecureAuth
Aug 2014 Series C $13.2 ▪ “The security industry must deliver an integrated and relevant approach to our customers. Despite the
incredible amount of money spent on security technology…We can now deliver an entirely new approach to
Nov 2013 Series B $4.1 integrating security operations and deploying advanced machine learning to achieve real automation in the
SOC (Security Operations Centers).” – Jeff Kukowski, CEO of SecureAuth
Jul 1997 Seed Round $0.6 Undisclosed
135
Forcepoint Acquires RedOwl
RedOwl’s Analytics Will Bolster Forcepoint’s Existing Cybersecurity System and Other Technologies.
Transaction Overview RedOwl-Forcepoint Integration Overview

RedOwl’s UEBA platform uniquely enables users to rapidly integrate new, complex data sources, apply powerful
behavioral analytics that look at the behaviors of people & help understand intent across both security & compliance
Date: acquires
8/28/2017
▪ Forcepoint can now ingest multiple data
sources – including structured and
HQ: Baltimore, MD unstructured data (i.e. databases, HR
acquires Software, Salesforce)
Founded: 2011 ▪ Forcepoint can now draw correlations

that legacy DLP wouldn’t let you do &
can analyze and build a view of what
“good” and “safe” look like
CEO: Guy Filippelli
▪ When something falls out of a normal
profile, like accessing data at odd times,
UEBA or from odd locations, Forcepoint can
raise the awareness & automatically adapt
protection to the appropriate risk level
RedOwl Funding Summary
Date Stage Amount Raised ($M) Selected Investors Transaction Commentary
▪ “This latest milestone in Forcepoint’s human point strategy arms customers with cybersecurity systems it designed for the
Jun 2015 Series B $17.5 reality of today’s threats. RedOwl brings a sophisticated analytics platform to Forcepoint’s human-centric cybersecurity
system and will be integrated across our portfolio, as well as with customers’ existing technologies (e.g. SIEM).” –
Forcepoint Press Release
Jun 2014 Series A $11.0
▪ “With Forcepoint, our platform will become part of a suite that enables companies to build world class human-centric
security and compliance programs, our entire team will transition into a global organization with tremendous growth
Apr 2013 Grant $0.1 opportunities for each employee, and our current customers will feel the force of an entire enterprise of technologies
and people to accelerate the deliver of mission-critical capabilities.” – Guy Filippelli, CEO, RedOwl
136
Warburg Pincus Acquires Majority Stake In eSentire
Warburg’s “Significant Equity Investment” Will Be Used To Grow The Business & Expand Its Services To Customers Globally.
Transaction Overview eSentire Overview

eSentire MDR is an all encompassing service that integrates the best of signature, behavioral and anomaly detection
capabilities with a rich suite of forensic investigation tools that enable our security analysts to block threats in real-time
Date: acquires
08/21/2017
esNETWORK
Real-time network threat
HQ: Cambridge, Ontario detection & prevention
acquires majority stake in esARTEMIS Security Operations Center
esENDPOINT
Fully-integrated platform built 24/7 white-glove security service
Next-gen endpoint protection
Founded: 2011 & threat detection
to identify, investigate, & supplements the technology for a
respond to threats comprehensive security solution
esLOG
CEO: J.Paul Haynes Log management for MDR
Dedicated Security Strategist Health Check

Managed Detection & Response ~$150.0 Million Penetration Testing &
Virtual CISO
Vulnerability
Risk Assessment
Vulnerability Assessments Phishing Campaigns Executive Briefings Security Policy Guidance (SPG)
Mgmt.
Assessments to identify
Tailored assessments Simulated attacks based
unknown, active exploits
eSentire Funding Summary based on business &
regulatory requirements
within the network
on custom themes Security Program Maturity Assessment (SPMA)
Security Incident Response Plan (SIRP)

Date Stage Amt Raised ($M) Selected Investors
Private
Aug 2017 Undisclosed
Equity ▪ “With the ever-increasing complexity around cybersecurity and scarcity of security talent, more companies are
seeking comprehensive managed services that proactively detect and respond to cyber threats in real time.”
Feb 2016 Series D $19.5
▪ “eSentire provides the most complete suite of technologies and services in the MDR market and has
experienced industry-leading growth and impressive customer satisfaction. We are excited to partner with
Sep 2014 Series C $14.0
management to support the Company’s continued expansion and help them serve the complex cybersecurity
needs of their customers.”
- Cary J. Davis, Managing Director, Warburg Pincus.
137
Webroot Acquires Securecast
Acquisition Will Help Businesses Reduce The Risks And Costs Of Cyber Threats With End User Education.
Transaction Overview Security Awareness Training Beta Overview

Security Awareness Training gives you the tools you need to successfully and effortlessly manage
Date: 8/15/2017 security awareness campaigns with maximum impact for the end user
Phishing Security Awareness Contact Reporting

HQ: Portland, OR Simulation Training Management Center
acquires ▪ Simulation Mgmt. Wizard ▪ Training Campaign ▪ Contact import using ▪ Phishing Campaign Statistics
Management Wizard CSV or web based form
Founded: 2015 ▪ Contact Manager ▪ Report Exports
▪ Contact Manager ▪ Use tags to group
▪ Phishing Email Templates ▪ Per-User Action Reports
contacts by client or
▪ Training Email Templates
▪ Phishing Lure Templates business unit
CEO: Daniel Fox ▪ Comprehensive Course
▪ Phishing Educational ▪ Send training and
Library (coming soon)
Templates phishing to group
Security Awareness ▪ Integration with Training
▪ Reporting Center Tracks
Completion and Quiz Scores
Courses
Webroot Security Acquisition History ▪ Reporting Center
Date Company Date Company Transaction Commentary

▪ “With an easy-to-use platform, Securecast quickly became a solution preferred by MSP service providers. Teaming up with
Webroot, the leader in cybersecurity solutions for MSPs, is the best move for our solution and the MSP community.” – Daniel
08/15/2017 08/31/2010
Fox, Co-Founder and CEO, Securecast
▪ “The human factor is a consistent weakness in overall cyber defenses, and security awareness training is the only solution. As
09/19/2016 07/07/2010 cyberattacks like phishing become increasingly sophisticated, users are exposed to a variety of hidden threats that will
compromise their own data along with their employer’s data. Building on Securecast, Webroot will offer our MSP partners the
security awareness training they need to address this evolving threat landscape, and build a profitable new line of business.” -
EmailSystems
11/1/2010 03/10/2010 Chad Bacher, SVP of Product Strategy and Technology Alliances, Webroot
Scandinavia AB
138
BlueteamGlobal Acquires BitVoyant, K2 Cyber Defense, & K2G Global
BlueteamGlobal Raises $125M and Acquires Three Companies.
Transaction Overview BlueTeamGlobal Overview

BlueteamGlobal will provide Advanced Cyber Threat Intelligence for large companies and Managed Cyber
Security Services for smaller businesses
Founders & Board Members Other Senior Team Members Include
▪ Advanced cyber threat intelligence will be led by Daniel Ennis,
former Director of the NSA's Threat Operations Center, and Ron
Feler, formerly Deputy Commander of the Israel Defense Forces'
Unit 8200.
acquires ▪ Deep and dark web intelligence will be led by Gad Goldstein, who
served as a division head in the Israel Security Agency
Jim Rosenthal Tom Glocer Gad Goldstein Jules Kroll Nadav Zafrir ▪ Managed security and professional services will be led by Austin
Founder & Founder & Board; Division Board; Chairman Board;
Berglas, former head of the FBI's New York Cyber Branch, and Milan
CEO Executive Head In The Israel and Co-Founder of CEO Team 8
Chairman Security Agency K2 Intelligence Patel, former CTO for the FBI, Cyber Division
▪ Chairman of the business in Europe will be Lord Mandelson, former
Founded: 2017 European Trade Commissioner and British First Secretary of State
▪ Robert Hannigan, former director of GCHQ, the UK intelligence
Locations: New York, Washington D.C., London, Madrid, & Tel Aviv service, will head the company's European Advisory Board.
Threat Intelligence MSSP Threat Intelligence
Funding Summary
BlueteamGlobal Acquisition Summary Date Stage Amount Raised ($M) Selected Investors
Aug 2017 Private Equity $125.0 Institutional And Individual Investors

Company Company Description
BitVoyant delivers advanced cyber threat intelligence & Transaction Commentary
alerts to companies, covering their businesses and their
ecosystems ▪ "In my role at Morgan Stanley, I spent considerable time focused on cybersecurity issues, working with Tom – as the
security lead on Morgan Stanley's board – to build out an elite team to protect the firm against advanced attack
K2 Cyber Defense is a business line that delivers
managed security and professional services, incident
techniques – in the same way that the national security agencies take on that role for the U.S. government.
response, and investigations to its corporate clients BlueteamGlobal will provide the same kind of expertise and intelligence to companies around the world.“ – Jim
Rosenthal, CEO, BlueteamGlobal
K2G delivers an ongoing analyzed and curated stream
of Dark Web Cyber Threat Intelligence to its corporate ▪ "Over the course of my career in IT, cyber threats have evolved from technology-adept amateurs to sophisticated
clients nation states and criminals. BlueteamGlobal will deliver threat intelligence and defense capabilities to address the
current generation of advanced persistent threats.“ –Tom Glocer, Executive Chairman
139
DigiCert Acquires Symantec’s Website Security Business
Deal Will Expand DigiCert’s Expertise to Lead the Next Generation of Global Website Security.
Transaction Overview Overview

Symantec’s SSL/TLS certificates promise enterprise-class strength, 100% root ubiquity in today’s browsers, and industry-recognized
support from the most established Certificate Authority in the world, formerly from VeriSign
Date: acquires
8/03/2017
Symantec SSL/TLS Certificate Validation
Domain Validation Organization Validation Extended Validation
HQ: Mountain View, CA
Works well for situations where
Displays the final vetted company
acquires trust and credibility are less
information for visitors, making
Delivers the highest level of visitor trust
important because the site is not through strictest authentication
the ownership of site much more
Founded: 1982 customer-facing (internal server,
mail server)
reliable
standards
Symantec SSL/TLS: Benefits Beyond the Certificate

CEO: Greg Clark
Norton Secured Seal Seal-in-Search Daily Malware Scanning 24/7 Customer Support
Web Security $950.0 Million The #1 most recognized trust The Norton Secured Seal adds Built into every Symantec SSL/TLS Professionals are there whenever
mark on the web power to brand & click-through certificate for added protection you need help
rates against malicious infections
Key Milestones
▪ VeriSign originally sold off its SSL/TLS Security
▪ Total purchase price: $950.0 million in cash and 30% stake in DigiCert
Certificate business unit to Symantec for $1.3
▪ “Transitioning our Website Security and related PKI solutions to DigiCert allows us to sharpen our enterprise focus on
billion in 2010 delivering unparalleled protection for the cloud generation through Symantec’s Integrated Cyber Defense Platform.”- Greg
Clark CEO, Symantec
▪ Thoma Bravo (private equity) took a majority
▪ “DigiCert is committed to providing the market with innovative products, the highest level of trust, and experienced
stake in DigiCert in 2015 for an undisclosed leadership in the SSL and PKI community. We are excited about the opportunities ahead, and will work toward a smooth
amount transition for customers and Symantec’s Website Security employees.” – John Merrill, CEO of DigiCert
140
Rapid7 Acquires Komand
Acquisition of Komand Will Expand Rapid7 Insight Platform To Automate Reponses To Security Threats.
Transaction Overview Komand Overview

Komand is a security orchestration and automation platform that gives security teams the power to quickly
acquires automate and streamline security operations, with no need for code. It contains more than 45 plugins to integrate
Date: 7/18/2017
tools, as well as a growing list of over 100 actions and tasks that can be automated.
Connect Your Tools Build Dynamic Workflows Utilize human decisions

HQ: Boston, MA
acquires Create powerful machine-to- Add human decision points
Seamlessly connect all to allow you and your team
machine security automation
existing security tools with to provide expert insight
Founded: 2015 a library of plugins
with connect-and-go
when responding to security
workflows, no code necessary
threats
Respond to Threats Faster Save Time and Energy Improve Operational Efficiency
CEO: Jen Andre
Komand helps to
Komand utilizes your
Komand empowers your streamline security
team’s expertise to analyze
Security Orchestration $50.0 Million team to respond faster and
and decide, not manually
processes which make
with detailed analysis your team more efficient
fetch data
and productive
Komand Funding Summary Transaction Commentary

▪ “When we defined the Komand mission, there was one goal: help under-resourced security and IT teams better
leverage what they have at their disposal. Rapid7 has demonstrated that they share this vision, made evident by
their commitment to the security and IT communities.” – Jen Andre, CEO, Komand
Jan 2017 Seed $1.3 Mike Egan
▪ “The need for well-designed security and IT automation solutions is acute; resources are scarce, environments are
Nov 2015 Undisclosed
becoming more complex, all while threats are increasing. Security and IT solutions must evolve through context-
Seed
driven automation, allowing cybersecurity and IT professionals to focus on more strategic activities.”
- Corey Thomas, President & CEO, Rapid7
141
Cisco Acquires Observable Networks
Acquisition of Observable Networks Will Support Cisco’s Strategic Transition Toward Software-Centric Cloud Solutions.
Transaction Overview Observable Networks Overview

Observable Networks provides network security technology and threat detection services that identify
compromised and misused networked devices. It offers continuous device profiling technology, which includes a
Date: acquires
7/13/2017 cloud-based service platform incorporating automated security analytics and real-time traffic sensors to
continuously model all devices on networks all the time.
HQ: St. Louis, MO

acquires Simplify Security Efforts And Gain Complete Complete Security For Legacy, On-premise, Comprehensive Security For Industrial
Visibility In Public Cloud Environments Or Hybrid Networks Control Systems
Founded: 2011 ▪ Ensure security in VPCs & public cloud ▪ Understand normal behavior for devices ▪ Enables operators to monitor & control
industrial processes
▪ Uses flow logs & cloud data as inputs ▪ Not dependent on threat signatures
▪ Overcomes legacy industrial control
▪ Platform-agnostic: Works with any cloud ▪ Successfully overcomes end-to-end systems challenges
environment, including hybrid infrastructure encryption security challenges
▪ Full management of Suricata IDS,
CEO: Bryan Doerr ▪ Integrates with AWS & Microsoft Azure ▪ Minimizes false positive alerts by including automatic definition updates
generating only amount of alerts required
to accurately report on a network’s activity
Deeper Security Intelligence Cloud Platform Managed Services Agility Saas Subscription Dynamic Endpoint Modeling 100% Endpoint Agnostic
Network Security
All Networks Sizes And Types DEM Passive Network Sensor Management Dashboard Omniview Visibility Robust System Security Flexible Integration Stack
Observable Networks Funding Summary Transaction Commentary

Date Stage Amount Raised ($M) Selected Investors ▪ “Together, Cisco and Observable Networks will extend our Stealthwatch solution into the cloud with highly
scalable behavior analytics and comprehensive visibility. On the heels of the unveiling of our new intent-based
Convertible
May 2016 $2.0 network, this acquisition reaffirms Cisco’s commitment to providing unparalleled security solutions for our
Debt
customers and partners.” - Rob Salvagno, Head of M&A, Cisco
May 2014 Series A-1 $2.5 ▪ “This deal is significant not only because it underscores the ongoing interest in security solutions and
subsequent consolidation in that area. It also highlights the fact that Cisco is continuing to build up its business
Aug 2013 Series A $0.6 in applications and cloud services as more companies move their businesses into cloud-based or hybrid
architectures.” – TechCrunch
142
HyTrust Acquires DataGravity
Acquisition of DataGravity Will Further Automate & Enhance HyTrust’s Security Policy Enforcement For Workload Data.
Transaction Overview DataGravity Overview

DataGravity provides data-aware solutions that deliver data classification, analytics, actionable insights and security for workload
data. IT professionals can quickly and easily visualize the who, what, when and where regarding their data and reduce risks,
Date: 7/11/2017 increase productivity and drive organizational success.
DataGravity for Availability DataGravity for Virtualization

▪ Search across all backups jobs and VMs for content ▪ Gain a 360° view of data to easily visualize, search and discover
HQ: Nashua, NH ▪ Proactively defend data against suspicious user activity ▪ Continuously monitor, detect, and proactively report back data
concerns
acquires ▪ Combines multiple data sources to monitor and analyze people,
content, and activities over time ▪ Audit file and user activities by tracking all interactions within VMs
▪ Data classification tools identifies where data resides ▪ Monitors users interactions and triggers data protection points when
Founded: 2012 ▪ Create content policies to proactively manage data anomalous user behavior is detected
Visualize, Search,
Discover
CEO: Paula Long File Count File Distribution With Sensitive Office Macros or
Activities
Identify & Secure
By Category By Size Data Risk Dangerous Data Sensitive Data
File Metadata Inputs Outputs
Active Directory Audit File &
Content User Activities
Data Security VM DGfV Achieve Behavior
Ransomware Dormant Data Tags Discovered Activities
Based Protection
Data Gravity Funding Summary Transaction Commentary

Date Stage Amount Raised ($M) Selected Investors ▪ “The acquisition will accelerate the expansion of HyTrust’s platform capabilities and capitalize on the high-
growth cloud security market. DataGravity’s data discovery and classification capabilities support HyTrust’s
Dec 2014 Series C $50.0
mission to deliver a security policy framework that provides customers with full visibility, insight and
enforcement of policy across workloads.” - Eric Chiu, Co-Founder and President, HyTrust
Jan 2013 Series B $30.0
▪ “The expansion of HyTrust’s workload security platform with the new data discovery and classification
capabilities from DataGravity will help solve some of these organizations’ data security and compliance
Jan 2012 Series A $12.0 challenges in cloud deployments.” - Dave Shackleford, Founder, Voodoo Security & SANS Institute Instructor
143
Symantec Acquires Skycure
Acquisition of Skycure Will Enhance Symantec’s Endpoint Protection Solutions For Enterprise Mobile Device Security.
Transaction Overview Skycure Overview

Skycure's predictive technology uses a layered approach that leverages massive crowd-sourced threat intelligence,
in addition to both device- and server-based analysis, to proactively protect enterprise mobile devices from
Date: 7/11/2017 malware, network threats, and vulnerability exploits.
Malware Network Vulnerability Physical

HQ: Palo Alto, CA Defense Defense Defense Defense
acquires ▪ Multi-layered detection ▪ Instantly checks new ▪ Continuously monitors ▪ Tight integration with all
and analysis network connections platform integrity EMM vendors
Founded: 2012 ▪ Crowd-sourced intelligence ▪ Identify legitimate & ▪ Machine learning assists ▪ Bi-directional
malicious networks
▪ On-device detection and in anomaly detection communications about
app analysis ▪ Under Attack: Automatically and behavioral profiling device compliance for
stop communicating with
CEO: Adi Sharabani ▪ Use Mobile App sensitive resources ▪ OS Upgradability feature policy enforcement
Reputation Service ▪ Secure Connection Informs IT teams of ▪ Provides limited MDM
strategies to determine risk Protection encrypts all available security functionality when no
Mobile Security $200.0 Million ▪ Block installation of communications during an updates before Apple EMM is in place
suspicious apps attack and Google
Skycure’s Funding Summary Transaction Commentary

Date Stage Amount Raised ($M) Selected Investors ▪ “One of the most dangerous assumptions in today’s world is that iOS and other mobile devices that
employees bring into the office are safe, but the apps and data on these devices are under increasing attack.
Jul 2016 Series B $16.5 We believe that tomorrow’s workforce will be completely mobile and will demand a cyber defense solution
that travels with them.” - Greg Clark, CEO, Symantec
Mar 2015 Series A $8.0
▪ “Customers want mobile security solutions that are easy to deploy and manage, and our threat protection
technology offering complements Symantec’s leading endpoint protection solutions, making it easier for
Nov 2012 Seed $3.0 companies to embrace BYOD.” - Adi Sharabani, Co-Founder and CEO, Skycure
144
Symantec Acquires Fireglass
Fireglass’ Isolation Technology Will Strengthen Symantec’s Integrated Cyber Defense Platform.
Transaction Overview Fireglass Overview

Fireglass virtualizes web browsers in a secure disposable container which confines any malicious activity. Each browsing session
is rendered in real-time, and the only thing sent to the endpoint is a visual representation of the actual web content
Date: acquires
7/6/2017
Web Isolation Document Isolation Email Isolation
▪ Potentially malicious content is executed ▪ Access documents without downloading ▪ Prevent phishing delivered via links in emails
remotely ▪ Sanitize files and remove any exploitable ▪ Integrates with standard email servers
HQ: Tel Aviv, Israel ▪ Blocks users from sharing sensitive information elements ▪ Redirect email links through Fireglass
▪ Safe access to uncategorized and risky websites ▪ Download safe versions of documents
acquires ▪ Neutralizes malware on infected devices ▪ Control file download through policy
platform
▪ File attachments saved securely through
▪ Eliminates risk of ransomware Fireglass Document Isolation
No false positives
Founded: 2014 ▪ ▪ Remove Flash and Java from endpoints
Users Web
Application Isolation
▪ Protect internal or cloud applications
CEO: Guy Guzner ▪ Block automated attacks and control data
flow
▪ Provide virtual patching and block
application exploits
Web Security $225.0 Million ▪ On premise or cloud deployment
▪ Prevent data theft by compromised users
Fireglass’ Funding Summary Transaction Commentary

Date Stage Amount Raised ($M) Selected Investors ▪ Integrating Fireglass’ isolation technology with Symantec’s existing endpoint, email, and secure web gateway
solutions could reduce security events by as much as 70%... Isolation will become a core component in the
design of cyber defense architectures for the cloud generation who face the reality of an encrypted internet
and the crisis inherent in email and web-delivered attacks.” - Symantec CEO Greg Clark
Jan 2016 Series A $20.0
▪ “The pairing of browser isolation with Symantec’s proxy and endpoint capabilities forms a generational
Mickey Boodaei Rakesh Loonkar change in approach. Our tests show promise for meaningful reductions in attack surface and time-consuming
security events.” – Raman Safai, CISO of Jefferies Group LLC
145
Honeywell Acquires Nextnine
Honeywell Will Deliver Industry’s Only Field-Proven Solution To Secure Connected Industrial Operations & IoT.
Transaction Overview Nextnine Overview

Nextnine provides security management solutions and technologies for industrial cyber security. ICS Shield, is a top-down
OT security management solution to secure connected environments that can be deployed as a single system.
Date: 6/12/2017
acquires ICS Shield End Customer Distribution
Discover: Identify what’s on the Network
Americas EMEA Asia
HQ: New York, NY ▪ Asset Auto-Discovery: schedule active and passive discovery of ICS assets
▪ Configuration Collection: collect detailed data about each asset Oil & Gas 119 1,061 170
acquires
▪ Change Management: monitor changes in asset inventory & configuration Medical & Pharma 818 14 26
Founded: 1998 ▪ Asset Visualization: Provide clear view of all field assets by business & geography
Minerals & Mining 249 498 80
Connect: Enable Secure Remote Access
▪ Remote Access: centralized authentication, session accounting and control Machinery & Automation 42 413 9
▪ Password Vault: authenticate remote users without sharing device credentials
CEO: Shmulik Aran ▪ Secure file distribution & data transfer
Total 1,228 1,986 285
Protect: Policy Management Partners

IoT Security ▪ Log Collection: empower improved risk management
▪ Automate software patching and anti-malware updating
▪ File backup and restore
Nextnine Funding Summary ▪ Create whitelists and blacklists

▪ “This acquisition shows our ongoing commitment to providing our customers with a comprehensive portfolio of
cyber security solutions to protect and defend their industrial control systems and process control networks.
Jan 2005 Venture $5.0 Honeywell’s extensive global reach will increase Nextnine’s availability to a broader range of customers.” -
Vimal Kapur, President, Honeywell Process Solutions
▪ “Honeywell is eyeing the Industrial Internet of Things market opportunity to connect and manage industrial
installations across a range of sectors and its acquisition of Nextnine will potentially provide a known quantity
Jan 1998 Seed $4.5
in the critical area of security.” – Seeking Alpha
146
Microsoft Acquires Hexadite
Microsoft Looks Again To Israel To Strengthen Its Cybersecurity Efforts (Adallom, Secure Islands, Aorato).
Transaction Overview Hexadite Overview

Cyber Analyst Thinking At The Speed of Automation
Date: 5/24/2017 Modeled after the investigative and decision making skills of top cyber analysts and driven by AI, Hexadite’s Automated Incident
Response Solution (AIRS) remediates threats and compresses weeks of work into minutes. With analysts free to focus on the most
advanced threats, Hexadite optimizes overtaxed security resources for increased productivity, reduced costs, & stronger overall security
Solutions By Hexadite
HQ: Boston, MA
Alert: Prioritization Investigate: Investigate Decide: Evaluate, Remediate: Choose How
acquires Doesn’t Protect Everything. No Then Eradicate To Close The Loop
Exceptions
Founded: 2014 ▪ Allows existing security ▪ After receiving an alert, ▪ Aggregates data from the ▪ With semi-automated or fully
investments to operate at full Hexadite AIRS automatically most advanced and up-to- automated remediation
capacity launches an investigation date threat intelligence feeds capabilities, you can choose
▪ Integrates with any detection ▪ The result of one ▪ Uses proprietary algorithms the level of human
system via email, syslog or APIs investigation can trigger to inspect content and act on involvement
to expedite deployment and multiple parallel every threat
CEO: Eran Barak investigate every alert investigations
Sec Ops / Incid. Response $100.0 Million Strengthen Security Increase Productivity Reduce Costs
HEXADITE
Quickly shut down attacks and Free up resources and maximize Simplify operations and minimize
VALUE
THE
investigate all alerts to uncover hidden response effectiveness with automated damages and recovery times from attacks
Hexadite Funding Summary threats and protect against breaches IR processes and best practices through rapid incident resolution

Feb 2016 Series A $8.0 ▪ “Microsoft had announced earlier this year that it would continue spending $1 billion in 2017 on cybersecurity
research and development, excluding acquisitions it might make in the field. The company also maintains three
July 2014 Seed $2.5 R&D centers in Israel.” -CNBC
147
CyberArk Acquires Conjur
Deal Will Deliver Industry’s Only Enterprise-Class Solution To Secure The DevOps Lifecycle & Cloud-Native Environment.
Transaction Overview The Conjur Plarform
Trust Management for Code, Machines, and People in the Cloud & Container Era
Date: 5/11/2017
Conjur enables security-conscious and regulated enterprises to deploy sensitive workloads to the cloud with confidence. It creates
and maintains trust in the code, machines, and people that make up today's digital business.
HQ: Newton, MA
Make Devops Safe
acquires Privileged access & secrets management
automation to secure continuous delivery
Founded: 2013
Ensure Trusted Access At Webscale
CEO: Elizabeth Lawler Between the thousands of elements that
compose modern cloud & IoT applications
Simplify Compliance
Identity & Access Mgmt $42.0 Million Define, implement, and enforce your
policies, and deliver reports to prove it
CyberArk Acquisition History

Date Company Description Transaction Commentary
Provides high speed cyber solutions for government ▪ Udi Mokady, Chairman and CEO, CyberArk said “CyberArk’s acquisition of Conjur further strengthens our market
3/11/2016 agencies, enterprises, and network operators through DPI leadership position – providing the industry’s only enterprise-class solution for privileged account security and
technology.
secrets management on premises, in the cloud and across the DevOps pipeline. Now with Conjur, CyberArk
Offers app control features and administrative privilege customers can truly embrace DevOps without compromising on security.”
10/7/2015 capabilities to protect against zero-day attacks, malware,
and threats. ▪ “The addition of Conjur will help allow users to accelerate modern software deployment with the addition of
Conjur’s DevOps security software platform which automates machine identity provisioning, authorization of
Develops an endpoint security platform that automatically
8/12/2015 uncovers sophisticated cyber-attacks by combining deep privileged access, service account control and machine-to-machine connectivity.” – Infosecurity Magazine
endpoint data collection and centralized analysis
148
EQT Partners Acquires Open Systems
EQT Partners Diversifies Its Tech & Cybersecurity Portfolio By Acquiring Majority Stake Of Open Systems.
Transaction Overview Open Systems Overview

Date: 05/05/17 Security , Performance And Control For Your Network, Infrastructure And Applications.
HQ: Zurich, Switzerland

Integrated Service
Network Security Application Delivery Identity Management Global Connectivity
Management
acquires Founded 1990
Makes sure that users Ensures that business- Involves the Uses select technology Provides a Service
work with a reliable and critical applications run authentication, to connect various global Delivery Platform,
efficient infrastructure smoothly and securely, authorization and enterprise locations Mission Control Portal
CEO: Martin Bosshardt that meets both global and adhere to the management of privileges where business-critical and 24x7 Operations,
objectives and local global security policy of individuals, hardware processes are concerned. to secure the availability
needs. or applications & stability of ICT
infrastructures
Employees: ~150
▪ Distributed Firewall ▪ Web Application ▪ Identity Sever ▪ Cloud Express ▪ Service Delivery
▪ Network Security Firewall ▪ Federated Identity ▪ WAN Routing Platform
MSSP
Monitoring ▪ Email Gateway Management ▪ Mobile Entry Point ▪ 24x7 Operations
▪ Enterprise Firewall ▪ Application ▪ Web Single Sign-on ▪ Tactical Networks ▪ Mission Control
Customers ▪ WiFi Security Performance ▪ Strong ▪ Sourcing Services Portal
Management Authentication
Open Systems’ customers come from more than 180 countries, across all industry
sectors, including:
▪ On May 5, 2017, Swedish private equity fund EQT Partners AB acquired a majority stake of Open Systems, a
Swiss IT systems security company, for $120M
▪ “The deal will be the EQT's first buyout in 2017 using its €1.1bn mid-market fund” - Unquote
Government Finance Health Care Infrastructure Media Retail
149
Thales Acquires Guavus
Combined Businesses To Strengthen Thales' Portfolio Of Analytic Solutions In Aerospace, Security & Defense.
Transaction Overview Guavus Overview

Guavus provides next-generation big data analytics applications for planning, operations, customer experience
Date: 04/28/2017 management and IoT. These applications uniquely bring together computer science, data science and domain
science to provide real-time analytics that enable businesses to become more efficient, profitable and competitive.
HQ: San Mateo, California Planning Operations CEM IoT
Keep Pace with Operational analytics Improve Profitability, Cloud-based Analytics
Today's Explosive that put the customer Reduce Churn and Applications for the
Data Growth first while fueling Increase Sales Industrial IoT
acquires Founded 2006 business optimization
▪ IP Mediation ▪ Customer Insights & ▪ Fault Management

Total Raised: $138.8M ▪ Network Planning Analytics ▪ Service Assurance Segmentation ▪ Smart Metering
▪ Network Planning & ▪ Performance Management ▪ Customer Profiling & ▪ Predictive Maintenance
Forecasting ▪ Network Security & Threat Targeting ▪ Service Assurance
▪ Network Optimization Mitigation ▪ Data Monetization (Data-as- ▪ Resource Optimization
CEO: Anukool Lakhina ▪ IP Wholesale/Prospecting a-Service) ▪ Security & Breach Detection
Specialized Threat Analysis $215.0 Million Transaction Commentary

▪ The transaction is for a maximum enterprise value of $215 million. The transaction is subject to the
Customers achievement of significant sales growth targets and is subject to regulatory approvals and other customary
closing conditions. The transaction is expected to be completed during the third quarter of 2017.
The Guavus Difference enables Fortune 500 enterprises to leverage sensors, network,
customer and business data to become more profitable, efficient and competitive ▪ "Combined with our established expertise in other key digital technologies, the acquisition of Guavus
represents a tremendous accelerator of our digital strategy for the benefit of our customers. The application to
Thales's core businesses of Guavus' technologies and expertise in big data analytics will strengthen our ability to
support the digital transformation of our customers, whether in aeronautics, space, rail signaling, defense or
security.“ -Patrice Caine, Thales' Chairman and CEO
▪ "Guavus' widely deployed machine intelligent, big data operational analytics platform transforms the quality,
efficiency, scale and security with which our customers can deliver their services, making our platform a critical
enabler of digital transformation.“-Anukool Lakhina, founder and CEO of Guavus
150
CA Technologies Acquires Veracode
Veracode Will Bridge CA’s Security Business With Its Broad DevOps Portfolio.
Transaction Overview Veracode Product Overview

Veracode’s unified platform assesses and improves the security of applications from inception through
Date: 3/6/2017 production so that businesses can confidently innovate with the web and mobile applications they build.
Need Solution Product
HQ: Burlington, MA Simplify PCI Compliance Application Security Platform
Nearly 80% of Web & internal audits – Pass
acquires offers a scalable way to manage
80% Applications contain at
least one vulnerability
audits faster and with less
effort with automated
risk across entire application
Founded: 2006 compliance reporting
portfolio
Static Analysis allows developers
Web and mobile Embed security into agile to identify and remediate
workflows – Identify application security flaws; Web
CEO: Bob Brennan 33%
applications account for
more than a third of vulnerabilities without Application Scanning monitors
data breaches interrupting agile web application during
workflows production
Application Security $614.0 Million Reduce your global threat Developer Training empowers
Attacks at application surface – Achieve developers and testers to develop
25% layer growing by more
than 25% annually.
enterprise-wide secure applications by providing
Veracode Funding Summary governance with
centralized policies
skills needed to identify
vulnerabilities
Sept 2014 Series F $40.0
▪ Bob Brennan, CEO, Veracode said “By joining forces with CA Technologies, we will continue to better address
Apr 2012 Series E $30.0 growing security concerns, and enable them to accelerate delivery of secure software applications that can create
Feb 2010 Series D $12.3 new business value.”
▪ “Veracode will enable CA to make security a frictionless part of the Dev-Ops process by making security
Mar 2009 Series C $5.0
programmatic for developers, automating security testing as a part of continuous delivery, and providing the
Jan 2007 Series B $19.5 detection and remediation of vulnerabilities to help developers create more secure, compliant applications at the
speeds needed for modern application development.” – CA Press Release
151
Madison Dearborn Partners Acquires BlueCat
MDP Will Focus On Developing and Marketing BlueCat’s Automated DNS Solutions.
Transaction Overview BlueCat Overview

BlueCat provides IP address management, domain name system, and DHCP enterprise DNS solutions. It allows
Date: 3/17/2017 customers to build and manage complex network infrastructure, resulting in improved network performance and
acquires reduced network downtime.
HQ: Toronto, Canada

Benefits of Enterprise DNS Solutions
acquires
Founded: 2001
CEO: Michael Harris Centralized Automated Security
Enterprise DNS $325.0 Million BlueCat centralizes architecture by Automated DNS solutions result in BlueCat provides insights into all
connecting all endpoints, less reliance on manual, error- network activities, providing
providing full views of critical prone processes – allowing key IT organizations with visibility, control,
BlueCat Funding Summary network assets and clients. resources to focus elsewhere. and threat detection abilities.

▪ “We have prioritized the needs of enterprise customers by taking a uniquely software-centric approach to our
Jul 2011 Series B $16.8 delivery model, and that strategy has propelled BlueCat to the forefront of the industry. MDP recognizes
BlueCat’s valuable position within our customers’ infrastructure and our tremendous growth prospects. With the
added resources and expertise of MDP, BlueCat will be strongly positioned to accelerate our growth.”
Oct 2009 Series A

– Michael Harris, CEO of BlueCat
$11.0
152
Accenture Security Acquires iDefense & ENDGAME’S Gov’t Svcs Biz
Deal Will Boost Accenture Security’s Defense Services Capabilities & Threat Intelligence Services / Enterprise Security Needs.
Transaction Overview ENDGAME’s U.S. Federal Gov’t Services Business Overview

Endgame’s federal government services business will The acquisition will provide Accenture Federal
acquires become part of Accenture Federal Services, specializes in: Services an additional team of highly skilled
▪ Proactive cyber defense cybersecurity professionals who will help federal
▪ Hunt-as-a-service capabilities clients increase their cyber resiliency by better
▪ Red teaming preparing for, identifying, intercepting, and removing
▪ Cyber operations advanced adversaries in real time
iDefense Security
U.S. Federal Government

& Intelligence Services
“By adding Endgame’s federal services team, Accenture Federal Services can better equip our clients to identify and eradicate
Business
Services Business malicious attacks faster and more effectively. As the digital explosion is dramatically increasing the attack surface, rapidly identifying,
isolating and remediating intrusions will be central to the next generation of cyber defense.”
- David Moskovitz, Accenture Federal Services, Chief Executive Officer
Date: 2/8/2017 Date: 2/9/2017
HQ: Arlington, Virginia HQ: Reston, Virginia Verisign’s iDefense Overview
Defense Operations Threat Intelligence iDefense IntelGraph Service Coverage Areas Key Capabilities
▪ Built on graph database technology to 100+ Security Researchers Worldwide
Cyber Cyber
Accenture Security Acquisition History allow all facets of threat intelligence to
Espionage Crime 20+ Proficient Languages
be stored in a central repository
Date Company Description connected by links
40+ Threat Intelligence Analysts
▪ Enhances the ability to detect and Vulnerability
analyze threats while accelerating Hacktivism Dedicated Subject Matter
10/5/2016 Simulates attacks of advanced adversaries Management
customer notification and remediation Experts in Threat Intelligence
Provides vulnerability countermeasures, “The acquisition of iDefense augments Accenture Security’s existing Cyber Defense Services with targeted threat intelligence that
6/20/2016
cyber forensics & malware defenses Accenture will embed into services it manages for clients’ security operations. In addition to directly providing threat intelligence to
Fortune 500 customers, Accenture will fuel its cybersecurity platform with these capabilities to enhance its ability to inform clients
Supports U.S. federal govt & provides where threats are forming and coming from, and what actions to take – much earlier than other providers who leverage public data
8/4/2015
advanced cyber defense & response feeds.” – Accenture Press Release
153
Sophos Acquires Invincea
Acquisition To Expand Sophos’ Next Generation Endpoint Protection Portfolio.
Transaction Overview Invincea Overview

Invincea Detect Invincea Prevent Invincea Complete
Date: 2/8/2017 ▪ Detect new and ▪ Block known and ▪ Additional spear phishing
existing threats unknown malware protection
▪ Capture and analyze ▪ Stop weaponized ▪ Utilize Invincea’s isolation
By forensic data documents and other capabilities to identify
HQ: Fairfax, Virginia Invincea file-less attacks untrusted content in emails
acquires Prevent Known & Unknown Malware without
Key Features
Stop File-less Attacks
Founded: 2009 Signatures
Eliminating Spear Phishing Attacks Deep Forensics
CEO: Anup Ghosh Invincea Remote Threat Monitoring X-as-a-Service

Managed Services Combines X with active monitoring by analysts. If Invincea will configure & manage the software, &
threat detected, will offer advice on how to proceed monitor for threats
Endpoint Security $120.0 Million Transaction Commentary
Invincea Funding Summary ▪ Sophos has agreed to acquire Invincea for a cash consideration of $100 million with a $20 million earn-out
dependent on first-year revenue
▪ The transaction will be financed through cash on hand and extension of existing credit facilities of Sophos Group
Nov 2016 Venture $10.0
▪ Invincea Labs will be separated from Invincea prior to the transaction and does not form part of this transaction.
Apr 2014 Grant $8.1 Undisclosed ▪ “Invincea is leading the market in machine learning-based threat detection with the combination of superior
Dec 2013 Series C $16.0 detection rates and minimal false positives. Invincea will strengthen Sophos’ leading next-gen endpoint protection
with complementary predictive defenses that we believe will become increasingly important to the future of
Dec 2012 Series B $14.1 Undisclosed endpoint protection and allow us to take full advantage of this significant new growth opportunity.” – Kris
Mar 2009 Series A $7.3 Hagerman, CEO Sophos
154
StackPath Acquires Highwinds
StackPath’s 5th Acquisition In The Last 12 Months, To Accelerate The Delivery of A Global Enterprise Security Platform.
Transaction Overview Highwinds Overview

The Highwinds Content Delivery Network is one of the largest CDNs and features additional products and services built to address
many of your specific needs. Highwinds provides Customized Solutions for a variety of platforms:
Date:
2/6/2017
Media Games Ads Software Websites

HQ: Advanced Streaming Platform Gaming Delivery Network Quick Decisions & Delivery Fast File Downloads Speed-Up Your Entire Site
Winter Park, Florida
acquires
Highest Satisfies demand for faster downloads, updates, & patches Advanced media tool chain for prep Deliver entire websites & apps via the CDN, including
Founded: performing by using CDN optimized for large file delivery & delivery of video to every device both static & dynamic content
Products
2002 CDN
Supports online storage needs with full CDN portal offers advanced analytics, Block attacks on your origin Bundle IP transit & colocation to create a
replication, guaranteed high availability & customized reports & real-time operations servers, protect your content, custom CDN to efficiently manage &
CEO: asset durability & ensure service continuity distribute content globally
Steve Miller
Content Delivery Network (CDN) StackPath Funding & Acquisition Summary

Transaction Commentary July 2016 $180.0
Series A Insiders
▪ Highwinds’ services & platform will be integrated with existing StackPath offerings &
operations to create a single global platform Date Acquired Company Company Description
▪ The integration puts StackPath at more than 300 employees with more than 20,000 CDN
MaxCDN is a content delivery network that helps companies accelerate static and dynamic content
customers and one of the world’s largest global network backbones July 2016
around the world.
▪ “Our two companies had the same view that CDN security and innovation hasn’t evolved as
Fireblade offers web security services in the areas of DDoS protection, Web application security,
quickly as it needs to. Developers leverage CDNs for practically everything they’re building July 2016
performance monitoring, and web acceleration aspects.
in the cloud these days. But CDNs still tend to be add-on services, not built-in. Merging
Staminus develops advanced security availability technology to mitigate the largest and most complex
Highwinds and StackPath gives us the scale, scope, and experience to more quickly bring July 2016
DDoS attacks in the world.
the market an integrated, next-generation platform with unprecedented security
Cloak is a consumer VPN platform with native iOS and Mac applications to allow people to securely
advantages.” –Lance Crosby, CEO StackPath April 2016
use the internet while on untrusted networks.
155
Keysight Technologies Acquires Ixia
Ixia Will Complement Keysight’s Software And Security Portfolio, Allowing For Keysight’s Accelerated Growth.
Transaction Overview Ixia Overview

Ixia provides comprehensive IP network validation and network visibility solutions. The Company's designs are used
Date: 4/18/2017 by equipment manufacturers, service providers, enterprises, and government agencies to validate network functions,
acquires
test the integrity of security infrastructure, and deliver an end-to-end view of client networks.
HQ: Calabasas, CA 360 Testing Tools Strong Visibility Architecture Segments Served
acquires End-to-end testing: Spans Out of Band Monitoring:
every port, machine, and Powered by intelligent security
Founded: 1997
device that applications fabric improves the accuracy of
touch out-of-band network and
application security monitoring Enterprise Service
CEO: Bethany Mayer Providers
Continuous testing: helps Inline Security Resilience:
detect vulnerabilities not Failsafe visibility to physical,
Network Security $1.6 Billion visible in development and virtual, and encrypted traffic
verifies operation even maximizes the value of firewalls,
Ixia (NYSE:XXIA) Price Performance after deployment intrusion prevention systems and Government Network
Agencies Vendors
$21.00
other appliances
($ USD price per share)
$19.50
$19.00 Transaction Commentary
$17.00 Deal Announced ▪ “We are pleased to have quickly brought the Ixia acquisition to completion and excited to add Ixia’s deep
$15.00 (January 30, 2017)
bench of talent to the Keysight team. This complementary combination accelerates several of our strategies for
$13.00 growth, including expanding our software solutions and software engineering capability. We have also
$11.00 broadened our reach within the communications development lifecycle, and will build and grow Ixia’s
$9.00 established strong position in the fast-growing visibility and security markets.” – Ron Nersesian, President and
$7.00 CEO of Keysight
Jan-16 May-16 Sep-16 Jan-17
156
LLR Partners Acquires BluVector
Acquisition By LLR Partners Should Widen BluVector’s Commercial Opportunities.
Transaction Overview BluVector Product Overview

Provides network-based Advanced Threat Detection solutions to enable SOC analysts and Incident
Date: 01/09/2017 Response Teams to gain actionable insight on advanced threats in real-time
HQ: Millersville, MD Speed Accuracy Integration

acquires
▪ Built to handle >10 GBps high ▪ Patented Machine Learning ▪ Designed to interoperate with an
Founded: 2015 speed networks engine with support for 30+ file organization’s existing security
▪ Performs real-time static analysis types solution, including: SIEM tools,
CEO: Kris Lovejoy of content to identify advanced ▪ Ability to identify zero-day & Threat Intelligence data feed, &
threats in milliseconds that polymorphic malware post analyzers
Specialized Threat Protection ~$50.0 Million ordinary tools wouldn’t detect ▪ Ability to evolve on premises ▪ Supports automation of key
▪ Suspicious threats are sent to using forms of AI to further processes, including block
sandbox for dynamic analysis improve accuracy & reduce false requests
LLR Partners Security Portfolio History The BluVector Threat Engine
positives
▪ LLR Partners acquires BluVector from Northrop Grumman
▪ LLR Partners has committed $50M to BluVector to support the acquisition and future growth plans
▪ “As part of Northrop Grumman, we were able to create truly innovative threat hunting capabilities and disrupt the
market. Emerging as a standalone business now gives BluVector the opportunity to extend our leadership position in
both existing and emerging security sectors. Partnering with LLR brings to the equation a keen understanding of the
cyber market and the resources to help us accelerate growth in the commercial space.” -Kris Lovejoy, CEO of BluVector
157
Amazon Acquires Harvest.ai
Amazon Web Services Strengthens Its Security-As-A-Service Platform With Acquisition Of AI-Based DLP Start-Up.
Transaction Overview Harvest.ai Overview
Date Announced: 01/09/17
HQ: San Diego, CA

Reinventing DLP AI-Based Analytics UEBA
▪ Use analytics to discover and ▪ AI analytics learn to identify ▪ Ability to observe changes in
stop targeted attacks intellectual property, whether user behavior across system–
acquires Founded: 2014 ▪ DLP analytics classify documents, videos, or code including Google For Work,
documents & identify true IP ▪ Understands how data is being Office 365, & Box— crash
matches to protect documents accessed to prevent targeted reports and security logs shine a
Total Raised: $2.7M attacks spotlight on possible breaches
DLP MEETS USER BEHAVIOR ANALYTICS (UEBA)

harvest.ai's MACIE™ Analytics provides the confidence and dependability in protecting your business' most
Founder / CEO: Alex Watson
important assets, protecting user accounts from compromise and preventing theft of data and intellectual property
Data Security ~$20.0 Million

Funding Snapshot ▪ “AWS already offers embedded security features and tools for users of its cloud services platform. Although
there are third parties who offer security features for cloud services, Amazon has also moved into this area,
Date Stage Amount Raised ($M) Investors given how vital it is for customers to trust it to lock down their key business assets.” – TechCrunch
▪ “And, as ever with security, it’s an arms race to keep on top of evolving threats, so it may be that harvest.ai was
Mar 2015 Seed $2.3 acquired to beef up those capabilities. Amazon CTO Werner Vogels has described security as one of the five
supporting pillars of every service it builds for customers.” – TechCrunch
Nov 2014 Seed $ 0.4
158
Clearlake Capital Group Acquires LANDESK
LANDESK Merges With Clearlake’s HEAT Software To Create IT Solutions Company Ivanti.
Transaction Overview Ivanti Overview

Combination of HEAT Software and LANDesk allows for comprehensive IT Solutions Services
Date: 01/03/2017
Cloud Service Management Unified Endpoint Management
HQ: South Jordan, Utah Improve productivity; Manage all user IT IT Service
automate workflows to devices; identify and Security Management
acquires better manage business solve any issues
efficiency immediately
Founded: 1985
IT Asset UEM/Systems
Management Management
CEO: Steve Daly

Supply Data and
Chain Analytics
Endpoint Security $1.2 Billion Unified Endpoint Security Service Asset Management
Management Management Management
Heat Software Background Transaction Commentary

▪ February 13, 2015 Clearlake Capital Group acquired FrontRange Solution ▪ Clearlake Capital Group acquired LANDESK and combined it with HEAT Software to create Ivanti
▪ FrontRange merged with Clearlake portfolio company Lumension to form ▪ “Ivanti’s strength lies in its scale and the quality of its loyal customer base, people, and differentiated products.
We plan to aggressively accelerate growth by investing in the development of new products and sales and
Heat Software to become a comprehensive service management and
marketing as well as through acquisitions.” –Behdad Eghbali, Managing Partner Clearlake Capital
unified endpoint management software solutions provider
▪ “The combination enhances Ivanti’s unified endpoint management (UEM) solutions, increases its strength in the
▪ Heat assists with business operations, such as security and compliance, endpoint security market, and provides a rapidly growing SaaS service management platform. The combined
through its software suite, which services 8,700 customers worldwide company is well positioned to address IT’s growing needs as they deal with increasingly complex end-user
environments and transition services to the cloud.” –LANDESK Press Release
159
Highlighted
Fundraising Activity
1
Series C Series B Series A Series B Secondary Series A Series C Series B

Dec. ’17 | $40M Dec. ’17 | $25M Dec. ’17 | $7M Dec. ’17 | $13M Dec. ’17 | $211M Nov. ’17 | $25M Nov. ’17 | $30M Nov. ’17 | $16M
Private Equity Series E Private Equity Series B Series A Series C Series C Series C
Nov. ’17 | $65M Oct. ’17 | $25M Oct. ’17 | $150M Oct. ’17 | $30M Oct. ’17 | $8M Oct. ’17 | $30M Oct. ’17 | $70M Oct. ’17 | $50M
Series C Series C Series B Series C Series A Series B Series C Series D

Oct. ’17 | $28M Oct. ’17 | $21M Sept. ’17 | $27M Sept. ’17 | $26M Sept. ’17 | $29M Sept. ’17 | $25M Sept. ’17 | $45M Sept. ’17 | $88M
Series B Series D Late Stage Venture Series A Series B Series A Series B Series A
Aug. ’17 | $40M Aug. ’17 | $26M Aug. ’17 | $80M Aug. ’17 | $13M Aug. ’17 | $22M Aug. ’17 | $10M Aug. ’17 | $15M Aug. ’17 | $20M
StackRox
Series A Series B Series A Series B Series B Series C Series C Series D
Jul. ’17 | $35M Jul. ’17 | $23M Jul. ’17 | $14M Jul. ’17 | $23M Jul. ’17 | $32M Jul. ’17 | $42M Jul. ’17 | $40C Jul. ’17 | $75M
Series E Series C Series C Series A Series F Series B Late Stage / Debt Late Stage
Jul. ’17 | $36M Jul. ’17 | $29M Jun. ’17 | $30M Jun. ’17 | $12M Jun. ’17 | $75M Jun. ’17 | $33M Jun. ’17 | $70M Jun. ’17 | $100M
Series C Series D Series E Private Equity Series D Series B Late Stage Venture Series A
Jun. ’17 | $12M Jun. ’17 | $125M Jun. ’17 | $100M May ’17 | $100M May ’17 | $100M May ’17 | $15M May ’17 | $15M May ’17 | $12M
Series C Series C Series B Private Equity Series C Series F Series A-II Series A-II
May ’17 | $36M Apr. ’17 | $17M Apr. ’17 | $20M Apr. ’17 | $40M Apr. ’17 | $21M Apr. ’17 | $89M Mar. ’17 | $4M Mar. ’17 | $7M
Series A Series C Series C Series C Series C Series B Series B Series C

Feb. ’17 | $15M Feb. ’17 | $22M Feb. ’17 | $40M Feb. ’17 | $30M Jan. ’17 | $70M Jan. ’17 | $25M Jan. ’17 | $14M Jan. ’17 | $45M
Raises $40.0M In Series C Financing.
Company Overview Menlo Security Product Overview

Menlo Security provides a new layer in the security stack that contains and eliminates all The Menlo Security Isolation Platform (MSIP) incorporates a web isolation, document isolation, and
malware, every time, and delivers a completely native experience to users. Traditional phishing isolation service that eliminates the possibility of malware reaching the user
methods of preventing attacks, all based on distinguishing ‘good’ content from ‘bad’
Description Web Isolation Service Document Isolation Service Phishing Isolation Service
content, are becoming outdated and Menlo Security seeks to eliminate the threat of
malware from the web and email through revamped technology and contemporary Document Isolation Service Phishing Isolation prevents
Web Isolation Service protects
security platforms. isolates and renders the most phishing sites from delivering
enterprises from cyber attacks by
common file types – including malware to endpoints and/or
isolating and executing all web
PDF, Word, Excel, and harvesting private information
content in the MSIP before
PowerPoint - before malware from users who click on phishing
malware can reach users devices
reaches users links
Founders /
Management
Key Features
Amir Ben-Efraim Poornima DeBolle Kowsik Guruswamy Todd Vender Gautum Altekar
CEO & CPO & CTO VP, Engineering Chief Architect &
Co-Founder Co-Founder Co-Founder No False Positives or Negatives Download Safe Documents Eliminates Credential Theft
Founded 2013
Works With Any Device No Plug-In Software Simplifies Infrastructure
HQ Palo Alto, California
Total Amt Raised $85.0M Available as SAAS Transparent User Experience Protects Email Users
Menlo Security Isolation Platform (MSIP) Funding Summary

The Menlo Security Isolation Platform (MSIP) eliminates malware from key attack vectors Date Stage Amount Raised ($M) Selected Investors
including web and email and is available as a public cloud service or the user’s data center $40.0
Dec 2017 Series C
The Process The Difference The Importance Nov 2015 Series B-I $9.5 Undisclosed
The MSIP uses adaptive The MSIP is transparent by The results from conventional
clientless rendering technology having no impact on user threat prevention products is Jun 2015 Series B $35.0
to connect the user’s running experience and easy to deploy ineffective because of how
session to the user’s native with no endpoint software innovative today’s attackers are Nov 2014 Series A $10.5
browser requirement
Source: Company Press Release and Website, Pitchbook, and Capital IQ.
162
Raises $25.0M In Series B Financing.
Company Overview ShieldX Product Overview

ShieldX is a developer of microservices platform designed for agentless, multi-cloud APEIRO is network-based, DPI-powered security that deploys automatically at elastic, unlimited scale and cloud-principled
security. The company's microservices platform is a network-based, DPI-powered security cost. It rapidly and efficiently secures today’s complex, multi-cloud environments that feature high-volume, lateral traffic.
that deploys automatically at elastic, unlimited scale and cloud-principled cost and rapidly
Description Uncompromised Security APEIRO IN THE CYBER KILL CHAIN
and efficiently secures today's complex, multi-cloud environments that feature high-
volume, lateral traffic, enabling enterprises to reduces customer risk and helps IT to end ▪ Microsegment & secure in minutes at scale
the unacceptable compromises between security, performance and cost. ▪ Inspect and protect in-depth with deep
packet inspection
▪ Express security intent with policy aligned to
risk and compliance
Founders /
Management Unlimited Scale
Dr. Ratinder Ahuja Harjinder Singh Manuel Nedbal Lovely Kaur John Parker
CEO & President & CTO & VP, HR & Biz Ops VP, Products ▪ Scale elastically to multi-terabits of inspection
Co-Founder Co-Founder Co-Founder & Co-Founder ▪ Automate, insert and orchestrate natively
Founded 2015 ▪ Deploy on and across multi-cloud
infrastructure
HQ San Jose, California
Total Amt. Raised $34.0M Unparalleled Economics
▪ Save time with automation and DevOps-
Key Highlights ready APIs
▪ Maintain SLAs with inherent high availability
Innovation Awards Partnerships ▪ Save infrastructure costs at only 2-4 cores per
microservice
Invented industry’s first For Cloud
microservices platform for Security Funding Summary
Cloud security that Date Stage Amount Raised ($M) Selected Investors
combines network-based
Top Innovator Dec 2017 Series B $25.0
security with latest
in Micro-
innovations in Segmentation Nov 2015 Series A $9.0
infrastructure tech for 2017
163
Raises $6.5M In Series A Financing.
Company Overview IRONSCALES Product Highlights

IRONSCALES is a developer of an automated phishing-mitigation prevention system IRONSCALES is a price performance leader that offers the following eight unique and
designed to address the challenges of email phishing. The company's phishing-mitigation contemporary technological features to users:
Description prevention system offers protection from cyber-crimes and prevents spyware, remote-
access trojan horse attacks and ransomware, enabling clients to meet the complexity of
the modern threat landscape and avail secure connection in a hassle free way.
Affordable Anti- Reduced Labor No Expensive Unlimited
Phishing Costs Services Users/System
Founders / Basic packages are up Saves hundreds of Save the average Can add as many team
Management to 40% less than some thousands in staff $15,000 in consulting members to platform as
Eyal Benishti Tsahy Shapsa Erez Fingerman Lomy Ovadia David Burnett Adam Hofeler other competitive salaries and manual fees, $10,000 - $35,000 desired for no
CEO & Founder Board Director COO Head of R&D VP, Sales VP, Sales
UK & Emea
applications phishing prevention in additional services additional costs or fees
Americas
Founded 2013
HQ Tel Aviv, Israel
Total Amt. Raised $8.0M Extended Phone Quick Email
Excellent Support FREE Support
Support Response
10 hours daily ranging Email response is Includes detailed There is no additional
IRONSCALES Product Overview from 8:00 AM to 6:00 available via the videos, articles, how-to cost for support, installs,
PM in the Eastern website, and is also and installation guides or updates included
The IRONSCALES email phishing defense suite is comprised of four fully integrated Standard Time available within the plus more resources with the product
& award-winning products that the company offers Dashboard
Funding Summary
Dec 2017 Series A $6.5
The Most Intelligent The First & Only The Fastest, Fully The Only Real-Time
Phishing Simulation Mailbox-Level Automated Phishing Automated Phishing Jan 2016 Seed $1.5
& Awareness Training Phishing Detection Incident Response Intelligence Sharing
Jan 2015 Accelerator Undisclosed
164
Prevoty is one of the leading developers of Runtime Application Self-Protection Security LANGSEC Features
(RASP). Its autonomous application protection technology is designed for applications to
defend themselves against real-time attacks, allowing enterprises to automatically protect Reduced Vulnerability Backlog Layered Defense
their applications while in production. The company integrates application security with Up to 100% of Application External protections
Description
agile software development practices, allowing both security and development teams to Security Testing backlog such as IPS and WAF as
will not need immediate first line of defense –
reduce risk and work more effectively.
remediation. with RASP as last line.
Real-Time Attack Visibility Faster Application Release

Prevoty’s Language security
Identifies potential vs. Push applications into
(LANGSEC) approach to RASP faster production
Founders / actual vulnerabilities by
neutralizes threats without requiring showing real attacks on without worrying about
Management signatures or anomaly detection SIEM, log, WAF, etc. vulnerabilities.
Julien Bellanger Kunal Anand George Vukcevich Sharon Vardi Chris Prevost
capabilities.
CEO CTO VP Sales CMO VP Solutions
Founded
Funding Summary
2013
HQ Los Angeles, California Date Stage Amount Raised ($M) Selected Investors
Total Amt. Raised $25.0 M
Dec 2017 Series B $13.0
Internal Protection
Tightly coupled with code
Undisclosed Early Stage VC $0.8 Undisclosed

Automatic reconfiguration
without human intervention
Dec 2013 Seed $2.4
Embedded security within

running application May 2013 Seed $0.7
165
Completes $213.0M Recapitalization As Axxess Capital Sells 30% Stake To Vitruvian Partners.
Company Overview Business Highlights

Description Bitdefender develops cybersecurity and anti-virus software designed to provide protection Trusted security provider with a deep bench of cybersecurity professionals, global security delivery
against internet security threats. The company's security software features web protection, infrastructure and award-winning proprietary technology enabling the full protection of over half a
cloud antispam, firewall, vulnerability scanner, parental controls, file encryption, device
anti-theft and backup in addition to efficacy, ease of use and inter-operability enabling
billion users and business since 2001.
customers and clients to safeguard their laptops, desktops, tablets and mobile phones from
viruses, trojans, rootkits, rogues, aggressive adware, spam, etc. 1,300 600+ 4,200+ 72
Employees Engineers & Qualified Patents
Researchers Reseller Partners
Founders / Solution Overview
Management
Robust security solutions that radically alter the customer’s experience with security, in terms of
Niculae Dinca Niculae Dinca Bogdan Irina Bogdan Dumitru Rares Stefan
CEO CFO COO CTO CSO efficacy, performance, ease of use and interoperability.
Founded 2001
HQ Bucharest, Romania
Total Amt. Raised $220.1M
Intelligent Advanced Threat Multi-Layered Endpoint 24 / 7 Customer Wi-Fi
Antivirus Defense Next-Gen Security Security Support Security Advisor
Selected Customers
File Encryption Anti-Phishing & Firewall Vulnerability Cloud

Password Manager
Anti-Fraud Protection Scan Security
Technology Alliances Funding Summary

Secondary
Dec 2017 $213.1
Transaction
Dec 2007 Growth $7.0
166

ReversingLabs provides the industry’s first modular, high volume file classification solution,
Advanced security solutions with unmatched speed and accuracy for enterprises, government agencies,
that scales to assess millions of files from various sources including endpoints, network, and and security solution providers
storage. Elastic Object Processing detects malware and zero day and performs YARA-based
Description
classification for DLP, malware identification, policy violations, and regulatory compliance. Threat Detection Incident Response & Forensics File Reputation
Elastic File Analysis works within customer security infrastructures for file extraction, deep
Product: TitaniumCore Product: TitaniumCore
analysis, event reporting, YARA hunting, and response. Function: Malware Function: File Reputation
Product: N100 Analysis Solution Service (Cloud)
Function: Network
Security Platform Product: TitaniumCore Product: TitaniumCore
Founders / Function: Malware Function: File Reputation
Management Analysis Platform Appliance (On-premise)
Mario Vuksan Igor Lasic Ron Talwalkar John Hanratty
CEO & Co-Founder VP of Technology VP of Product VP of Marketing
Technology Overview
Founded 2009
HQ Cambridge, Massachusetts ReversingLabs incorporates a number of unique core technologies and industry standards that increase the
Total Amt. Raised $25.0M speed, effectiveness and coverage of its solutions
Selected Partners Active File ReversingLabs Support for

Decomposition Hashing Algorithm STIX / TAXII
The fastest, most comprehensive More effective for malware Enables clients to share cyber
solution for threat detection & detection than standard file threat data with other
malware analysis hashing algorithms organizations
ReversingLabs Solution Key Capabilities
Funding Summary
Elastic File Analysis Malware Hunting File Reputation Services
World’s largest Whitelist
The only elastic Next generation YARA
and Blacklist on over 5
solution for real-time hunting platform with
billion unique files (6 Nov 2017 Series A $25.0
file and object analysis advanced pivots
million files added daily)
167

ThreatQuotient develops cybersecurity software that enables organizations to manage threat
ThreatQ™: Threat Intelligence Platform
intelligence and defend against cyber-attacks. Its Threat Intelligence Platform, ingests and
centralizes over 120+ feeds ranging from commercial cloudsourcing communities to ThreatQ is an open and extensible threat
Description malware sandboxes. The platform uses third-party tools to provide insights to enrich intelligence platform that accelerates security
customer data with OpenDNS, VirusTotal, Threat Recon, and more. The turnkey integration operations through streamlined threat operations
of over 25 security technologies ensures detection systems are updated with the most high and management.
risk indicators.
Prioritize Accelerate
Enrich Data Collaborate
Based on Risk Detection &
with Context Across Teams
Profile Response
Founders / Correlate external and Automatically score Automate aggregation, Centralize threat intelligence
internal data to gain and prioritize threat operationalization and use sharing, analysis, and
Management
context and determine intelligence based on of threat intelligence across investigation in a threat
John Czupak Wayne Chiang Ryan Trost Leonard Kurtzman Marc Solomon relevance and priority your parameters all systems and teams intelligence platform
President & Chief Architect & CTO & Co-Founder CFO CMO accessible to all teams
CEO Co-Founder
Founded 2013 Threat Data Aggregation Vulnerability Scanning Threat Hunting

Use Improve Incident Response Breach Investigation Strengthen Sensor Grid
HQ Sterling, Virginia
Cases Curated Threat Intelligence Spearphishing Operational ROI
Over 120+ feeds ranging from commercial cloud sourcing communities, open Funding Summary
source intelligence blacklists, and malware sandboxes Date Stage Amount Raised ($M) Selected Investors
Nov 2017 Series C $30.0
Aug 2016 Debt $3.0
Aug 2016 Series B $12.0
Dec 2015 Series A $10.2
Apr 2015 Seed $1.5
168

EclecticIQ is a global provider of Cyber Threat Intelligence technology solutions. It helps
Eclectiq Eclectiq Solution
organizations turn cyber threat intelligence into business value with a suite of products built Fusion Center Platform Services
for cybersecurity professionals in threat intelligence, threat hunting, SOC, and Incident
Intelligence Technology
Description Response roles. Its platform is the analyst-centric threat intelligence platform based on STIX / Sources Providers
TAXII that meets the full spectrum of intelligence needs. The Fusion Center enables the
acquisition of thematic bundles of cyber threat intelligence from leading suppliers with a
single contract.
Founders / Enterprise Integrations

Management
Joep Gommers Raymon van der Velde Ionut Ionescu Jerome Robert Marko Dragolijevic
Founder & CEO Founder & VP Product VP Solution VP, Product Marketing VP Technology
Management Reports IT Integration Analysts
Founded 2014
HQ Amsterdam, Netherlands EclecticIQ Platform is a Threat Intelligence Platform (TIP) that empowers threat analysts to perform faster, better,
and deeper investigations while disseminating intelligence at machine-speed
Amount Raised $23.9M
EclecticIQ Platform Integrations EclecticIQ Platform allows analysts to focus on EclecticIQ Fusion Center merges a wide variety of open &
investigating threats in the context of the bigger picture, commercial intelligence sources in a targeted, human
EclecticIQ Platform fully integrates with essential threat intelligence providers, technical filling gaps left by artificial intelligence & automation qualified output feed that integrates security systems
sources, enterprise IT security solutions and ISACs
Funding Summary
Nov 2017 Series B $16.5
May 2016 Series A $6.2
Oct 2014 Seed $0.2 Raymon van der Velde & Joep Gommers
169
Raises $65.4M In Private Equity Financing.

MetricStream software provides solutions for quality management, regulatory compliance,
Process & Risk Repository Risk Assessment & Analysis Control Design & Assessments
risk management, and corporate governance. MetricStream enterprise solutions are used by
leading corporations in diverse industries such as pharmaceutical, medical device, high-tech Identify and define technological Access advanced tools for Define controls as per industry
Description components and establish and planning, scheduling, and standard frameworks like COSO
manufacturing, energy, financial services, healthcare, manufacturing, food and beverages,
maintain relationships across performing risk assessments, and and COBIT, design control test
and automotive to manage quality processes, regulatory and industry-mandated compliance them. Document and manage a once the assessments are plans and assessments, and rate
and corporate governance initiatives. wide array of enterprise risks and performed, route results for their operational and design
associated details using a review and approval. Perform effectiveness leveraging
centralized library and risk assessments easily with a simple questionnaires and surveys as
framework and intuitive user interface required
Founders /
Management Key Metrics Monitoring Issue & Action Management Monitoring & Reporting
Gunjan Sinha Shellye Archambeau Gaurav Kapoor Venky Yerrapotu Vidya Phalke
Executive Chief Executive Chief Operating EVP, Professional Chief Technology Measure and track key indicators Record findings stemming from
Access real-time information on
Chairman Officer Officer Services & Engineering Officer for risks (KRIs), controls (KCIs), and risk assessments and controls tests.
risk management programs across
key performance objectives (KPIs). Recommend action plans such as
Founded 1999 your organization through role-
Set thresholds to identify potential modifying controls or defining
based landing pages with
HQ Palo Alto, CA threats, and mitigate them in new controls as part of the issue
dashboards. Dynamic heat maps
Total Amt. Raised $310.0M advance. Send alerts and remediation process. Monitor the
help view risks by organization,
notifications on any breach to status of implemented actions at
product, or process or by risk
Customers relevant personnel for faster every stage and track them to
category
decision making closure
Funding Highlights
Industries Date Stage Amount Raised ($M) Selected Investors
Banking & Nov 2017 Private Equity $65.4
Retail Government Pharmaceuticals
Financial Services
Sep 2014 Growth $60.0
Jul 2013 Growth $48.4

Health
Insurance Healthcare Oil & Gas Mining
Prior to 2013 Venture $136.2
170
Raises $25.0M In Series E Financing.

Recorded Future delivers threat intelligence powered by machine learning. The
company’s patented Web Intelligence Engine automatically collects and analyzes Vast Collection Instant Context Faster Analysis
intelligence from technical, open, and dark web sources. It delivers more context than
Description threat feeds alone, updates in real time, and packages information ready for human Access threat intelligence. Keep a finger on the pulse of
Spend less time collecting data
analysis or instant integration with existing security technology. It offers integration Recorded Future continuously the Cyber threat landscape.
and supercharge your security
services, such as workflow automation, data curation/augmentation, and connectors for processes billions of data Get Contextualized threat
team’s capacity. Get mission
security applications. points per day in multiple intelligence delivered in real
critical threat info instantly
languages from the open, time for more efficient
structured and presented
deep, and dark web evaluation of security events
Founders /
Management Real-Time Monitoring Relevant Insights Intelligence Sharing
Christopher Ahlberg Staffan Truve Scott Almeida Bill Ladd Matt Kodama Tune Recorded Future to your Collaborate on intelligence
CEO & Founder Co-Founder & CTO CFO Chief Data Scientist VP Product Drive faster and more accurate
corporate profile and analysis to improve your
incident detection with custom
technology stack, providing response by safely sharing with
Founded 2009 alerts directly relevant to your
context that allows you to your team, and getting insight
threat surface, brand, and
HQ Somerville, MA focus in on business specific from Recorded Future’s expert
infrastructure
threats threat analysts
Select Industries & Customers Funding Highlights

Oct 2017 Series E $25.0
Apr 2015 Series D $12.0

Energy Financial Services Government Healthcare Retail
Jan 2012 Series C $12.1
Jun 2010 Series B $7.4
Jul 2009 Series A $2.6
171
Raises $150.0M In PE Financing.

Skybox Security is a provider of cyber security management services intended to Horizon’s security visualization and mapping capabilities are rooted in Skybox
eliminate attack vectors & safeguard business data & services every day. The company's Skybox Horizon intelligence and analysis of all the layers that make up the attack surface.
security analytics platform develops software services that extract insight from cyber
security data to give unprecedented visibility of an enterprise's attack surface, the ways in Leverage Skybox Research Lab's vulnerability and threat intelligence, and
Description Skybox Vulnerability Control
which its information technology systems are vulnerable to threats, with unparalleled automatically correlate it to your unique environment.
visibility and context-aware intelligence of the attack surface, Skybox drive effective
Consolidate threat intelligence from multiple sources in a normalized view to
vulnerability & threat management, firewall management & continuous compliance Skybox Threat Manager pinpoint your most critical risks.
monitoring enabling businesses to fight attacks.
Secure and optimize your firewalls and keep rulesets clean with automated
Skybox Firewall Assurance firewall rule life cycle management.
Founders / Streamline daily firewall change management tasks with an automated workflow
Skybox Change Manager
Management that speeds up processes from planning to execution.
Gidi Cohen Lior Barak Stewart Fox Michelle Johnson Cobb Moshe Raab
Founder & CEO CFO EVP, Sales CMO VP, R&D Use attack vector analytics to assess proposed network changes, and verify
Skybox Network Assurance network compliance every day with customizable reporting and metrics.
Founded 2002
Funding Summary
HQ San Jose, California
Total Amt. Raised $304.7M Oct 2017 Private Equity $150.0
Selected Customers Feb 2016 Private Equity $96.0
Jan 2014 Venture $6.0
Nov 2011 Venture $6.0
Cybersecurity Analytics In Action Dec 2009 Series D – II $2.0
Jun 2007 Series D $13.9

Visualize Analyze Respond
Jun 2006 Venture $9.3 Undisclosed
Create a model of your Identify potential attack Get actionable intelligence
attack surface by collecting vectors and prioritize in minutes and protect Jan 2005 Series C $10.3
data from all network with complete context of your business with
May 2003 Series B $6.2 Viola Ventures
devices and security your environment and accuracy and efficiency
systems automatically the threat landscape Apr 2002 Series A $5.0 KMN Capital Viola Ventures
172

KnowBe4 is a developer of an integrated security awareness training and simulated phishing Baseline Testing Old school Security Awareness Training doesn’t
platform designed to train employees to make smarter security decisions. The company's hack it anymore. Today, your employees are
Provide baseline testing to assess the Phish-prone percentage of frequently exposed to sophisticated phishing and
training platform helps organizations address the human element of security by raising
Description your users through a free simulated phishing attack ransomware attacks.
awareness of ransomware, CEO fraud and other social engineering tactics through a new-
school approach to security awareness training, enabling employees to make better security Train Your Users
decisions to control both their organization's and personal security.
The world's largest library of security awareness training content;
including interactive modules, videos, games, posters and
newsletters. Automated training campaigns with scheduled
reminder emails
Founders /
Management Phish Your Users
Best-in-class, fully automated simulated phishing attacks,
Stu Sjouwerman Alin Irimie Kevin Mitnick Lars Letonoff
CEO & Co-Founder CTO Chief Hacking Officer Chief Revenue Officer hundreds of templates with unlimited usage, and community
phishing templates
Founded 2010
See The Results
HQ Clearwater, Florida
Enterprise-strength reporting, showing stats and graphs for both
Total Amt. Raised $43.2M training and phishing, ready for management
Product Features Funding Summary
Oct 2017 Series B $30.0
Unlimited New Smart Custom Phishing Simulated Detailed Crypto-Ransom

Use Groups & Landing Pages Attachments Reporting Guarantee Feb 2016 Series A $13.2
173

Averon provides a fully automated mobile authentication platform that requires zero Lock / Unlock
Direct Autonomous Authentication™ (DAA™)
installations and no involvement by end users. Averon's Direct Autonomous Provides instant, frictionless authentication that Ultra-secure identity authentication
Authentication™ (DAA™) is an API solution that securely confirms user identity via real- is the easiest, fastest & most secure identity protects digital locks for home, auto &
Description time mobile network signaling, carrier data packets, and verifying SIM/eSIM as “Chip verification solution tech
Present” to instantly authenticate connected devices. Use cases for Averon include: Averon Provides Authentication Solutions For Many Verticals
securing mobile payments, decreasing friction in blockchain transactions, detecting fraud
at checkout, protecting logins from password hacks, & managing role-based cloud access. ▪ FinTech validation solutions eliminate fraudulent activity for credit cards
Banking & FinTech ▪ Blockchain solutions integrate seamlessly for any blockchain-related transactions
and validations
Founders / ▪ Easily prevent hackers from taking over your car

Smart Vehicles
Management ▪ Ultra-secure vehicle access from mobile devices / verify out-of-band proximity
Wendell Brown Leo Tarnowski Taro Gold Aaron Mahone Kevin Shen
Founder & CEO COO & President Chief Creative Officer Director, Ops & Growth Manager ▪ Instantly form-fill purchases; never type your data again
Finance E-Commerce ▪ Automatically and invisibly prevent fraudulent activity with zero effort by end
users
Founded 2014
▪ Averon helps authenticate your digital locks for home, auto, and tech
HQ San Francisco, CA Smart Locks & IoT ▪ The safest, easiest way to secure access to connected devices: front doors,
Total Amt. Raised $8.3M routers, connected cars, and more
Recognized By ▪ Hassle-free authentication that goes beyond 2-factor codes and legacy
Online Accounts
username / passwords
Only Averon
uses real-time ▪ Streamlines & secures user & access management protocols for mission-critical
Government applications and sensitive data, resulting in improved usability and a simplified
carrier path to meet and exceed government security standards
signaling &
requires zero Funding Summary
effort by users
Oct 2017 Series A $8.3
174
Company Overview Contrast Security Product Overview

Description Contrast Security is a developer of application security software designed to protect
Development Security Operations
against cyber-attacks. The company's application security software offers sensors that work
actively inside applications to uncover vulnerabilities, prevent data breaches, and secure Automatic, Continuous & Always Watching. Always Ready. Scale to Make Every App in Portfolio
Incredibly Accurate Self-Protecting
the entire enterprise with highly accurate assessment and always-on protection of an Automated tool that enables anyone Inject an intelligent Contrast Agent It‘s critical that it be able to identify
entire application portfolio, without disruptive scanning or expensive security experts, in software engineering to do their into your system providing security its own vulnerabilities, identify
enabling users to prevent hackers from stealing data via Web applications. own application security analysis teams visibility throughout the entire attacks, and protect itself
and remediate vulnerabilities application lifecycle
Add The Contrast Agent To Any Application Server & It Starts Working Within Minutes. The Agent Reports To
Founders / The Contrast Teamserver, Available Either As Cloud Service Or Deployed On-premise.
Management
Arshan Dabirshiaghi Real-Time Vulnerability Detection & Expert
Alan P. Naumann
Jeff Williams Surag Patel Mike Keating Attack Protection
President & CEO
Co-Founder & CTO Co-Founder, Chief Chief Strategy Officer Vice President of Sales Guidance
Scientist
Founded 2014 Attack Visibility Software Supply Chain Analysis

HQ Los Altos, California
Total Amt. Raised $54.6M Portfolio Class Scalability Agile Speed & Seamless Automation
Contrast Fully Integrates Vulnerability Assessment with Attack Monitoring & SaaS or On-Site Deployment Non-Intrusive Agent
Protection into One Seamless Solution
Funding Summary
Application Risk Analytics & Visibility
Run-time Custom Code & Library Analytics Oct 2017 Series C $30.0
Highly Accurate Vulnerability Detection

Sep 2016 Series B $16.0
Detect Attacks & Deploy Protections
175

Duo Security is a provider of cloud-based internet security services designed to protect Duo’s Trusted Access platform ensures only Trusted Users and Trusted Devices can access
organizations against data breaches. The company's internet security services provide an protected applications. We verify the identity of your users and the health of their devices
Description authentication and mobile security software which is used to prevent online account before they connect to the applications you want them to access.
takeover, credential theft and application breaches, enabling businesses to protect their
sensitive and confidential data and applications.
Trusted Users Trusted Devices Every Application
Verify identity, enable Duo checks for out-of-date Limit access to all on-premises
enforcement of stronger user software and missing security and cloud-based applications
Founders / access policies controls based on type of user & device
Management
Two-Factor Endpoint Single
Dug Song Jon Oberheide Paul DiMarzo Raffaele Mautone
Authentication Remediation Sign-On
Chester Kustarz
CEO CTO CFO VP, Engineering CIO Strengthened security by Allows client to block risky
devices from accessing data and Lets users log in only once to
requiring two methods of ID securely access all of their
Founded 2010 apps, and allows them to notify
verification: something you enterprise cloud applications
HQ Ann Arbor, Michigan, United States know, plus something you have and/or require users to update
devices at login
Duo’s comprehensive security solution confirms the Funding Summary

identity of users and health of their devices before they Technology Application Partners Date Stage Amount Raised ($M) Selected Investors
connect to your applications.
Oct 2017 Series D $70.0
Apr 2016 Grant $2.5 -
Apr 2015 Series C $30.0

Education Federal Healthcare
Sep 2014 Series B $12.8
Legal Retail Technology Aug 2010 Seed $1.0
176
Company Overview Feedzai Agile Machine Learning

Feedzai is a provider of machine learning platform designed to help process large CORE Banking Risk Acquiring Risk Merchant Risk
PRODUCTS
volumes of data with low latency producing actionable information in real time. The
Description company's machine learning platform applies machine learning technology to large data CASE Dashboard & Reporting Alerts & Analytics
MANAGER
sets to detect anomalies and highlight potential cases of fraud associated with banking and
MASTER DATA SEGMENT-OF- DATA SCIENCE MACHINE REAL-TIME
shopping, enabling users to prevent fraud. MODELER ONE PROFILE DESIGN LEARNING DECISION
ENGINE STUDIO ENGINE ENGINE
RISK ENGINE Easily transforms 360 degree View Unified Creation, Processing
and ingests of Every Entry, management simulation. Rules events and
multiple data Customer, or and support of Engine monitors transactions in
Founders / streams & fraud Account Data Science compliance and milliseconds
insights Loop business rules.
Management
Nuno Sebastião Paulo Marques Pedro Bizarro Jim Priestley
CEO & Co- CTO & Co- Chief Science Chief Revenue CONNECTORS Integration Connectors and APIs (REST, IS008583, JMS, Socket)
Founder Founder Officer Officer
High Disaster Multi- Ops Dev Tools
CORE SYSTEM Security Administration
Founded 2008 Availability Recovery Tenancy Tools &SDK
HQ San Mateo, CA TECHNOLOGY

Funding Summary
Feedzai Deployment Date Stage Amount Raised ($M) Selected Investors
Oct 2017 $50.0

On-Premises Cloud Hybrid Series C
Oct 2016 Venture $10.5

Control the ability to Choose to host certain
Run Feedzai’s platform
scale as needs change applications in the
on internal servers under May 2015 Series B $17.5
with a cloud cloud and other core
your control. House your
deployment, removing systems on-premises for
data internally with a Feb 2013 Series A $2.4
the burden of a combined
scalable, extensible
maintenance from your deployment approach.
solution.
internal resources. May 2011 Seed $1.6
177
Company Overview SecurityScorecard Platform

SecurityScorecard is a provider of a security rating platform designed to empower every
Vendor Risk SecurityScorecard provides instant visibility into the security posture of
organization with collaborative security intelligence. The company's platform provides
Management vendors and business partners across the entire ecosystem
CISOs, security practitioners, risk management professionals and boards of directors with
a comprehensive outside-in view of the security posture of their entire ecosystem,
Description including their own IT infrastructure as well as their third and fourth-party vendors and Threat Collect and analyze threat signals from across the globe to deliver the most
continuously monitors the security posture of enterprises and government agencies across Reconnaissance accurate security ratings and detailed findings possible
the globe and evaluates them based on hundreds of indicators of compromise to assign an
A to F rating, enabling enterprises to gain visibility and control across their IT ecosystem Empower organizations to discover, monitor, and report on the cyberhealth
Self Assessment
and solve mission-critical, cybersecurity issues in a transparent way. of IT infrastructure from the outside in – to see what a hacker does
Empower enterprises to take control of their risk profiles while giving

Cyber Insurance
insurers visibility into the cyberhealth of their policyholders
Founders /
Management
Mergers & Help investors avoid getting blindsided by hidden risks and compliance
Sam Kassoumeh Bill Siegel Jasson Casey Alexander Heid
Aleksandr Yampolskiy
COO & Co-Founder CFO CTO & SVP CRO
Acquisitions issues associated with M&A targets.
CEO & Founder
Engineering
Founded 2013 Help organizations prove and maintain compliance with leading standards
Compliance
and regulations including PCI, NIST, SOX, GDPR, and many others
HQ New York, NY
Funding Summary
SecurityScorecard Customers Date Stage Amount Raised ($M) Selected Investors
Oct 2017 Series C $27.5
Jan 2014 Seed $2.2
178

Attivo Networks provides dynamic deception technology, which in real-time detects The Attivo Solution
intrusions inside the network, data center, and cloud before the data is breached. The ThreatDefend Deception and Response Platform
Leveraging high-interaction deception techniques, the Attivo BOTsink Solution lures is designed to make the entire network a trap and to
force the attacker to have to be right 100% of the
BOTs/APTs to reveal themselves, without generating false positives. Designed for
Description time or risk being discovered. The solution combines
efficiency, there are no dependencies on signatures, database lookup or heavy distributed, high-interaction deception lures and
computation to detect and defend against cyber threats. Attivo solutions capture full decoys designed to provide early visibility into in-
forensics and provide the threat intelligence to shut down current and protect against network threats, efficient continuous threat
future attacks. management, and accelerated incident response
Comprehensive Reduction of Attack Deception Improve Incident Identify and Defend Your Network
Deception & Decoy Detection Time Authenticity Response with Understand the Reporting and
Make the Entire Prevent Data Camouflage for Actionable Alerts Methods and Intent of Automations to Block
Founders / Network a Trap to Exfiltration Dynamic Behavioral Substantiated Alerts Hackers Attacks and
Confuse and Misdirect Deception Based on Attacker Analysis and Forensics Quarantine Devices
Management Attackers into Engagement: No False
Tushar Kothari Mano Murthy B.J. Shanker Ashok Shah Carolyn Crandall Venu Vissamsetty Revealing Themselves Positives
CEO Co-Founder & Co-Founder & CFO & CMO VP, Security
EVP VP, Operations VP, Finance Research
Popular Use Cases
Founded 2011
Lateral Movement Detection Exposed Credential & Attack Path Assessment Man-in-the-Middle
HQ Fremont, California
Insider, 3rd Party, Acquisition Integration Stolen Credential Ransomware Phishing
Specialized Environments: IoT, PoS, SCADA Cloud & Data Center Security Incident Response
Platform Solutions Industry Solutions
Funding Summary
Threat Detection Cloud Detection Specialty Detection Financial Date Stage Amount Raised ($M) Selected Investors
Energy Healthcare
Deception and decoy These include AWS, in These include Services
solutions provide an which the Attivo deception for ICS- Oct 2017 Series C $21.0
additional line of deception platform uses SCADA Network
defense to address the deception techniques to protection, point-of-
situations where provide visibility to inside sales attack system, first
attackers have bypassed the data center threats. deception-based threat Retail Government High Tech
prevention security Open Stack integration detection platform for Apr 2015 Series A $8.0
systems and real-time provides efficient and IoT & distributed
notification of inside effective detection of deception platforms for
the network threats is network threats for automated incident Jul 2014 Seed $2.9 Undisclosed
required virtualized SDDC handling
179
Company Overview Bastille’s Technology Overview

Description Bastille is a pioneering Internet of Radios (Mobile, IoT, and BYOD) security company.
There are 3 areas of technology across which Bastille has 14 patents approved and pending.
Bastille's patented technology combines hardware and software to offer enterprises
These technologies permit Bastille to SENSE, IDENTIFY & LOCALIZE threats as follows:
identification, threat detection and location awareness for radio-enabled devices.
Enterprise organizations use Bastille to accurately assess security threats from radio- Sense Identify Localize
enabled devices such as mobile phones and the growing number of Interned-enabled, but
not Internet-secured IoT devices. ▪ Collaborative Bandit Sensing is ▪ Bayesian Device Fingerprinting is a ▪ Distributed Tomographic
Bastille’s patent pending technology suite of patent pending technology Localization is Bastille’s patent
to quickly and accurately scan the that Bastille uses to detect and pending technology to provide
spectrum for emitters and threats identify devices in an Enterprise actionable position information of
Founders / airspace all emitters in your corporate
▪ Collaborative Bandit Sensing utilizes
Management airspace.
a variant of the Multi-Armed Bandit ▪ Bayesian Device Fingerprinting
Chris Risley Bob Baxley Christian Sepulveda Mike Engle Betty Kayton (MAB) problem to allocate sensor relies on Probabilistic Graph Models ▪ Bastille uses passive Radio
CEO Chief Engineer VP, Engineering VP, Business CFO time watching various parts of the of possible device characteristics to Tomography in the corporate
Development
spectrum track and estimate device meta- airspace to account for the location
Founded 2014 information of walls
▪ Bastille has combined a stochastic
HQ San Francisco, CA model of the signal environment, an ▪ Bastille Enterprise can resolve ▪ This allows Bastille to locate radio
array of intelligent distributed search emitter, device, and people-device emitters much more accurately than
Total Amt. Raised $43.3M algorithms, and collaborative entities to produce never-before- other technologies to 1 meter of
optimization based on gossiping seen situational awareness of your accuracy
Security For The Internet of Radios algorithms RF & physical space
Scan Compile Data Research Funding Summary: $43.3M

Bastille’s technology scans the This data is gathered & stored, The Bastille Research Team
entire radio spectrum, & mapped to understand proactively monitors for new Sep 2017 Series B $27.0
identifying devices on what devices are transmitting radio-borne threats. Their
frequencies from 60MHz to data from your corporate breakthrough research and Aug 2015 Series A $13.8 Thomas Noonan
6GHz airspace discoveries help to keep the larger
ecosystem safe Jan 2015 Angel $2.5 John Huntz Thomas Noonan David Cowan
180
Company Overview Digital Shadows SearchLight™

Digital Shadows is a provider of cyber monitoring services designed to improve cyber DIGITAL SHADOWS SEARCHLIGHT™
situational awareness. The company's cyber-monitoring services combine scalable data The SearchLight service combines scalable data analytics with human data analysts to manage and
mitigate digital risks.
Description analytics with human data analysts to manage and mitigate digital risks, enabling Directory
organizations to get insight of external digital risks and offer protection against cyber- Services
attacks, loss of intellectual property, loss of brand and reputational integrity.
Extensive Coverage Relevant Threat Intelligence Human In The Loop
Founders / Monitor widest range of sources A register of key assets that Intelligence operations analysts lift
Management across the visible, deep, and dark uniquely define organizations, signal from noise, strip out false
web. Identify a variety of digital subsidiaries and supply chains alarms & send priority cases, thus
risks, including cyber threats, data drives intelligence machinery saving time & money
Alastair Paterson James Chappell Daniel Moskowitz Daniel Lowden Rick Holland
CEO and Co-Founder CTO & Co-Founder CFO CMO VP, Strategy
exposure, & reputational risks
Assessment, Setup & Managed Takedown

Founded 2011 Monitor & Mitigate
Digital Shadows
Configuration Service
Approach
HQ San Francisco, CA & London, United Kingdom
Understand what is important and Continuously monitor organization’s Enables swift action, to help
Total Amt. Raised $48.5M create a tailored configuration to digital shadow, identifying incidents minimize the loss of revenue,
tune SearchLight to meet your as they occur, delivering only brand damage, loss of
needs relevant alerts and reports customer trust & data
Digital Shadows Features
Funding Summary
Tailored Threat Intelligence Identification of Data Exposure Typosquatting Identification Date Stage Amount Raised ($M) Selected Investors
Dark Web Search Mobile App Monitoring Credential Compromise Real-Time Alerts Feb 2016 Series B $14.0

Malicious Actor Assessment Customizable Reporting Easy Integration
Dec 2012
Seed $0.5
& Sept 2013
181
Company Overview Securonix Security Intelligence Platform Overview

Description Securonix is working to radically transform all areas of data security with actionable
security intelligence. Securonix’s advanced security analytics technology mines, enriches, Highlights
analyzes, scores and visualizes customer data into actionable intelligence on the highest ▪ Delivers real-time security intelligence to
risk threats from within and outside their environment. Using signature-less anomaly security, IT, business and key security
detection techniques that track users, account and system behavior, Securonix is able to systems
detect the most advanced insider threats, data security and fraud attacks automatically
▪ Detects insider threats and APTs through
and accurately. Customers are able to address the most basic and complex needs around signature-less behavior and outlier
advanced persistent threat detection & monitoring, high privileged activity monitoring, analysis
enterprise & web fraud detection, application risk monitoring & access risk management.
▪ Immediate ROI in risk and cost reduction
for security programs across DLP, SIEM,
IAM, PAM, DAM, and Enterprise or
Founders / Cloud Application Security Management
Management
Tanuj Gulati Chris Bell Nanda Santhana Chris Ostertag
Solutions Security Systems
Sachin Nayyar
CEO CTO COO SVP, Cyber Solutions Senior VP, Sales
Data Exfiltration
DLP
Intelligence
Founded 2008
High Privileged Account
HQ Los Angeles, California PAM
Intelligence
Total Amt. Raised $29.0M Application Security
WAC / AAC
Intelligence
Security Intelligence Solutions Access Intelligence IAM
Insider Threat Management Identity & Access Analytics Privileged Account Analytics Cyber Event Intelligence SIEM
▪ Data theft detection and ▪ Cleanup rogue access ▪ Continuous real-time Funding Summary
prevention privileges privileged account
▪ Fraud detection and ▪ Risk-based access reviews Analytics Date Stage Amount Raised ($M) Selected Investors
prevention ▪ Risk-based access ▪ Service account abuse
▪ VIP snooping detection and certifications monitoring
Sep 2017 Series A $29.0
prevention ▪ Risk-based access requests ▪ Securonix for Lieberman
182

Aqua Security provides a container security platform that delivers an advanced security Enforce Security Deploy Anywhere
Integrate Security
Policies in On-Demand or in
solution for containerized environments, supporting both Linux and Windows containers, Into Your DevOps
Containerized The Cloud
multiple orchestration environments, both on-premises deployments as well as on AWS, Pipeline
Applications
Description
Azure, GCP, and other public clouds. Integrating early into container development, Aqua
then uses a combination of intelligent defaults, machine learning, and threat research to Aqua Security Architecture Auditing & Compliance
▪ Logs every container and user activity
provide full life cycle security for container-based applications. ▪ Securely manages container access to
‘secrets’ across orchestrators
▪ Integrates with SIEM, monitoring and
analytics tools
Founders / Automated Security

▪ Machine learning of legitimate container
Management behavior, based on application context
Dror Davidoff Amir Jerbi Upesh Patel Michael Cherny Shahar Man ▪ Container-specific role-based user
CEO & Co- CTO & Co- VP, Business Head, Security VP, R&D permissions
Founder Founder Development Research ▪ Validates host hardening best practices
Founded 2015 Runtime Protection

HQ Ramat Gan, Tel Aviv ▪ Container activity monitoring in real-time
▪ Network nano-segmentation based on
Total Amt. Raised $38.3M application context
▪ Detects and prevents exploits and
Strategic Technology Partners Container Management malicious activity
Funding Summary
Sept 2017 Series B $25.0
Sept 2016 Series A $9.0
Oct 2015 Seed $4.3 Shlomo Kramer
183
Company Overview Threat Stack Platform Overview

Threat Stack is a developer of a SaaS based intrusion detection platform designed to
Threat Stack provides an integrated platform of detection and assessment tools into a single,
provide insights about enterprise cloud environments. The company's intrusion detection unified interface offering unmatched visibility, compliance, and data safety
platform empowers security and operations to manage risk and compliance across entire
Description
infrastructure, including cloud, hybrid cloud, multi-cloud and containerized Real-Time Host Monitoring Configuration Auditing Continuous Compliance
environments, enabling enterprises to identify and verify insider threats, external attacks Conduct behavior-based Scan AWS configurations to Meet PCI, HIPAA, SOC II, SOX
monitoring & immediately ensure the proper security 404, and ISO 27001, and
and data loss in real time.
detect suspicious events settings are in place & enabled, customer requirements using
while achieving an accurate out-of-the-box rules sets.
security baseline
Founders / Workflow Integrations Threat Intelligence Vulnerability Assessment
Management Out-of-the-box integrations with Correlation Detect systems & packages
Brian Ahern Jim
Sam Bisbee Kevin Durkin Chris Gervais popular configuration containing known vulnerabilities
Chairman & McDonough Threat Stack monitors
CSO CFO VP, Engineering
CEO VP, Sales management and alerting tools connections to known bad & cross-reference against more
allow you to seamlessly bring addresses, and alerts than two million identified CVEs
Founded 2012 security best practices into immediately when these to automatically categorize
HQ Boston, MA existing DevOps connections occur them according to security risk
Funding Summary
Connect Threat Stack to Your Existing Solution Date Stage Amount Raised ($M) Selected Investors

Threat Stack’s API is designed to have predictable, resource-oriented URL and Response
Codes. Common use cases of Threat Stack’s API include: Apr 2016 Series B $15.4
Aug 2015 Series A1 $7.9

Policies Alerts Agents
Saving your policies in source Pulling Threat Stack alerts into Keeping a record of all the
code management for your organization’s logging deployed agents to audit which Oct 2013 Seed $1.2
collaboration and sharing infrastructure or SIEM parts of your infrastructure
were protected and when Jan 2013 Accelerator $0.2
184
Raises $88.0M In Series D Financing.
Company Overview ForgeRock Identity Platform

ForgeRock is a digital identity management company that facilitates secure organizational Securely connects people, devices, and things, so everyone and everything can
interaction with customers, employees, devices, & things. The ForgeRock Identity interact in the IoT world
Platform™ is a digital identity system of record used to monetize customer relationships,
Description address stringent regulations for privacy and consent (GDPR, HIPAA, FCC privacy), & Access Identity Identity Directory
leverage the internet of things. With offices across Europe, the USA, and Asia, ForgeRock Management Management Gateway Services
serves hundreds of brands, including Morningstar, Vodafone, GEICO, Toyota, as well as Authentication and Application & Service
Identity Provisioning Data Store
governments like Norway, Canada, and Belgium, securing billions of identities worldwide. Strong Authentication Gateway
Authorization and
Workflow Engine IoT Identity Gateway High Availability
UMA Provider
Founders /
Management
Self-Service & Profile Password Capture &
Mike Ellis Lasse Andresen John Fernandez Jeff Scheel Steve White Adaptive Risk Data Segmentation
Management Replay
Chairman & CTO & Co- CFO & EVP SVP Global Biz & VP Chief Security
CEO Founder Global Ops Corp Dev Officer
Founded 2009 Federation/SSO Synchronization UMA Protector LDAP/REST
HQ San Francisco, CA
Total Amt. Raised $140.2M in 4 Rounds Social Reregistration Federated Service
Social Sign-On Directory Proxy
and Authentication Provider
Industry-Agnostic Solutions
Funding Summary: $140.2M
Sep 2017 Series D $88.0

Healthcare Finance Retail Telecom Government
Jun 2014 Series C $29.9
ForgeRock: One Identity Platform for Everything From CIAM to IoT
Customers GDPR Privacy Apr 2013 Series B $15.0
Cloud, IoT, Mobile – Protect digital Address GDPR & privacy. Designed Protect & respect privacy. Let
identities & consolidate customer info to support digital transformation customers share data selectively Mar 2012 Series A $7.3
for personalized customer experiences initiatives at scale
185

Qadium is a cybersecurity company that continually monitors the device layer of the Expander is visualization and analysis software that provides complete visibility into and
Internet. Using patented technologies and state-of-the-art tools in deep data structuring actionable insights about your true network boundary to mitigate information security risks
Description and analytics, Qadium’s Global Internet Sensing platform collects data from the world's
Internet connected devices, turns that data into knowledge, and organizes it to help Global Internet Scanning Reporting
Hourly Internet-scale data refreshes enable Digests deliver actionable insights for
organizations understand and secure their networks. real-time visibility into and actionable clients’ users at all levels ranging from
insights about client networks analysts to the board of directors
Founders / Digital Asset Map Instant Value

Management A browser-based network graph view, Deliver instant value with a highly intuitive
provides an easy-to-understand, 100% user interface, SaaS delivery model, and
Dr. Tim Junio Dr. Matt Kraning Leon Rishniw Greg Toto Dan Quinlan agentless technology that requires no user
explainable and defensible view of all of
CEO, Chairman, CTO, Director, VP, Engineering VP, Product VP, Finance
Co-Founder Co-Founder client’s assets on the public Internet input, on-site installation, or privileged access
Founded 2012
Continual Monitoring API Access
HQ San Francisco, CA
Continual monitoring ensures that clients API access enables us to deliver better
Total Amt. Raised $66.0M are aware of their true network boundary insights straight into your cybersecurity
and alerted to changes at any given time workflows and tools in real time
Understanding Your True Network Boundary – Why Qadium?
Core Networks Shadow IT Third Party Hosting Funding Summary
Large Organizations don’t know Employees often violate Infrastructure managed by 3rd Date Stage Amount Raised ($M) Selected Investors
their full surface area & rarely corporate policy in good faith parties and cloud pose challenges
conduct IP ranges for central IT monitoring
Merger & Acquisition Leaked Internal Assets IoT Devices Jun 2016 Series A $23.3
M&A events involve opaque, labor Perimeter security Large organizations unknowingly
Aug 2015 Seed $6.0
intensive IT integration processes misconfigurations routinely result expose to public their IoT assets
with incomplete, asset lists in organizations placing internal like building automation devices, Jan 2012 &
Grant $1.2
assets on the web teleconferencing equipment, etc. Jan 2014
186

LookingGlass provides a portfolio of threat intelligence services, threat data feeds in the Threat Intelligence Services Machine-Readable Threat Intelligence
form of machine readable threat intelligence, a threat intelligence platform with 100+ Augment Security Team With Specialized Analysts Automated & Enriched High Quality Threat Data
sources of threat and global Internet data analyzed and transformed into threat
▪ Threat Analysis –human review of all captured material, Protects against active threats:
Description intelligence, and network mitigation capabilities enable our intelligence-driven approach alerts when threat indicators are found ▪ Malicious IP addresses & domain names
to be proactively leveraged by clients. They address the full spectrum of threats including ▪ Response & Takedown Services – Track & report ▪ Links to legitimate websites that are compromised
structured threats and Indicators of Compromise, unstructured and open source (OSINT) removal of undesirable content, websites and apps
▪ Command and control (C2) infrastructure
risk data, internal network telemetry, physical threats, and mitigation options. ▪ Special Investigations Unit – Provides assessments of
▪ Active malware campaigns & variants
threats & handles disclosure of sensitive data
Threat Intelligence Platforms Threat Mitigation

Aggregate, Score & Prioritize Volumes of Threat Intelligence Operationalize Threat Intelligence & Automate Defense
Founders /
Management ▪ ScoutPrime™ - Workflows to contextualize actionable ▪ ScoutShield™ - automatically blocking known phishing,
intelligence through customized scoring & alerts malware, and malicious command and control domains.
Chris Coleman Stewart Curley Allan Thomson Pete Agresta Dave Horn
CEO CFO CTO CRO VP, Engineering ▪ ScoutVision™ - Identify & manage threats to internal ▪ NetDefender™ - Immediately stop attacks entering your
assets & 3rd parties organization's network at line speeds
Founded 2006 ▪ NetSentry™- Detect malicious traffic at network speeds.
▪ Cyber Threat Center™- Cloud platform to monitor open
HQ Reston, VA source data ▪ DNS Defender™- Protect against DNS manipulation
Funding Summary
Acquisition Summary Date Stage Amount Raised ($M) Selected Investors
Date Company TV Description
Aug 2017 Series D $26.3
Cyveillance is a threat intelligence management platform that
Dec 2015 $35M
transformed internet data into threat intelligence
Dec 2015 Series C $50.0
K&A is an IT security company operating Virus Tracker, the
Jul 2015 NA
worlds largest botnet monitoring system Mar 2015 Series B $20.0
CloudShield provides IP service control and infrastructure
Mar 2015 NA protection solutions on network and content processing Apr 2013 Series A $7.5
platforms
187
Raises $80.0M In Late Stage VC Financing.
Company Overview Data Management-as-a-Service
Druva is a provider of data protection and IT-governance technology that is designed to Data Protection Data Governance Data Intelligence
create centralized data sets for an organization’s information. The company combines
Description data from endpoints, servers, and cloud applications into a single repository through its
data-management-as-a-service platform – allowing for centrally managed backup, data
protection, governance, and recovery.
▪ Backup, availability, disaster ▪ Enables archive, compliance, ▪ Predictive early assessment, data
recovery and workload mobility eDiscovery, and Data forensics, and information
▪ Ensures data is available and sovereignty lifecycle management
recoverable ▪ Simplifies process of data
Founders /
compliance
Management
Jaspreet Singh Mahesh Patel Milind Borate Mike Gustafson Matthew Morgan Funding Summary
CEO CFO CTO Executive Chairman CMO
Founded 2007
HQ Sunnyvale, California Aug 2017 Late Stage VC $80.0
Sep 2016 Series E $51.0

Selected Clients
Aug 2014 Series D $25.0
Jan 2008 Seed Undisclosed
188
Raises $12.7M In Series C Funding.

Versive automates the combination of AI and human intuition in order to comprehend
The Versive Security Engine detects suspicious behaviors in your environment and uses
system norms, detect suspicious behavior based on an understanding of the adversary
adaptive machine learning from the Versive Platform to correlate these behaviors
campaign lifestyle, and build threat cases before allowing users to view results. The
Description
platform continually learns about device behaviors, and deploys that understanding in its
Benefits of The Versive Approach: AI + Human Intuition, Automated
platform. The Versive AI Platform was developed in order to provide large enterprises with
solutions before serious cyberattacks comes to fruition. Automatically Customized Human Expertise
to Environment: Knowledge from hackers is built into
Trained on your actual data, making the product, combining machine
Founders / the system highly accurate, power with decades of cyber learning
Management customized to your network, & for unmatched insight
Joseph Polverari Ashley Fidler
impossible to deceive
Dustin Rigg Hillard Greg Smithies Jeff Feinstein
CEO VP, Engineering VP, Finance VP, Sales Sr. Director, Product
Management
Constant Improvement:
High Accuracy, No Noise:
Founded 2012 As your environment grows and
If sent a high-value Threat Case,
HQ Seattle, Washington changes, the VSE evolves and grows
it warrants immediate
smarter automatically, thanks to the
Total Amt. Raised $64.2M investigation
adaptive machine learning
How The Versive Security Engine Works Funding Summary
Aug 2017 Series C $12.7
Aug 2016 Debt $7.0
Sept 2014 Series B-1 $13.6

Suspicious Behavior
Baselining Build Threat Cases Deliver Results
Detection Jul 2013 Series A $7.0
Learn what constitutes Based on correlation with Mapped connections across Results can be viewed in
normal behavior in specific adversary behavior profiles network & time yield convenient UI or as data Jun & Nov 2012 Seed $2.8
environment visualized threats in the API
189

Description ZingBox develops an enterprise Internet of Things (IoT) security solution to discover and
ZingBox takes an IoT personality-based approach to discover, detect, & defend IoT infrastructure
protect connected equipment. Zingbox uses Deep Learning to develop profiles for IoT
devices, such that irregularities are quickly detected, and a defense strategy can be
Discover Detect Defend
executed. Zingbox’s cloud-based architecture allows for scalability for large networks. It is
Analyzes devices to build unique Immediately detects potential Tailored recommendations for
currently deployed mainly among hospitals, companies, and manufacturing facilities with
profile based on regular actions threats—profile irregularities security defense solutions
IoT security.
Security Posture Device Personality Real Time

Identifies, Classifies, Actively Learns device’s unique Constant monitoring of
Manages IoT Inventory personality and profile devices and collections
Founders /
Management
Actionable IoT
Xu Zou May Wang Jianlin Zeng Mayuresh Ektare Giancarlo Chavez Self-Learning Deep Learning Intelligence
CEO & CTO & VP, Engineering & VP, Product Head, Sales Uses AI and Deep Completely unsupervised Leverages existing
Co-Founder Co-Founder Co-Founder Management Learning Algorithms Deep Learning network and security
infrastructure
Founded 2014
HQ Mountain View, CA
Risk Exposure Trusted Behavior
Total Amt. Raised $31.9M Non-Disruptive Organization-level risk
Enforces acceptable behavior
Agentless, Seamless consistent with each device’s
assessment
profile
ZingBox IoT Guardian
50 TB of IoT traffic Seamless and Non-Disruptive
analyzed everyday The FIRST IoT security solution to eliminate the Funding Summary
cost & complexity of software agents Date Stage Amount Raised ($M) Selected Investors
Smart & Self-Learning
The ONLY unsupervised Deep Learning solution Aug 2017 Series B $21.7
to discern the individual personality of device
2.5 PB of total IoT Nov 2015 Series A $8.0
traffic analyzed to Service Protection
The industry’s FIRST solution to protect IoT
date services – not just data
Dec 2014 Seed $2.2
190

Dragos is an industrial cybersecurity company focused on some of the community's Dragos Threat Corporate IT & OT
The Dragos Platform is the Operations Analysis Security Teams
hardest problems. The ecosystem the team has built is specifically tailored for industrial
heart of the Dragos
environments such as those found in industrial control system (ICS), Supervisory Control ecosystem. The software
Description
and Data Acquisition (SCADA), and Distributed Control System (DCS) environments. It’s codifies & automates insights
software platform and services help operators protect infrastructure sites such as power from on-the-ground experts 3rd Party
who have spent decades Systems
grids, water distribution sites, oil refineries, gas pipelines, manufacturing, and more.
responding to the world’s
Dragos
most complex threats on a Intelligence
global, national, & local level
Founders /
Management Data Pipeline Core Models WorkFlow Automation Workbench
Robert Lee Jon Lavender Justin Cavinee Tom Leuchtner Sergio Caltagirone Ben Miller 3 Modules work together to Provides playbooks for Consolidates security activity
CEO CTO Chief Data VP, Product Mgmt. Director, Threat Director, Threat Feeds critical information
manage ICS, detect threats, automating & orchestrating & serves as a case mgmt.
Scientist & Strategy Intelligence Operations into pipeline
& streamline operations security & compliance system for investigations
Founded 2016 ▪ Identify up to hundreds ▪ Maps out and visualizes ▪ Increase analyst efficiency ▪ Complete context for
of thousands of assets all network-connected security events
HQ Fulton, Maryland ▪ Standardize security
devices, ports, & protocols
▪ Integrates with existing policies ▪ Track process & improve
Total Amt. Raised $11.2M IT SIEM solutions ▪ Real-time automated productivity
▪ Evolve processes to meet
detection against threats
dynamic needs ▪ Speed up incident
Dragos Services response
Dragos Is An Extension Of Your Industrial Cybersecurity Team Funding Summary

Compromise Assessment Dragos Threat Hunting Dragos Incident Response
Deploys Dragos Threat Combines the experience of Uses a preventative approach to Aug 2017 Series A $10.0
Operations Center (TOC) human intelligence with the scale investigating and responding to
personnel and tools to assess of automation to constantly and threats in ICS environments.
Aug 2016 Seed $1.2
environment & risk efficiently search through
customer networks for threats
191

GuardiCore provides visibility, active breach detection and real-time response for software The GuardiCore Centra Security Platform monitors all connections across the data center using multiple
defined and virtualized data centers and clouds. It combines lightweight architecture to detection methods. Unsuccessful connections are rerouted to a high-interaction deception engine for
support the performance requirements of high traffic data centers, and enterprises gain real investigation, while successful connections are analyzed for malicious attributes
Description time visibility, understanding and response to illicit activity within the data center in
Monitor Data Center
minutes, not months. The company leverages threat deception and application-level Detect Suspicious Activity Engage Suspicious Connections
Communications
network visualization to address the security challenges across virtual high traffic data
center environments. ▪ Covers all internal traffic ▪ Decoy opportunities allow real ▪ Decoy opportunities allow real
▪ Instantly detects blocked or filtered attacks to progress under attacks to progress under
connections granular observation granular observation
▪ IT teams can create rules governing ▪ Deception technology employs ▪ Deception technology employs
authorized communications real machines, services and IP real machines, services and IP
Founders /
between applications addresses addresses
Management
Pavel Gurvich Ariel Zeitlin Dror Sal’ee Yaron Bartov Ori Aldor Highlight Real, Migrate Attacks Remediate Compromised
CEO & CTO & VP Biz Dev & CFO VP R&D
Co-Founder Co-Founder Co-Founder
Active Breaches in Progress Services
Founded 2013 ▪ Performs automatic and real- ▪ Uses attack footprint to identify ▪ Provides recommendations for
time analysis that identifies all servers affected by the the most appropriate
HQ Tel Aviv, Israel confirmed active breaches breach remediation measures
Total Amt. Raised $46.0M ▪ Prioritizes all incidents based on ▪ Quarantines compromised ▪ Enables security team to remove
severity level servers and provides detailed backdoors and other hacker
▪ Develops a detailed footprint of incident reports to support tools from impacted servers
Key Highlights of GuardiCore the confirmed attack rapid response
Funding Summary
Dramatically Reduce Time To Prevent Or Minimize Gain Unprecedented
Detect, Investigate And Damage And Data Theft, Visibility Into Data Center Date Stage Amount Raised ($M) Selected Investors
Remediate Attacks Saving Millions Activity
Aug 2017 Series B-1 $15.0
Understand Attack Jul 2016 Series B $20.0

Empower Security Teams Strengthen Entire Security
To Do More With Less Methods And Patterns
Infrastructure
Aug 2014 Series A $11.0
192

UnifyID is an identity platform that offers seamless security that relies on implicit UnifyID combines implicit authentication with machine learning to uniquely identify individuals on more
authentication. Implicit authentication are factors that are unique to the customer but than 500 websites & unlocks a new generation of IoT devices making remembering passwords obsolete
don’t require any user action, such as location, habits, and sensor data from everyday PC/Laptop UnifyID Implicit Authentication Platform
Description devices. The company uses proprietary machine learning algorithms to combine
▪ Analyzes factors like keystroke timing, ▪ Use of a variety of sensors including GPS,
behavioral and environmental attributes to produce a confidence score that specifies how mouse/touchpad movements, WiFi & Bluetooth accelerometer, gyroscope, magnetometer,
likely it was that a particular user performed an action, all increasing security without telemetry data barometer, ambient light, WiFi and Bluetooth
signals
burdening the user. ▪ Tap into constant signals emitted by Bluetooth LE
▪ Combine factors to extract a highly accurate ▪ Sensor data is processed locally & sends small
“confidence level” via use of proprietary machine streams of extracted to features to cloud-based
learning algorithms machine learning system
Founders / UnifyID Implicit Authentication Platform

Management
John Whaley Steve Chamberlain Vinay Prabhu Zero Conscious User Action
Founder, CEO Founder, COO Principal Machine
Learning Scientist Encrypted Digital
Sensor Data UnifyID Machine Learning Partner Use Cases
Footprint
Founded 2015
USER IDENTITY: JOHN ▪ Streamline Authentication
HQ San Francisco, CA Accelerometer Phone SKD 99.99% CONFIDENCE ▪ Fraud Detection/Prevention
Total Amt. Raised $20.0M ▪ Prevent account takeover
Gyroscope
Signal Processing ▪ Know Your Customer
Milestone Timeline GPS
Sensor Fusion ▪ Seat sharing
Feb 2017: ▪ E-Commerce
WiFi
Jan 2016: RSAC Innovation
Feature Extraction ▪ Continuous Authentication
Seed Funding Sandbox Winner Bluetooth ▪ Automatic Deauthentication
Funding Summary
March 2015: Sept 2016: March 2017: Date Stage Amount Raised ($M) Selected Investors
Company Formed TechCrunch Disrupt SXSW Security &
Runner-up Privacy Winner
193

Callsign is a mobile application that allows its users to securely access websites and keep Callsign’s Unique Intelligence Driven Authentication (IDA) Solution Enables Users To Access Whatever They
their personal details private. Callsign’s Intelligence Driven Authentication Solution Need, From Wherever And However They Need It, All In A Frictionless Manner
enables more informed and truly adaptive access control decisions, putting enterprises
Description Intelligence
and their users back in control. Its platform combines multi-factor authentication with
fraud analytics powered by deep-learning technology to offer an authentication platform Behavior Location Device
Ergonomic analysis delivers Understand where and how Debug, jailbreak/root,
that can adapt to potentially signals to combat the threat of unauthorized logins.
insights to precisely identify a transaction is initiated and malware and cloning
who is in possession of a verified to enable safe detection can inform risk
device harbors and anti-fraud policies
Authentication
Founders /
Management Biometric PIN OTP
Zia Hayat Ian Welch Paul Fletcher Christopher Hutton Julio Sevillano Srinivas Ketavarapu Replay resistant finger, face Secure PIN provides a OATH compliant OTPs are
CEO & Founder COO Head of Products Chief Solutions Head of Mobile VP, Bus. Dev. and voice recognition familiar user experience, in delivered to users in several
Engineer deliver the next generation line with the EMVCo ways, including Mobile App,
of authentication standard USB, LCD, SMS and Call
Founded 2011
HQ London, UK Technology
Total Amt. Raised $38.5M Crypto Engine Neural Engine Policy Engine
All cryptographic functions Uses more than 50 data By implementing critical
Callsign User Advantages across iOS and Android and elements in real-time to workflows, the Policy Engine
server sides are performed in a pinpoint suspicious activity, empowers risk officers to easily
fully audit-able manner accessing risk of device manage controls
Activity Profile Passcode

Funding Summary
▪ Easily review all requests ▪ Choose up to 24 identity ▪ Can still approve Date Stage Amount Raised ($M) Selected Investors
that have been made types to be managed via transactions even with no
▪ Audit trail ensures you Callsign Internet access Jul 2017 Series A $35.0 NightDragon Security
can see all transactions ▪ Easily control which ▪ Use app to generate OTP
details are shared to access systems and Sep 2016 Seed $3.5 Terry Eger
services offline
194

PerimeterX prevents automated attacks by detecting and protecting against malicious web PX Detector PX Console
behavior. By analyzing the behavior of humans, applications and networks, it catches in real-
time automated attacks with unparalleled accuracy. The PerimeterX Bot Defender protects
Description
business and web infrastructure websites from automated or non-human attacks, at any
scale, by tracking the behavior of website visitors and using artificial intelligence algorithms to Browser Web Page
determine which bots should be blocked. PX JS Sensor PX JS Snippet
PX Enforcer
App Server
80 PX Risk Score
Founders /
Management 1. Deploy 2. Sense
Omri Iluz Ido Safruti Ophir Ashkenazi Jonathan Ferrell Amir Shaked ▪ Load Perimeter Bot Defender’s sensor to your ▪ Sensor collects and sends data to evaluate
CEO & Co- CTO & Co- CFO & Co- VP, Sales VP, Research
Founder Founder Founder
website browser, user and network activities
▪ Takes only five minutes to get started ▪ Dashboard shows all normal and malicious
Founded 2014 bot activities in real-time
HQ San Mateo, CA
3. Detect 4. Enforce
▪ Evaluates sensor data in real-time using ▪ Risk Score is picked up by the PerimeterX
machine learning and behavioral analysis enforcer
PerimeterX Advantages ▪ Creates a Risk Score to identify whether a user ▪ Based on the score, the user is blocked or
is malicious or not, sent in an encrypted challenged
Diagnose the cookie back to the user’s browser ▪ Able to incriminate or exonerate the user
Defend Your
Detect Bot User as Deploy in based on the nature of the page and threat
Website and
Behavior Human or Minutes
Business
Malicious Bot Funding Summary
▪ Unparalleled accuracy ▪ Human vs. bot ▪ Prevent attacks that ▪ Hassle-free ongoing Date Stage Amount Raised ($M) Selected Investors
and precision behavior fingerprinting do not trigger maintenance
▪ 100s of indicators and analysis security mechanisms ▪ Fully compatible with
from users, browsers, ▪ Detection of advanced ▪ Future proof against existing infrastructure Sep 2015 Series A $9.0 Andreas Bechtolsheim
devices and network automated attacks new automated including cloud and
attacks CDN solution Jan 2015 Seed $2.5
195
StackRox

StackRox provides a container security platform that adapts to evolving threats and StackRox secures the entire path from containers to web-scale microservices. It enables deep container
streamlines security operations. It uses instrumentation and sophisticated machine visibility and insights, adapts defenses to new cyber threats, and unifies multiply threat protection
capabilities with a single integrated platform
learning to protect the agile enterprise, automatically discovering every container and
Built-in Security Architecture High Resolution Visibility
Description establishing full operational visibility. StackRox enables security teams to see containers in
▪ Combines a new, scalable security architecture with
high resolution and transform millions of signals across the environment into meaningful Container Auto-Discovery with Fingerprinting:
instrumentation and machine learning to protect containers
Microservice fingerprinting technology enables rapid,
security insights with dramatically less noise, defending against threats such as code from evolving threats.
reliable identification of both known and rogue containers
injection, privilege escalation, malicious lateral movement and data exfiltration. ▪ Deploys across cloud, virtual and bare metal environments
Insights from Entire Ocean of Container Signals: StackRox
as a set of container-based security microservices that
continuously monitors collection of signals including
collects signals, performs machine learning, and automates
system calls, network traffic, and Docker events
prevention and response
▪ Works as a single integrated platform that scales Advanced Network Visualization: Renders interactive,
Founders / automatically and interfaces seamlessly with existing security detailed visualization of container network in real time,
infrastructure providing a clear depiction of all system connections
Management
Adaptive Defenses Rapid Deployment and Simple Management
Sameer Bhalotra Ali Golshan Wei Lien Dang Shashank Tiwari
Co-Founder & CEO Co-Founder & CTO VP, Product VP, Engineering Adaptive threat protection is a result of machine learning StackRox is built for production environments and
Founded 2014 models working in parallel to protect container environments interfaces with the following systems:
HQ Mountain View, CA Auto-tuning Machine

Smart Filters Orchestration
Learning Models
StackRox Benefits Policy-Driven Prevention

Attack Profile Library
Container
Platforms
and Response
Hunt for Threats Protect Cloud Workloads
▪ Single sign-on (SSO) authentication
▪ Dynamically filter collected container signals ▪ Effectively detect code injection, privilege
Two-Click Behavior Image Vulnerability Security ▪ Incident management systems
Modeling Scanning ▪ Full-featured API for SIEM integration
in order to rapidly zero in on indicators of escalation, malicious lateral movement, data
compromise (IOCs) and identify threats exfiltration, and many other types of threats
Funding Summary
▪ Surface detailed security event context for ▪ Orchestrate threat response with a policy-
analysts to construct new attack profiles and driven workflow that streamlines security Date Stage Amount Raised ($M) Selected Investors
policies management
Jul 2017 Series A $14.0
▪ Enable faster root cause analysis, streamlined ▪ Deploy as a single platform of container-
response, and prevention controls to harden based security microservices that work across
container environments against new attacks cloud workloads Jan 2015 Seed Undisclosed Undisclosed
196
Awake Security Has Exited Stealth Mode With A Total Amount Raised Of $31.2M.

Awake Security provides an advanced security analytics solution that improves security Awake Security offers a security analytics solution to automate painstaking analyses that expert investigators
operations productivity by delivering unprecedented visibility into enterprise perform, improving analyst productivity ten-fold
environments for breach detection, investigation and hunting. The company’s Security
Description Knowledge Graph data model uses machine learning and data analytics to automate
painstaking analyses expert investigators perform. The company is built on a foundation of
more than two years of research with hundreds of security professionals and a dozen
security teams, and it has just exited stealth mode.
Founders /
Management
Michael Callahan
Keith Amidon Debabrata Dash Gary Golomb Rudolph Araujo
Co-Founder &
Co-Founder & Co-Founder & Co-Founder & Chief VP, Marketing
CEO
VP, Networking VP, Analytics SOC Whisperer
Founded 2014 Security Knowledge Graph ActivityIQ EntityIQ

HQ Mountain View, CA ▪ Identifies and tracks real-world ▪ Analytics correlate network ▪ Algorithms surface notable
Total Amt. Raised $31.2M entities like devices, users or traffic to entities in the data entities and behaviors within
domains from network traffic model, presenting summarized the data model and cluster
timeline view as a victim would similar entities for attack
The Awake Advantage ▪ Captures conclusions and
discoveries made by team
experience it and as a campaign analysis.
investigator would piece it
members, improving ▪ Predict questions analysts are
Empowered Analysts Better Investigations A More Secure Network together
collaboration likely to ask, pointing them to
next investigative path
▪ Eliminate need to operate on IP ▪ Simple behavioral query language ▪ Detect, investigate and hunt for threat
addresses
▪ Cut out cumbersome tasks
for real-time answers to powerful
questions
activity after initial compromise
▪ Lower threat dwell time
Funding Summary
Lower Costs Quick Time to Value Low Maintenance
▪ Reduce operational costs through ▪ Monitor network quickly without ▪ Keep sensitive data on premise but
consolidation, improved SOC need for any integrations or tuning get SaaS benefits of hardware
efficiency, higher analyst tenure & other than a simple TAP/SPAN monitoring, maintenance, & regular 2014 Series A $8.7
lower hiring / training expenses software & intelligence upgrades
197

Deep Instinct provides real-time detection and prevention of zero-day threats The Deep Instinct platform focuses on three areas for real-time cyber intelligence: data training,
and advanced persistent threat attacks for mobile devices and endpoints, and deep learning and predictive capabilities to provide protection to mobile devices and endpoints
its proactive protection protects the organization’s entire assets from any
Description known and unknown threat on any infrastructure. The company approaches Technology
cybersecurity from a different angle: from reactive to proactive defense, as
well as from expecting the next unexpected attack to predicting and Data Training Deep Learning Predictive Capabilities
preventing it. Training on hundreds Proprietary, deep Lightweight, real-time cyber
of millions of malicious learning algorithms; intelligence; Distributed across
and benign files Continuous learning the organization’s infrastructure
Founders / Infrastructure Agnostic Connectionless Coverage Easy Deployment

Management
▪ Breaks down data features ▪ Works even when the ▪ Constantly scans, predicts
into small parts to render device is not connected to and protects all activities
Guy Caspi Eli David Holly Whalen Stuart Fisher Efrat Turgeman
CEO CTO SVP, Sales SVP, APAC CFO the data source irrelevant the network without impacting the user
▪ Instinctively detects and ▪ On-device agent allows experience
Founded 2014 prevents any threat on any complete protection when ▪ Works in parallel to any
HQ Tel Aviv, Israel infrastructure personal and corporate previously installed security
Total Amt. Raised $32.0M devices interact agents
Solution Components Real-Time Detection and Prevention Accurate Prediction Model
D-Brain D-Appliance D-Client ▪ Enables on-device, connectionless, lightweight, ▪ Continuously learns to deliver unprecedented
real-time cyber threat prevention accuracy to secure all assets
▪ Core component of deep ▪ Provides visualization and ▪ Enables on-device, ▪ Acts proactively and automatically according to ▪ Instantly detects zero-day threats before an
learning solution management tool to configure connectionless, lightweight, real- organization policies attack can take place
▪ Continuously learns on malware organization’s security policy time cyber threat prevention
datasets from diver sources ▪ Enables in-depth monitoring of ▪ Scans the device and acts Funding Summary
▪ Hosted at company headquarters cyber threats proactively and automatically
▪ Manages devices, security events, according to organization policies Date Stage Amount Raised ($M) Selected Investors
and security compliance policy in
the same place Jul 2017 Series B $32.0
198

Flashpoint delivers Business Risk Intelligence (BRI) to empower business units and Flashpoint Intelligence Platform Analyst and Advisory Services
functions across organizations to make better decisions and mitigate risk. Flashpoint’s Dual Threat Landscape Analysts
unique Deep & Dark Web data, expertise, and technology enable customers to glean “Onboarding wizard” allows for quick customization Leverage extensive intelligence experience to train
to industry, region, category and threat target access Deep & Dark Web collection and analytics engines
Description intelligence that informs risk and protects their ability to operate. Flashpoint’s services
include bolstering cybersecurity, confronting fraud, detecting insider threats, enhancing Intelligence-to-Data Pivoting Business Risk Intelligence Practice
physical security, and addressing vendor risk and supply chain integrity. Browse or query reports; assess emerging threats, Tailored solutions to organizations starting, rebuilding, or
vulnerabilities and potential impacts to make risk expanding intelligence function whether for a single
decisions function or broad enterprise support
Tagging & Content Classification Strategic Engagement Services

Features optimized intelligence and report tagging and Offerings include Rapid Risk Response, Deep & Dark
classification that improves report searching and Web Risk / Executive Risk Exposure Reports, Directed
Founders / discovery. Actor Engagement, and additional analyst service.
Management
Use Cases
Josh Lefkowitz Evan Kohlmann Josh Devon Chris Camacho Ben Donohue
CEO Chief Innovation Officer COO Chief Strategy Officer VP, Engineering Cybersecurity Physical Security
Third-Party
& Emergent & Executive Fraud Insider Threat
Founded 2010 Malware Protection
Vendor Risk
HQ New York, NY
Subject Matter Experts Combined with Expansive coverage of Combination of in- Combines intimate
Total Amt. Raised $43.0M are embedded in illicit targeted Deep & Dark We provides a depth expertise with familiarity with
Deep & Dark Web Dark Web robust view into a complex techniques and insiders’ techniques
communities, monitoring, company’s ecosystem tactics to proactively with targeted
Flashpoint Features providing insights into Flashpoint’s expertise and rapidly assesses mitigate the most monitoring of Dark
malware development helps identify and risks complicated fraud Web to protect against
mitigate physical risk schemes insider threats
Funding Summary
Intelligence Reporting Curated Alerting Analyst Assistance API & Portal Jul 2017 Series C $28.0
Analysts most critical Comprehensive monitoring Directly access our analyst Tools to access and perform
findings, hand-picked and relevant reporting, team for customized threat research on Deep & Dark
prioritized, and packaged in tailored to organization’s investigations Web data in order to
intra-daily reports needs discover valuable insights Apr 2015 Series A $5.0
199

ZeroFOX protects modern organizations from dynamic security, brand and physical risks ZeroFOX SaaS platform protects businesses and employees from cyber, brand and physical threats on
across social, mobile, web and collaboration platforms. It is an innovator of social media social and digital channels. It is designed to give complete control, covering thousands of data sources and
and digital security and uses targeted data collection and artificial intelligence-based hundreds of use cases. Customers are able to catch threats faster before they make an impact, reduce their
Description analysis to protect organizations from targeted phishing attacks, credential compromise, risk exposure with AI-driven analytics, and utilize automated threat hunting and remediation tactics.
data exfiltration, brand hijacking, executive and location threats and more. The platform
Business Protection Employee Protection
processes and protects millions of posts, messages and accounts daily across the social and
Protect pages, brands & Safeguard employees &
digital landscape. executives from incoming and
enterprises from brand risks &
targeted security threats. outgoing risks.
Monitor Alert Eliminate

Founders / Targeted collection of mass social & Customizable, artificial intelligence- Automated content moderation and
Management digital data based analysis takedowns
James C. Foster Mike Price Tim Bender Jon Fraleigh Gabe Goldhirsh
CEO CTO CFO EVP, WW Field EVP, Global Data Sources Policies & Rules Integrations
Operations Services ▪ Social networks ▪ Spear phishing ▪ Security Operations Center
▪ Deep & dark web ▪ Spoofed accounts ▪ SIEM platforms
Founded 2013
▪ Mobile app stores ▪ Credential compromise ▪ IBM QRadar & ArcSight
HQ Baltimore, MD ▪ Collaboration & chat platforms ▪ Account takeover ▪ Analytics platforms
▪ Web domains ▪ Brand impersonations ▪ Threat intelligence platforms
Total Amt. Raised $80.2M ▪ Facebook & Google ▪ Physical threats ▪ Firewall/IDS/IPS
Customer attacks Security platforms
ZeroFOX Platform ▪ ▪
SaaS Deployment Instant Visibility Fine Tune Analysis

Funding Summary
▪ Instant protection Targeted data collection spans social, Customizable FoxScripts for AI-based
▪ Cloud-based deployment mobile, web, domain, deep/dark, machine learning analysis
▪ Zero set-up charges collaboration & digital sources Jul 2017 Series C $40.0

Continuously Protect Extending New Intelligence Minimize Risk Exposure
Dedicated ThreatOps team and Complete Open REST APIs and 3rd Automated takedowns and content
Apr 2014 Series A $11.0 Enrique Salem
FoxThreats program constantly adds party integrations plug into your moderation via direct integrations to
new protections for new threats security infrastructure social & digital channels rapidly
eliminate threats Jul 2013 Seed $2.2
200

Darktrace offers an Enterprise Immune System software platform that uses machine Darktrace’s Enterprise Immune System is the first non-consumer application of machine learning to work at scale,
learning and AI algorithms to automatically detect and take action against cyber-threats. It detecting stealthy cyber-attacks and insider threats that bypass traditional security tools. The framework includes
Darktrace Antigena, which delivers autonomous response, automatically taking action against in-progress attacks in real
is a self-configuring technology that works within enterprise and ICS networks including
time. Darktrace ICS is specialized for SCADA and other ICS networks.
Description virtual, cloud and IoT systems and does not require manual set up, identifying advanced
Enterprise Immune System Threat Visualizer Industrial Immune System Antigena
threats in real time, including zero-days, insiders and stealthy, silent attackers.
▪ Creates unique behavioral ▪ 3D threat notification ▪ Coverage of both IT and ▪ Quickly restrains or
Headquartered in San Francisco and Cambridge, UK, Darktrace has 24 offices worldwide. models for each user and interface OT environments contains threats to allow
device ▪ Graphical overview of day- ▪ Correlates actions over time humans to catch up
▪ Forms evolving to-day network activity to understand “normal” ▪ Automated action slow
understanding of “pattern ▪ Automatically alerts analysts behavior provides security teams
of life” to significant incidents and ▪ Full visibility into ICS with a vital time window
▪ Passively monitors raw threats within environments activity
Founders / network data
Management
Nicole Eagan Poppy Gustafsson Jack Stockdale Steve Chamberlain Gary Szukalski Data Capture & Integration Recursive Bayesian Estimation Threat Visualizer Integration
CEO CEO, EMEA Global CTO COO Chief Channel
Management Officer
Physical
Human Modeling
SIEM
Network
Data
Threat Classifier
350+ Dimensions
Darkflow
Founded 2013
Data Capture
Virtual
Device Modeling 3D Threat
HQ San Francisco, California & Cambridge, United Kingdom Cloud
Visualization Notifications
Total Amt. Raised $179.5M SaaS Network Modeling
Enrichment Data API
Model Editor
Key Statistics Raw Packet Capture for Forensics
Funding Summary
48,000 Serious Cyber Deployed in 70
Incidents Reported Countries Date Stage Amount Raised ($M) Selected Investors
Jul 2017 Series D $75.0
Headcount: 500+ 3x Increase in U.S.

Customers 2016-2017 Jul 2016 Series C $64.0

$200M Total
3,000 Deployments
Contract Value Mar 2015 Series A $18.0
201

HyTrust aims to make private, public and hybrid cloud infrastructure more trustworthy for
HyTrust Workload Security solutions protect private and public cloud workloads by providing automated
enterprises, service providers and government agencies. It provides solutions that compliance and enabling policy driven security across multiple cloud environments.
automate security controls for software-defined computing, networking and storage
Description workloads to achieve the highest levels of visibility, granular policy control and data CloudControl DataControl KeyControl
protection. HyTrust customers benefit from accelerating cloud and virtualization cost ▪ Complete cloud & virtualization
▪ Role Based Access Control:
savings while also improving their security posture in real time. Control which functions have encryption solution ▪ Simplifies process of key
access to what resources ▪ Strong encryption with integrated management for enterprise
key management to secure applications
▪ Policy Control with Two Man
Rule: reduce define and enforce machines & their data throughout ▪ Unlimited encryption key
policy with secondary approval their lifecycle usage
Founders / ▪ Uniquely able to encrypt or re- ▪ Multi-cloud support including:
▪ Access Control with Two Factor
Management key data without taking
Authentication: Enhance overall
John De Santis Eric Chiu Mercedes Caprara Hemma Prafullchandra Fred Kost security posture applications offline
Chairman & CEO Co-Founder & CFO CTO & SVP, Marketing ▪ Forensic grade logs: provides in- ▪ Encryption travels with the VM
President EVP,Products
depth perspective on what has and runs in any virtualized
Founded 2007 happened in the virtual environment
environment
HQ Mountain View, CA
Total Amt. Raised $108.5M Funding Summary
DataControl Cloud Encryption Jul 2017 Series E $36.0
HyTrust Data Control offers powerful, military grade encryption with easy to use, scalable key management to secure the Jun 2016 Debt Financing $5.0
workload throughout its lifecycle from deployment and migration to sanctioned decommission.
KeyControl: key manager that ensures Apr 2015 Debt Financing $8.0
enforcement of policy via key issuance &
revocation Apr 2015 Series D $25.0
Policy Engine: ensure appropriate controls with Orchestration Workload Workload
Aug 2013 Series C $18.5
context; enforces right admins for creating HyTrust Key
encryption policies Control & Hypervisor
Admins Feb 2010 Series B 10.5
Policy Engine
Policy Agent: ties policy to workload and executes Hardware
encryption and decryption Apr 2009 Series A $5.5
202

Lastline provides malware protection platform to detect and stop advanced persistent Collect Detect Respond
treats, zero-day exploits and evasive malware. Its solution rapidly detects advanced
malware that other security solutions miss, eliminating data breaches, therefore saving
Description
money and time for customers, while protecting valuable data and brand reputation.
Lastline provides high-resolution and real-time malware analysis of network, email, web,
file and mobile vectors.
Deploy sensors wherever you need Detect evasive malware, regardless Respond Faster to new threats
unmatched malware visibility of how advanced more accurately
Founders / Collect malicious content in Unmatched accuracy: 100% threat Respond Smarter against latest
Management emails, web content, and network detection in NSS Detection Test malware
Christopher Kruegel Giovanni Vigna Engin Kirda Brian Laing George Chitouras traffic, including the cloud
Co-Founder & CEO Co-Founder & CTO Co-Founder & VP, Business Dev. VP, Engineering Global Threat Intelligence Respond Better and create new
Chief Architect & Products Collect from existing devices, Network: Malware is analyzed and workflows to automatically block
expanding your visibility shared with all Lastline customers new threats
Founded 2011
HQ Redwood City, CA Lastline Enterprise detects and defeats advanced malware that easily evades other security products to
Total Amt. Raised $52.2M infiltrate your network
Lastline Partnerships Funding Summary

Strategic Partners
Jul 2017 Series C $28.5
Aug 2014 Venture $10.0
Technology Partners Jan 2014 Series B Undisclosed
Apr 2013 Venture $2.8
Apr 2013 Series A $0.9 Undisclosed
203

Auth0 is a cloud service that provides a set of unified APIs and tools that instantly enables Auth0 allows customers to easily and quickly connect to apps, choose identity providers, add users, set up
single sign-on and user management for any application or IoT device. It is a modern rules, customize login page and access analytics from the Auth0 dashboard.
identity infrastructure, built for developers. Auth0 provides open source SDKs for all
Description Auth0 Platform
popular platforms, operating systems, devices and programming languages. It allows
connections to any identity provider from social to enterprise to custom Auth0 Login Box Breached Password Detection
Secures your website and any login breaches; Blocks hackers from impersonating users with
username/password databases. integrate business security with any application compromised credentials from data breaches
Passwordless Multi-Factor Authentication

Allows users to login without need to remember Removes the need for one-time codes; simply
Founders / their password; secure from brute-force entry download app and approve login requests with tap
Management of button
Jon Gelsey Matias Woloski Eugenio Pace Lewis Carpenter Chris Dukelow Auth0 Dashboard
CEO Co-Founder & CTO Co-Founder & VP, CMO CFO
Customer Success
Connect and Integrate with APIs, Enterprise
Founded 2013 and Different Databases
Everything can be controlled on the Auth0
HQ Bellevue, WA Dashboard; support more authentication options
Total Amt. Raised $54.3M become as simple as toggling a button.
Auth0 By the Numbers Funding Summary

Auth0 solves complex and large-scale identity use cases for global enterprises with their extensible and Date Stage Amount Raised ($M) Selected Investors
easy-to-integrate platform, security billions of logins every year
Monthly Logins
1.1B+ Securely
Authenticated
2K+ 42M+ 70+ 24/7 $6.9
Jun 2015 Series A
Enterprise Logins Countries with Support
Subscribers Everyday Auth0 Coverage 1.3M+ Malicious Logins
Prevented
Sep 2014 Seed $2.4
204

JASK designs technology that gives analysts greater support and leverage to eliminate JASK monitors networks end to end, using advanced AI to surface and triage the most relevant
cybersecurity exposure. It automates network monitoring and complements the attacks, while providing a clear picture of the attack surface. With instantaneous, deep
technology that security operations and compliance programs have been built around and knowledge about attacks, analysts can make decisions with more speed and confidence.
Description
easily integrates with existing processes. JASK’s services are a solution to overtaxed and
ACT
understaffed security teams that cannot respond to every single alert by using AI and
SmartAlerts give analysts full picture of each attack’s impact. By focusing without time
machine learning to prioritize threats. consuming forensic research, analysts can quickly and effectively eradicate the attack.
SENSE AUTOMATE
Founders / Within a single day, Operationalize the
Management JASK works to reveal speed at which similar
Greg Martin Damian Miller Mustafa Rassiwala Andrew Maloney attacks, developing a Acceleration Gives Analysts More attacks are addressed
Co-Founder, Co-Founder & VP, Head of Products VP, Field cumulative
President & CEO Customer Success Operations Leverage - And Yields Smarter, in the future, setting
understanding of the technology to hunt
Founded 2015 connected sequences More Strategic Hunting
HQ San Francisco, CA of events
EVOLVE
With more routine hunting offloaded to the technology, analysts can
continually increase the effectiveness of their work
Unprecedented, Entire-Network Visibility Customize at Will, Built on Open Source Funding Summary
Tap Into the Intelligence Community Automate Learnings For Increased Leverage
Feb 2016 Seed $2.0
205
Raises $75.0M In Series F Financing.

Sumo Logic provides a cloud-native machine data analytics service to build, run, and Collect & Centralize Research & Analyze
secure applications. The company offers solutions in the areas of continuous delivery, ▪ Easily run searches and correlate
▪ Collect terabytes of data from
monitor and troubleshoot, and compliance and security aspects that analyzes more than any application, cloud, server, events in real-time across the full
network device or sensor application stack
Description 100 petabytes of data, more than 16 million searches, and delivers 10s of millions of ▪ Centralized logging eliminates ▪ Reduce hundreds of thousands of
insights daily. It serves technology, retail/e-commerce, media and entertainment, need for additional archiving, log events into groups of patterns
backups and restores
telecommunication, financial service, education, healthcare, pharmaceutical, staffing, real ▪ APIs easily develop and
integrate data sources Monitor & Visualize
estate, manufacturing, travel, and government industries.
▪ Real-time dashboards unify all data
streams
▪ Compare status against operational
and security KPIs to gain visibility
Founders / into abnormal behaviors
Management
Alert & Notify Detect & Predict
Ramin Sayar Christian Beedgen Steve Fitz Bruno Kurtic Aaron Feigin
President & Co-Founder & Chief Revenue VP, Product & VP, Marketing & ▪ Use custom alerts when specific ▪ Analyze thousands of data
CEO CTO Officer Strategy Communication events and outliers are streams with a single query to
identified across data streams determine baselines and identify
Founded 2010 ▪ Proactively notify your team outliers
HQ Redwood City, CA when data deviates from ▪ Machine learning helps to detect
calculated baselines anomalies
Funding Summary
Unified Logs and Metrics Advanced Analytics Proven Customer Success Date Stage Amount Raised ($M) Selected Investors
Analyze all data in real Machine learning and Thousands of customers Jun 2017 Series F $75.0
time and monitor apps predictive analytics help rely on Sumo Logic for
and infrastructure in real- make sense of operational and business Jun 2015 Series E $80.0
time unexpected behavior insights
May 2014 Series D $30.0
Elastic Scalability Instant Value Secure by Design
Nov 2012 Series C $30.0
Multi-tenant architecture Pure SaaS offering; Industry’s benchmark
scales on demand to Provides access to in delivering secure Jan 2012 Series B $15.0 Shlomo Kramer
support rapid growth the latest capabilities SaaS
and cloud migration in minutes Dec 2010 Series A Undisclosed
206

Sparkcognition provides cognitive security analytics solutions. It offers SparkPredict that
applies algorithms to huge bodies of sensor data, identifies impending failures long before ▪ Signature-Free, Machine Learning-Powered Anti-Malware for endpoints
they occur, and alerts operators to sub-optimal operation before it can cause any harm; ▪ Analyzes DNA of unknown files and detects malware before it breaches your perimeter
Description and SparkSecure, a cloud service or an on-premise application that provides cognitive ▪ Autonomously adapts to latest variants of ransomware, viruses, Trojans, and worms and provides advanced
insights, which work by collecting structured and unstructured data, as well as applying protection against zero-day and polymorphic threats
algorithms to find trends, patterns, and anomalies. ▪ Leverages natural language processing to generate in-context descriptions and remediation
Founders /
Management
File Reputation & Multi-Vector Machine Natural Language
Detection & Response
Amir Husain Randy Printz David Asher Kenneth Wisian Usman Shuja Application Control Learning Processing
Founder & CEO COO Executive VP, Strategy Chief Architect, Defense VP, Market
Development
Founded 2013 ▪ Acquires and transforms sensor data ▪ Adds a cognitive layer of human intelligence at
HQ Austin, TX machine scale to traditional security solutions
▪ Applies proprietary classification and prediction
Total Amt. Raised $38.9M algorithms ▪ Identify new attacks automatically without relying
▪ Generate actionable insights and support root- on signature matching threats
Proprietary Algorithms cause analysis ▪ Collects massive amounts of structured and
unstructured data to learn and improve
Artemis Pythia
Funding Summary
▪ Autonomously build, test, and ▪ Automated model building algorithm
identify meaningful relationships Date Stage Amount Raised ($M) Selected Investors
▪ Uses machine learning techniques to
from thousands of combinations
distinguish noise from signals Jun 2017 Series B-II $32.5
▪ Find anomalies based on single or
▪ Combines Deep Learning and
combinations of variables Apr 2016 Series B $6.0
Genetic methods to develop models
that predict when the machine is
likely to fail Aug 2013 Series A $0.4 Undisclosed
207
Raises $70.0M In Debt Financing.

Alert Logic provides Security-as-a-Service solutions that secure the application and Cloud Defender Cloud Insight Threat Manager
infrastructure stack of the cloud. Alert Logic is a provider of information technology Managed Cloud Security AWS Vulnerability Management Network Intrusion Detection
network security services and technologies which include Threat Manager, a cloud- ▪ Centralized security management ▪ Complete visibility across AWS ▪ Real-time Network Monitoring
Description
powered threat management and vulnerability assessment solution that protects ▪ Managed threat detection and
environment
▪ Access to rich sources of
enterprises by identifying malicious behavior and questionable network patterns response ▪ Prioritized list of vulnerabilities internal/external data for
correlation
originating inside and outside of network. ▪ Rapid deployment ▪ 24x7 automatic protection of new,
changed or modified environment ▪ Unlimited internal and external
▪ Compliance without complexity
scans
▪ Visibility into your IT infrastructure
▪ Dozens of dashboards and reports
Founders / available out of the box
Management
Gray Hall Blake Allen Dave Colesante Greg Davis Misha Govshteyn
Web Security Manager Log Security Manager
Chairman & CEO SVP & General COO EVP, Global Sales & SVP, Products & Web Application Firewall Log Correlation & Analysis
Counsel Field Marketing Marketing
▪ Protects websites and business ▪ Collects, aggregates and
Founded 2002 critical applications from attacks normalizes log data
HQ Houston, TX ▪ 24x7 monitoring and incident ▪ Web interface gives unified view
Total Amt. Raised $387.3M escalation into all of your data
▪ Non-invasive, no-downtime ▪ Flexible data collection options
Acquisitions (2016) (2015) (2012) deployment modes
Benefits of Alert Logic Funding Summary

Cloud & DevOps Application Owners Security Pros Date Stage Amount Raised ($M) Selected Investors
Jun 2017 Debt Financing $70.0
Aug 2013 Private Equity $266.0

▪ Accelerate production with ▪ Innovate safely with security ▪ Simplify with one service for
API-driven security and that keeps pace with cloud and on-premises Jun 2012 Venture $7.5
DevOps automation continuous development ▪ Expand defenses with
▪ Scale and protect with elastic ▪ Prevent attacks by finding accurate, expert protection for Jun 2012 Series F $12.2
security vulnerabilities your web apps
▪ Focus on your business: no ▪ Preserve performance and ▪ Empower app and cloud pros Apr 2011 Series E $12.6
security staff or expertise availability with out-of-band with agility and protection 2005-2009 Series A-D $19.1
required detection
208

Cybereason specializes in endpoint protection, offering endpoint detection and response, Monitoring Hunting Incidence Response
next generation antivirus, and managed monitoring services. Founded by intelligence
professionals, Cybereason gives enterprises the upper hand over cyber adversaries. The
Description
Cybereason platform is powered by a custom-built-in-memory graph and detects
behavioral patterns across every endpoint and surfaces malicious operations in an
▪ Incident confirmation and ▪ Collect endpoint sensor data ▪ Incident data-gathering
exceptionally user-friendly interface. prioritization ▪ Detect suspicious activity ▪ Reverse malware
▪ System health monitoring ▪ Hunt for adversaries engineering
▪ Quarterly reporting ▪ Report findings ▪ Custom threat research
Founders / ▪ Turnkey security operations ▪ Executive and technical
Management reporting
Lior Div Yonatan Striem-Amit Yossi Naar Scott Ward Sam Curry DEEP Detect & Respond DEEP Prevent RansomFree
Co-Founder & CEO Co-Founder & CTO Co-Founder & CVO CFO CSO
▪ Increase visibility ▪ Centralized and endpoint- ▪ Stops ransomware from
Founded 2012 ▪ Reduce risk side analytics encrypting files
HQ Boston, MA ▪ Uplevel analysts ▪ Behavioral analysis in ▪ Protects against 99& of
Total Amt. Raised $188.6M Cybereason Deep Hunting ransomware strains
▪ Go beyond automation Engine
Cybereason Response Interface Funding Summary
Cybereason Response Interface Date Stage Amount Raised ($M) Selected Investors
The Cybereason
Response Interface Jun 2017 Series D $100.0
uses the information
collected by the Oct 2015 Series C $59.0
platform to tell an
easy-to-understand May 2015 Series B $25.0
visual attack story
Cybereason Sensors
209
Company Overview Product Technology Overview: Sqrrl’s Behavior Graph

Sqrrl is a threat hunting company, enables organizations to target, hunt, and disrupt Behavior Graph, which automatically transforms raw logs into actionable knowledge and contextual insight via
advanced cyber threats. Sqrrl operates a threat hunting platform that unites link analysis, entity extraction techniques.
user and entity behavior analytics, and multi-petabyte scalability capabilities into an
Description integrated solution to facilitate proactive detection of threats, such as advanced persistent
threat detection, data breach detection, malware detection, insider threat detection, alert
triage, incident investigations, threat intelligence analysis, and cyber situational awareness.
Founders /
Management
Mark Terenzoni Adam Fuchs Ely Kahn Ari Daskalakis Paul Lynch
CEO CTO VP, Business Dev VP, Field Operations VP, Sales
Founded 2012
HQ Cambridge, MA
Advanced Threat Detection and Response Platform Funding Summary

Target: Scope the data sets that will be used in Date Stage Amount Raised ($M) Selected Investors
the investigation, optimize with machine learning
Hunt: Proactively and iteratively search through
network and endpoint data to detect and isolate Feb 2015 Series B $7.0
advanced threats
Oct 2013 Series A $5.2

Disrupt: Seamlessly pivot from hunting to forensic
analysis to disrupt adversaries before they fully
execute their attacks Aug 2012 Seed $2.0
210

Illumio is a data center and cloud security company led by veterans with deep experience Illumio’s Adaptive Segmentation Capabilities Lets Organizations Understand & Protect Their Computing Assets In
in virtualization, networking and security. Illumio’s Adaptive Security Platform (ASP) is Minutes, Across A Range Of Formats In Both Data Centers & Public Clouds.
completely independent of underlying infrastructure and delivers visibility and control over With a patented, software-only
Description workloads running in any data center or cloud environment. It computes security politics architecture, the Illumio
Adaptive Security Platform
and ensures they are provisioned accurately by understanding and continuously adapting
provides the new foundation for
to changes in the infrastructure and applications. BARE-METAL SERVER VIRTUAL MACHINE CONTAINERS NETWORK PUBLIC & PRIVATE CLOUD data and cloud security.
Adaptive Segmentation Platform ADP Key Benefits

▪ Adaptive Segmentation continuously adjusts to changes in ▪ Eliminating Blind Spots inside data centers and cloud
application environment to keep enforcement intact ▪ Protecting the 80% of traffic that is invisible to perimeter
Founders /
▪ Live Visibility of applications, components and traffic firewalls
Management
▪ No dependency of underlying infrastructure to support new ▪ Enabling secure connectivity inside and between cloud
Andrew Rubin PJ Kirner Alan Cohen Nathaniel Gleicher Scott Downie or existing environments environments and private data centers
Co-Founder & Co-Founder & Chief Commercial Head of Cybersecurity VP, Support &
CEO CTO Officer Strategy Services ▪ Modeling of Policy to understand policy impact to ▪ Decreasing the Number of Firewall Rules by over 95%
application environment ▪ A Single Solution to Protect Applications
Founded 2013
▪ Auto-discovery and Policy Recommendations
HQ Sunnyvale, CA
Funding Summary
Illumio Services
Jun 2017 Series D $125.0
Enforce Adaptive Encrypt Data in Apr 2015 Series C $100.0

Gain Live Visibility
Segmentation Motion
Illumio adaptive segmentation is Illumination provides a live app SecureConnect provides on-demand, Sep 2013 Series B $34.5
designed to apply the exact level dependency map across policy-based encryption of data in
of protection needed to the environment showing workloads, motion between any Linux/Windows
environment, or application applications & traffic flows workloads and VPN gateways Jan2013 Series A $8.0
211

Netskope is a cloud application analytics and policy company. Using patented Netskope Features How the Context Engine Works:
technology, Netskope’s cloud-scale security platform provides context-aware governance
of all cloud usage in the enterprise in real time, whether accessed from the corporate
Description
network, remote, or from a mobile device. This allows security professionals to
understanding risky activities, protect sensitive data, stop online threats and respond to
incidents in a way that fits how people work today. Understand Protect Respond
▪ Offers visibility into ▪ Detects and ▪ Gives range of
all cloud usage remediate malware options to respond
▪ Gain granular and identify to violation
details about user, anomalies ▪ Can take immediate,
Founders / service, device, ▪ Use granular security automated action or
Management location for holistic and access policies deliver an
view of cloud to direct users and automated coaching
Sanjay Beri Ravi Ithal Lebin Cheng Krishna Narayanaswamy Steve Malmskog usage servers message
CEO Chief Architect VP, App Engineering Chief Scientist Chief Network Architect
By mapping out the API interactions of billions of transactions, the Netskope Context Engine has built the
Founded 2012 intelligence to cover all cloud traffic and to understand the details that make cloud security services such as
HQ threat protection, DLP, and granular policies more effective.
Los Altos, CA
Total Amt. Raised $231.4M Funding Summary
What Makes Netskope Different?
Jun 2017 Series E $100.0
Sep 2015 Series D $75.0

Advanced, Granular policies Netskope Context Technology Architected for Advanced threat Cloud-scale
enterprise DLP for all servers Engine integrations any use protection architecture
May 2014 Series C $35.0
Customers
Jan 2013 Series A $5.5
212
Raises $100.0M In Secondary Market Financing.

Tanium is a security and systems management solution that allows real-time data collection
Endpoint Security Endpoint Management
at enterprise scale. Its flagship product is a platform for IT departments to manage and
Threat Incident Patch Asset
control networks – even those comprising millions of machines and devices – with “15- Detection Response Management Inventory
Description second visibility” into network activity, rather than having to rely on days or even older
data. Tanium plans to replay the patchwork of security solutions with its near real-time Vulnerability Configuration Software Asset
Assessment Compliance Distribution Utilization
network scanning and management software, which consolidates multiple IT department
functions onto a single platform.
SIEM Big Threat File CMDB Help Asset Monitoring

Data Intelligence Reputation Desk Management
Founders /
Management Minimal Cost of Ownership, No Resilient Infrastructure = Complete Response Times Measured in
Effort to Scale Results Seconds
The Tanium
David Hindawi Orion Hindawi David Damato Scott Rubin Anirma Gupta Tanium’s unique architecture easily Designed for today’s rapidly Decentralized data aggregation and
Way
Co-Founder & Co-Founder & CEO CSO CMO General Counsel
Executive Chairman scales to millions of endpoints changing endpoints, we achieve distribution primarily across low-
without requiring ongoing 99%+ response rates from latency LAN traffic results in
Founded 2007
infrastructure additions, resulting in endpoints on the network. Every unparalleled speed and
HQ Emeryville, CA dramatic cost savings time performance
Funding Summary
15 Second Visibility and Control Customers
May 2017 Private Equity $100.0
12 of the top 15 US banks Sept 2015 Series G $148.0
May 2015 Series F $64.0
Accuracy Completeness Confidence 4 of the Fortune 10 May 2014 Series E $90.0
99%+ of your 99%+ of your 99%+ of your
endpoint data is endpoints endpoints are May 2010 Venture $0.8 Undisclosed
current provide data with always in their #1 company across 11 Jun 2009 Venture Undisclosed
$0.9
every pass desired state industries
July 2007 Series A $2.0 Undisclosed
213
Company Overview Crowdstrike Falcon Product Overview

CrowdStrike unifies next-generation antivirus, endpoint detection and response (EDR), and a 24/7
managed hunting service — all delivered via a single lightweight agent. The CrowdStrike Falcon™ ▪ Sophisticated machine learning-driven malware protection
platform, certified to replace legacy antivirus, has reinvented how endpoint security is delivered with its Falcon Prevent: ▪ Unique indicator of Attack behavioral blocking
industry-leading, cloud native architecture. CrowdStrike Falcon protects customers against advanced Next-Generation Antivirus ▪ Extensive prevention of privilege escalation and ransomware
Description cyber attacks, using sophisticated signatureless artificial intelligence/machine learning and Indicator of
Attack (IOA) based threat prevention to stop known and unknown threats in real-time. Core to its ▪ Complete real-time visibility of security-related endpoint activity
innovative approach is the CrowdStrike Threat Graph™ which analyzes and correlates over 40 billion Falcon Insight: ▪ Five-second search to discover current & historic endpoint activity
events per day from millions of sensors deployed across more than 170 countries, uniquely providing Endpoint Detection & Response ▪ Contextualize events by threat intelligence, providing attribution and
crowdsourced protection for the entire customer community. additional information about the attack
▪ Global team of expert adversary hunters watching 24/7
Falcon Overwatch: ▪ Reduce alert fatigue with proactive notification and actionable alerts
Managed Threat Hunting ▪ Augment existing in-house resources and improve operational efficiency
Founders / ▪ Leverage “power of the crowd” to identify new emerging threats
Management
Shawn Henry
▪ Real-time system inventory of all managed & unmanaged endpoints
George Kurtz Dmitri Alperovitch Colin Black
President, Crowdstrike
Burt Podbere Falcon Discover: ▪ Real-time application inventory of all applications in the environment
Co-Founder & CEO Co-Founder & CTO COO CFO
Services & CSO IT Hygiene ▪ Discovery API allowing integration with other IT tools to automatically
remediate unmanaged systems and unwanted applications
Founded 2011
▪ In-depth cyber security analysis and reporting
HQ Irvine, California
Falcon Intelligence: ▪ Attack attribution and identification of unique adversary TTPs
Total Amt. Raised $256.0M Cyber-Threat Intelligence ▪ Customizable feeds and API supporting a wide range of formats
▪ 80-plus adversaries tracked around the clock, around the globe
Why Crowdstrike Falcon?
Funding Summary
BETTER IMMEDIATE BETTER Date Stage Amount Raised ($M) Selected Investors
PROTECTION TIME TO VALUE PERFORMANCE
May 2017 Series D $100.0
Prevention and detection Cloud architecture reduces Consolidates a full range of
against all attack types- both cost while adding speed, security functionality into one
malware and malware free efficacy and scalability integrated solution Jul 2015 Series C $100.0
✓ Continuous monitoring ✓ Always protected without troublesome Sep 2013 Series B $30.0
✓ Gain insight into adversaries attacking signature updates
endpoints ✓ Identify unauthorized systems &
✓ Prevent sophisticated attacks instantly applications in real time
214

Attivo Networks provides dynamic deception technology, which in real-time detects The Attivo Solution
intrusions inside the network, data center, and cloud before the data is breached. The ThreatDefend Deception and Response Platform
Leveraging high-interaction deception techniques, the Attivo BOTsink Solution lures is designed to make the entire network a trap and to
force the attacker to have to be right 100% of the
BOTs/APTs to reveal themselves, without generating false positives. Designed for
Description time or risk being discovered. The solution combines
efficiency, there are no dependencies on signatures, database lookup or heavy distributed, high-interaction deception lures and
computation to detect and defend against cyber threats. Attivo solutions capture full decoys designed to provide early visibility into in-
forensics and provide the threat intelligence to shut down current and protect against network threats, efficient continuous threat
future attacks. management, and accelerated incident response
Comprehensive Reduction of Deception Improve Incident Identify and Defend Your
Deception & Decoy Attack Detection Authenticity Response with Understand the Network
Make the Entire Time Camouflage for Actionable Alerts Methods and Intent Reporting and
Founders / Network a Trap to Prevent Data Dynamic Substantiated Alerts of Hackers Automations to
Management Confuse and Exfiltration Behavioral Based on Attacker Analysis and Block Attacks and
Tushar Kothari Mano Murthy B.J. Shanker Ashok Shah Carolyn Crandall Venu Vissamsetty Misdirect Attackers Deception Engagement: No Forensics Quarantine Devices
CEO Co-Founder & Co-Founder & CFO & CMO VP, Security into Revealing False Positives
EVP VP, Operations VP, Finance Research Themselves
Founded 2011
Popular Use Cases
HQ Fremont, California
Lateral Movement Detection Exposed Credential & Attack Path Assessment Man-in-the-Middle
Insider, 3rd Party, Acquisition Integration Stolen Credential Ransomware Phishing
Platform Solutions Industry Solutions Specialized Environments: IoT, PoS, SCADA Cloud & Data Center Security Incident Response
Threat Detection Cloud Detection Specialty Detection Financial
Services
Energy Healthcare Funding Summary
Deception and decoy These include AWS, in These include
solutions provide an which the Attivo deception for ICS- Date Stage Amount Raised ($M) Selected Investors
additional line of deception platform uses SCADA Network
defense to address the deception techniques to protection, point-of-
situations where provide visibility to inside sales attack system, first
attackers have bypassed the data center threats. deception-based threat Retail Government High Tech May 2017 Series B $15.0
prevention security Open Stack integration detection platform for
systems and real-time provides efficient and IoT & distributed
notification of inside effective detection of deception platforms for
the network threats is network threats for automated incident Apr 2015 Series A $8.0
required virtualized SDDC handling
215
Raises $15.0M In Financing.

Vera develops and provides data security solutions for media and entertainment, professional
service, healthcare, financial service, pharmaceutical and biotechnology, and manufacturing
Vera For Files Vera For Mail Vera Platform
industries. The company offers a cloud-based information rights management platform that
Vera For Vera For Vera For
Description allows developers to build encryption, tracking, policy enforcement, and access control solutions
into their custom business applications. Its solutions allow clients to share files, create a hyper-
secure virtual deal room, secure data, track and audit data, send file blasts, automate file security,
and ensure regulatory compliance.
Military Grade File Encryption Seamless User Experience Granular Visibility & Control
▪ Military-grade AES 256 encryption at ▪ Fits into your company’s workflow ▪ 360° data visibility
the data level without impacting end-user ▪ Revoke file access instantly from
▪ Maintain data privacy experience any source
Founders / ▪ Encryption travels with your content ▪ Avoids risky end-user workarounds ▪ Enable/disable offline access & self-
Management everywhere destruct files anytime
Ajay Arora Prakash Linga Carmen Cerrelli Peeyush Rai Andy Zambito
Co-Founder & Co-Founder & VP, Finance & VP, Engineering VP, Worldwide
CEO CTO People Operations Sales
Founded 2014 Real-time Policy Enforcement Secure Any File, On Any Device Centralize Control & Analytics
HQ Palo Alto, California ▪ Change file permissions instantly ▪ Secure any type of file ▪ Full audit trail for regulatory
▪ Apply watermarks/screenshot defenses ▪ Security policies travel with your compliance
▪ Lock or kill files, even after they’ve data & remain with your files ▪ Instant mapping of file location,
been sent to recipients anywhere they’re stored access points & attempted hacks
Industry Solutions Awards
Funding Summary
Financial Services Media & Entertainment Manufacturing May 2017 Undisclosed $15.0
Feb 2016 Series B $21.0
Healthcare Biotech & Pharma Professional Services

Nov 2014 Series A $14.0
216

RedLock’s Cloud 360™ platform enables organizations to accelerate digital business by
managing security and compliance risks across their entire public cloud infrastructure without RedLock Cloud 360 Platform
impeding collaboration between software developers and IT operations to automate software Connects in minutes via APIs and aggregates massive volumes of raw configuration data, user activities, and
delivery. With RedLock Cloud 360, security teams gain a single view of existing and potential network traffic to produce concise, actionable insights. No agents or proxies.
Description risks over the entire cloud infrastructure, across multiple leading public cloud service providers
such as Amazon Web Services (AWS).The platform automatically discovers workloads within an
environment and enables continuous monitoring, anomaly detection, cloud forensics, adaptive Comprehensive Visibility Policy Monitoring
View your multi-cloud infrastructure Define policies based on industry
response, and compliance reporting.
environment from a single pane of standards and continuously monitor
glass for violations
Founders /
Management Anomaly Detection
Contextual Alerting
Automatically detect suspicious user
Varun Badhwar Gaurav Kumar Upa Campbell Wayne Jensen Alok Tongaonkar Leverage highly contextual alerts for
and network behavior using
Co-Founder & CEO Co-Founder & CTO VP Marketing Chief Architect Head of Data Science prioritization and rapid response
machine learning
Founded 2015
HQ Menlo Park, CA
Total Amt. Raised $12.0M Compliance Reporting
Cloud Forensics
Report on risk posture to your
Key Stats The Five Step RedLock Process Go back to any point in time and
management team, board of
investigate issues within seconds
Discover Your Leverage 50+ APIs to continuously aggregate volumes of configuration, user directors, and auditors
Environment activity, and network traffic data without impeding DevOps
Sensitive
4.8 Records Connect The
Dots
Applies machine learning to connect the dots between configuration, user
activity, and network traffic data Funding Summary
MILLION Discovered
Comprehensive Applies data science to integrate with threat intelligence feeds, vulnerability Date Stage Amount Raised ($M) Selected Investors
Understanding scanners, and SIEM solutions
$758
In Breach Quantify Your Scores each cloud resource for risk based on the severity of business
Costs Risks impact, policy violations, and anomalous behavior
MILLION Avoided Visualize Your Visualizes your entire cloud infrastructure environment with an interactive Feb 2016 Seed Undisclosed
Environment dependency map that provides insights into security and compliance risks
217
Company Overview Features and Benefits
Signifyd provides a risk and fraud-prevention platform that is designed to make Zero Fraud Liability Automated Back Office Simple Set-Up
commerce safer. The company’s platform allows businesses to increase sales and reduce
fraud losses, solving challenges that growing e-commerce businesses face – billions of
dollars in lost chargebacks, customer dissatisfaction, and operational costs. The
Description
company’s platform aids customer-service agents, providing a 100 percent financial
guarantee against fraud and shifting fraud away from e-tailers.
Signifyd automates the Signifyd transactions are Quick set-up time that allows
back office, allowing guaranteed to contribute to clients to instantly see orders
Founders / for clients to auto- client’s bottom line. arrive. It includes plugins for
Management fulfill and auto-cancel Chargebacks are paid back popular platforms and APIs for
their orders. within 48 hours. easy integration.
Rajesh Ramanand Michael Liberty Chendong Zou Vahe Amirbekian Johannes Fischli
CEO COO Head of Engineering Head of Risk Product Head of Business Op.
Founded 2011
Funding Summary
HQ San Jose, California Date Stage Amount Raised ($M) Selected Investors
Selected Clients
Sep 2016 Series B1 $19.0
Apr 2014 Seed $4.2
218

Dome9 is a cloud firewall management service. Their patent-pending security automation Dome9 Arc - SaaS platform to deliver comprehensive security, compliance & governance across public
creates a strong, front-line defense that stops zero-day vulnerabilities and exploits, secures cloud infrastructure environments.
remote access, and centralizes policy management. Available for the enterprise and hosting Network Advanced IAM Compliance
Description providers, Dome9 automates security policy management for cloud, dedicated, and Virtual Security Protection Engine
Private Servers (VPS). Their sophisticated security management platform controls Amazon
Model and enforce gold standard policies
EC2 & VPC Security Groups, as well as any OpenStack, CloudStack, and VMware vCloud- Protect against compromised Track, manage and report on
across accounts, projects, regions and
based private and public clouds. credentials and identity theft compliance posture
virtual networks
▪ Powerful visualization of network topology ▪ Enhanced layer of defense to existing public ▪ End-to-end security and compliance
and flows cloud IAM services management for continuous enforcement
▪ In-place remediation and active security ▪ Access restriction of IAM users and roles to ▪ Innovative new Governance Specification
Founders / enforcement contain blast radius Language (GSL) to create custom policies
Management ▪ Consistent management of security policies ▪ On-demand authorization to minimize risk ▪ Automated aggregation of data in real-time
across multiple public clouds of compromised accounts
▪ Over 500 industry best practices for security
Zohar Alon Roy Feintuch Eran Waldman Eyal Fingold Suda Srinivasan Jim Sortino
CEO & Co-Founder CTO & Co-Founder CFO VP, R&D VP, Growth VP, WW Sales ▪ Cloud-native, agentless security technology ▪ Audited tamper protection from suspicious encoded
protects all cloud assets user activity
▪ Industry best practices and built-in suites to
Founded 2010 ▪ Setup in under 5 minutes with no software ▪ Out-of-band authorizations from a mobile test compliance against standards
to install or agents to deploy device for added protection
HQ Mountain View, California ▪ Printable assessment reports for proof of
▪ Extensive automation delivering one-click ▪ Balance between seamless access and security posture across business units, virtual
Total Amt. Raised $29.3M operational simplicity practical security networks and cloud accounts
Comprehensive Security Solutions Across One Platform Customers

Funding Summary

Cloud Security Rugged Compliance and
Operations DevOps Governance Oct 2013
Convertible
$2.5 Undisclosed
Note
10x faster, simpler, Cloud Security at the Verifiable Cloud
and more effective Speed of DevOps Security May 2011 Series A $2.0
219

Cyber Global Risk Exchange (CyberGRX) develops and delivers a third-party cyber risk
management platform. The company offers CyberGRX, a platform through its design, Whether you are an enterprise, a third party or both, the CyberGRX platform streamlines your
automation, and advanced analytics enables enterprises to identify, assess, mitigate, and
third party cyber risk management program by reducing risk and lowering costs
Description monitor an enterprise’s cyber risk exposure across its vendor, partner, and customer digital
Enterprise Solutions Third Party Solutions
ecosystem. Its platform helps enterprises automate and standardize the collection of
information, as well as prioritize, evaluate, and remediate risk. CyberGRX’s proprietary Dynamic Fully validated assessments, long form
Risk Ranker™ recommends 3 Tiers of self-assessments with automated
Plan appropriate level of due diligence Assessment validation, and short form self-
for each third party assessments with self-attestation
Founders / CyberGRX provides Risk

Share Share CyberGRX assessments
Management Assess Assessment as a Service (RAaaS) with upstream business partners
Fred Kneip Jonathan Simkins Patrick Gorman Bryan Smith Tony Urbanovich Scott Schneider
CEO CFO Head of Strategy, Product CTO COO CRO CyberGRX identifies largest risk Quarterly Three tiers of assessments offer
Mitigate exposures and recommends
Assessment comprehensive analysis
Founded 2015 prioritized remediation advice
HQ Denver, Colorado
CyberGRX ingests threat & business
Help company grow by leveraging
Total Amt. Raised $29.0M intelligence from top providers & Growth
Monitor first class cyber security as a
correlates back to third parties in your
differentiator
ecosystem
Future of Third Party Cyber Risk Management Industry Solutions
Funding Summary
Financial
Energy Healthcare
Services Date Stage Amount Raised ($M) Selected Investors
Apr 2017 Series B $20.0

Mitigate Reduce Costs Scale Consumer & Information
Identify and mitigate The CyberGRX Scale questionnaire Industrials
Retail Technology
risk across your entire Exchange lowers the response program by
digital ecosystem with cost for companies to completing and Jul 2016 Series A $9.0
actionable, risk-based assess third party cyber sharing one
analytics risk assessment
220
Raises $40.0M In Private Equity Financing.

PAS is a provider of software solutions for ICS cybersecurity, process safety, and asset ICS Cybersecurity Automation Asset Management Operations Management
reliability to the energy, process, and power industries worldwide. PAS solutions include Secure ICS assets by leveraging Simplify configuration Transform process safety and
industrial control system cybersecurity, automation asset management, IPL assurance, industry leading inventory and management across all profitability by gaining real-time
Description configuration management automation assets to ensure insights into operational risk
alarm management, high performance HMI™, boundary management, and control loop technology operational reliability
performance optimization. PAS solutions are installed in over 1,100 facilities worldwide in
more than 70 countries.
Harden Security and Drive Compliance with Production-Centric Cybersecurity

▪ Maintain an evergreen inventory across all major proprietary and traditional IT control systems
Inventory ▪ Capture configuration data that IT-based approaches miss (I/O cards, firmware, control strategies)
Management ▪ Enable automated configuration and patch management
Founders / ▪ Reduce manual inventory efforts by 90%
Management
▪ Capture a reliable, comprehensive configuration security baseline
Eddie Habibi Dennis Ahrens Tamara Anderson Mark Carrigan Alan Elliot Jason Haward-Grau Configuration ▪ Detect unauthorized configuration changes before they become a problem
Founder & CEO VP & Chief VP, Corp Strategy & COO SVP, Global Sales CISO ▪ Automate alerts and policies to support cybersecurity requirements
Software Architect General Counsel Management
▪ Remediate unauthorized changes using workflow-driven incident response protocols
Founded 1993 ▪ Access the relevance and impact of Microsoft™ patches and vendor bulletins
Patch ▪ Drive the patch testing and mitigation using workflows
HQ Houston, Texas Management ▪ Audit patch processes for internal and regulatory compliance

▪ Enforce national and international compliance standards
Compliance ▪ Avoid regulatory fines and penalties from non-compliance
Customer Base Partners Management ▪ Enable standards, custom, and location-based reports for audit readiness
▪ Automate onsite and offsite backups for all major proprietary control systems
520+ Customers Including: Backup & ▪ Integrate proprietary system backups into disaster recovery plans
Recovery
13 of 15 ▪ Accelerate recovery from an outage or cyber incident
Top Chemical Companies
10 of 15 Funding Summary
Top Refining Companies Date Stage Amount Raised ($M) Selected Investors
5 of 15 Apr 2017 Private Equity $40.0
Top Power Companies
221

Synack provides a cloud-based platform that enables customer data integrity, privacy, and Solutions Process Benefits Synack’s Hydra Technology
confidentiality. The company’s military-grade virtual private testing environment platform
Built To Integrate With Human Beings
Description allows the global security community access to enterprises and engages global security
Hydra is purpose-built to produce intelligence that is
researchers to test systems in virtual private testing environments, as well as provides immediately actionable by the SRT, making their
secure manual security assessment. discovery processes extremely efficient
Actionable Intelligence. Not Information Overload

Hydra delivers contextualized, ongoing change detection,
Synack Red Team + allowing researchers to investigate security issues and
Launchpoint Customer Assets
Founders / Hydra Technology determine which vulnerabilities are exploitable
Management
Hydra technology All Synack Red Synack tests each Continuous Perimeter Monitoring
enables the Synack Team testing activity customer asset on As you digitize your business at an accelerated pace,
Jay Kaplan Mark Kuhr Amit Sirdeshpandey Sridhar Nanjundeswaran Jim Hyman
CEO CTO VP, Finance VP, Engineering CRO Red Team to is routed through a continuous basis maintain control and visibility of your internet-facing
continuously our secure gateway and provides real- assets
Founded 2013 discover technology, time testing
vulnerabilities providing our clients coverage results Save Time and Money
HQ Redwood City, California
efficiently and with full and analytics Hydra is hosted in the cloud, meaning no physical or
Total Amt. Raised $55.3M effectively transparency and virtual appliance to install, no software to deploy, and no
control infrastructure to acquire and maintain
Synack Provides World Class Security Services to Enterprises

Funding Summary
Scale Your Team Evaluate Risk Efficiently Analytics and Trends Secure Your Assets
Harness the power of a private, Understand where a Our real-time analytics provide Get a dynamic and holistic
global network of the industry’s vulnerability is and the impact it you with vulnerability trends overview of your ever-evolving
most sought-after security talent can have on your organization. across all your assets. This attack surface. The Synack Red
to diversify your team’s scope Synack also validates if coverage can help you spot Team works to identify any Apr 2014 Series A $7.5
and scalability for security vulnerabilities are closed, systemic problems and exploitable vulnerabilities across
testing creating a feedback loop understand where you can your internet facing assets
unmatched by point-in-time improve your security Aug 2013 Seed $1.5
assessments
222
Raises $89.0M In Series F Financing.

Armor is the First Totally Secure Cloud Company™ that protects customers’ vital assets ARMOR: DEDICATED CYBER SECURITY EXPERTS AT YOUR SERVICE
and helps prevent data breaches through managed multi-layer security for public and
Industry Services Cloud Security Features Products
Description private clouds. The Armor team also applies extensive military cyber security experience
for proactive threat detection, response and remediation. Forward-thinking organizations Intellectual Property Maintaining
trust Armor for data security and compliance to stay ahead of cyber threats in the cloud. securely manage most Compliance
valuable asset – your ideas Designed for all clouds in mind.
Protect data workloads and
Payment Compensate for the applications, whether they’re hosted
multi-layered security in a public cloud or your own IT
Human Element
prevents data breaches environment
Founders /
Management Healthcare
safe haven for electronic
Prevent Data
Chris Drake Jared Day Jeff Schilling Diana Massaro Noah Knippa records, information, etc. Breaches Provides high-performance cloud with
Founder & CEO President CSO CMO CFO the highest level of protection, while
Compliance Standards exceeding compliance requirements
Founded 2009 Recover Fast from and providing 24-7 security
meets any regulatory or
Cyber Attacks and support
HQ Richardson, Texas compliance standard

Funding Summary
Armor Makes Cloud Compliance Easier Partners Date Stage Amount Raised ($M) Selected Investors
Apr 2017 Series F $89.0
Apr 2014 Series E $25.0

▪ Armor actively defends sensitive ePHI, PII, Jun 2013 Series D $12.0
credit card and transaction data
▪ Outsource costs tied to staff, audit expertise and Sep 2012 Series C $10.0
security via secure hosting solutions
▪ Audit-friendly and designed to address key Sep 2011 Series B $10.0 Neil Rapoport
requirements of PCI and HIPAA compliance
May 2011 Venture $1.1 Undisclosed
▪ Mapped roles and responsibilities for smooth
PCI and HIPAA compliant hosting Mar 2010 Series A $2.0 Pat Sullivan & Doug Ducey
223
Raises $4.4M In Series A-II Financing To Close Out $11M Series A .

Bayshore Networks develops cyber security software for the industrial Internet of things
(IoT). The company's platform protects operational technology (OT) machines, networks, IT/OT Gateway™
applications, and workers and provides inspection and filtering of network flows, policy
Description ▪ Provides IT with complete visibility into OT
building and enforcement, and detection of segment industrial protocols. Leveraging
these capabilities, Bayshore delivers ROI in areas such as M2M cybersecurity, processes, applications and data
operational continuity, data loss protection and plant safety.
▪ Ensures employee safety in production
zones
▪ Provides visibility into operations & access
Founders / to analytics
Management
▪ Supports all popular industrial protocols
Michael Dager Francis Cianfrocca Bob Lam Kirby Wadsworth Andres Andreu
CEO Founder & Co-Founder & VP, CMO VP, Engineering
Chief Scientist Corp Dev & Finance SingleView™ Policy Management SingleKey™ Policy Enforcement Pallaton™ Policy Engine
Founded 2012
Provides a secure, centralized Delivers and enforces policies Policy-Driven Security enforces
HQ Bethesda, MD server-based management across the industrial operational policies in security,
Total Amt. Raised $11.4M system sets and administers environment and supports the operations & business rules
policy enforcement points range of OTC device protocols
Strategic Alliances & Software Integration Partners
Funding Summary
Strategic Alliances Software Integration Partners
Mar 2017 Series A-II $4.4
Convertible
Mar 2016 $0.4
Note
224
Raises $7.0M Series A-II Extension To Close Out $14M Series A Financing Round.

RiskSense, develops and provides a hosted SaaS cyber security platform for organizations
worldwide. It offers RiskSense Platform, a cyber risk management solution that The RiskSense Platform
empowers enterprises and governments to reveal their particular cyber risk exposure The RiskSense Platform transforms cyber risk management into a more pro-active, collaborative, and real-time discipline. The
platform embodies the expertise and deep knowledge RiskSense has gained from defending critical networks against the world’s
Description across a growing attack surface, orchestrate remediation, and monitor the results. The most dangerous cyber adversaries. As part of a team that collaborated with the U.S. DoD & U.S. Intelligence Community,
company also provides RiskSense managed services, including basic managed network RiskSense founders developed Computational Analysis of Cyber Terrorism against the U.S. (CACTUS), Support Vectors Intrusion
Detection, Behavior Risk Analysis of Vicious Executables (BRAVE), and the Strike Team Program
risk assessment, advanced managed network risk assessment, and managed PCI ASV
Internal Security Intelligence
scanning; and a web application security service.
The RiskSense Platform can consume and correlate data
from tools such as Vulnerability Scanners, Application
and Event Monitoring Systems, Database Security and
Data Leakage Systems, Configuration Management
Founders / Systems, Patch Management System, and many more
Management
External Threat Information
Srinivas Mukkamala Brett Newsome Mark Fidel Christopher Acton Randy Hager
Co-Founder & CEO CFO Co-Founder & VP, Operations & VP, Global Sales The RiskSense Platform delivers external threat data from
Head of Corp Dev Services the RiskSense Cyber Security Research Center, which is
Founded 2015 continuously monitoring the cyber space for emerging
threats. It unifies this data with threat intelligence feeds
HQ Albuquerque, NM from other industry sources to provide the most accurate
threat assessment available in the industry
Business Criticality
Building The Next Generation Security Ecosystem Business Criticality The RiskSense Platform ingests data that
helps determine business criticality, such as asset
Provides Protection Across A Wide Number Of Industries Selected Clients classification and enterprise architecture
Funding Summary
Education Financial Services Media Telecom
Mar 2017 Series A-II $7.0

Government Healthcare Utilities Retail
225

Trillium offers Internet of Things (IoT) cybersecurity solutions for protecting mission critical
A Comprehensive Automotive Cyber Security Suite, Covering The Entire Automotive
automotive and IoT networks from malicious cyber-attacks including intrusive
Cyber-System From IVN, IPS to OTA.
manipulation and passive monitoring or eavesdropping. Trillium has developed a full
Description product potfolio to protect in-vehicle networks, automotive CAN & LIN bus, automotive
Ethernet, & IoT sensor networks. The company also offers a full line of IoT solutions,
including HeavenZ, a domain-based IoT convergence platform to converge
heterogeneous and remote devices from edge to edge to cloud.
Firewall Encryption Secure OTA Updates
Prevents any unauthorized messages to get Encryption of Small Payloads (2/4/8 bytes) Enhancements to SecureCAR security library
through to the automobile’s system or for Real-time Usage Cases and are deployed to vehicles in the field to
execute any form of action Applications harden in-vehicle systems against new
Founders / identified threats
Management
Sachio Semmoto David Uze Nobuhiko Koyama Tomoyuki Uda

Chairman & Board Member President & CEO Director Operating Officer
Aggressive Counter Measures Authentication Cyber Security Library
Founded 2014 When an anomaly is detected, platform MAC-less authentication that has no Trillium auto cyber suite is better than what
HQ Tokyo, Japan executes counter attacks to the hacker, impact on the message block/payload is available due in part to our novel,
identifying the source and killing it innovative software-only based approach
Trillium is Tackling a Large and Growing Market

AI- Enhanced Machine Learning Dynamic Key Lock Pairing V2I V2V V2X
200 MILLION 20,000 Combines intrusion detection,
intrusion protection and other firewall
Simultaneous asymmetric master key
exchange for up to 200 devices in less
On top of a fully agnostic approach,
Trillium’s SecureIOT will run on
Bugs in Average functionality to automatically improve than 2 seconds virtually any chip set/RTOS
Cars at risk by 2020 protection combination.
Connected Car
Funding Summary
12 MILLION 13,000 Date Stage Amount Raised ($M) Selected Investors
Lines of Code in Security Bugs in

Average Car Average Car
226

Description Evident.io is the pioneer and leader in security and compliance automation for public
Continuous Security & Compliance for your Public Cloud
cloud. The Evident Security Platform (ESP) enables any organization to proactively manage
cloud security risk — improving overall security posture, all from a single dashboard. ESP Complete Continuous
continuously monitors an organization’s entire AWS footprint, assessing security risks, Ability to assess risk across all 50+ AWS services, and provide a Continuously monitors your cloud infrastructure to automatically
providing security staff with expert remediation guidance, and enabling simple security single, aggregated view into all your accounts & regions identify & assess security misconfigurations, so remediation is swift
auditing and compliance reporting. Built on Amazon Web Services APIs, ESP is agent-less Security & Compliance for
and can be deployed to even the most complex environments in minutes. Real-Time Compliance
Amazon Web Services
Built for Modern Cloud

Faster Remediation
Environments
Founders /
Management Complete Visibility into Continuous Monitoring &
Cloud Ecosystem Security 24/7
Tim Prendergast Justin Lundy Claire Medeiros John Martinez
Founder & CEO Founder, CIO & CTO VP of Engineering Principal Solutions Architect
Results in Protects All Automates Over Analyzes Per Day
Founded 2013
HQ Pleasanton, California
5 84 750 360
Minutes AWS Services Best Practices Million Risks
Key Features Third-Party Integration
Funding Summary
Complete and Real Time ESP integrates its security and compliance checks into
continuous deployment processes by coordinating with Date Stage Amount Raised ($M) Selected Investors
See risk across all of your AWS accounts,
regions, and services in one popular DevOps tools
customizable view. Feb 2017 Series C $22.0
Simple Compliance
See your compliance stance continuously Apr 2016 Series B $15.7
and get easy one-button compliance
reports.
Nov 2014 Series A $9.9
Fast Results
Agentless, API-centric software means
that you can see your first dashboard in Sep 2013 Seed $1.5
minutes.
227

HackerOne is a vulnerability disclosure company that established the first bug bounty
HackerOne becomes the partner who executes all aspects of your bug bounty program,
platform that connects businesses with security researchers. They empower companies to
including triage, bounty pricing, & hacker relations, to allow your focus on fixing vulnerabilities
protect consumer data, trust and loyalty by working with the global research and hacking
Description
community to surface your most relevant security issues. Companies pay hackers through
as a reward for identifying vulnerabilities in their systems/products. The platform enables
secure intelligence report sharing, payment and a reputation system for hackers. Built By Experts Improve Efficiency Find Issues Faster
Built by expert experience leading Simplifies the process of coordinating Friendly hackers quickly find security
vulnerability management and bug multiple reports and researchers by holes before malicious hackers do so
bounty programs at Facebook, summarizing security issues in a single that companies can better protect their
Founders / Microsoft and Google security inbox brand
Management
Mårten Mickos Alex Rice Ning Wang Michiel Prins Jobert Abma
CEO Co-Founder & CFO / COO Co-Founder & Co-Founder &
CTO Product Engineering
Founded 2012 Hacker Trust Dynamic Platform Intelligence Confidential Reports

Hackers build reputation based on Applies intelligent pattern matching to Users have complete control over
HQ San Francisco, California report validity and incentives based find common issues across companies. who has permission to view and
Total Amt. Raised $74.0M on user reviews. The best The platform also displays security interact with security reports.
researchers rise to the top statistics in easy-to-read graphs
HackerOne Has Served Over 600 Organizations Across Every Industry To
Find Their Critical Software Vulnerabilities Funding Summary
Feb 2017 Series C $40.0
228

Description Exabeam provides a behavior-based security intelligence platform. It detects and assesses Exabeam Security Intelligence Platform provides
risky activities on a network; connects user activities across multiple accounts, devices, and Collect
organizations of all sizes with comprehensive,
IP addresses to create a coherent timeline; and presents risky user profiles to analysts to Exabeam Cloud Connectors offer direct log collection end-to-end detection, analytics, and response
respond to incidents quickly. The company transforms security analytics by connecting capabilities to augment the natural log collection capabilities of capabilities from a single security management
individual user events into activity sessions; flags risky activity using advanced statistical Exabeam Log Manager to easily report and analyze users’ cloud and operations platform
analysis with baseline profiling for deviation measurement; and offers Threat Hunter, a activity and behavior alongside activity on internal systems
security intelligence query tool to complement user behavior analysis.
Detect
While Exabeam Advanced Analytics uses machine learning
techniques to notify an analyst about emerging threats; Exabeam
Founders / Threat Hunter enables security analysts to search multiple
Management dimensions of user activity to find sessions that contain specific
unusual behaviors
Nir Polak Domingo Mihovilovic Sylvain Gil Ralph Pisani Rick Caccia
CEO & Co-Founder CTO & Co-Founder VP, Products &
Co-Founder
EVP, Field Operations Chief Marketing Officer Respond
Founded 2013 Exabeam Incident Responder automates firms’ response
HQ procedures through the use of incident workflows and
San Mateo, California
playbooks. It includes prebuilt playbooks for common incidents
Total Amt. Raised $65.0M that response teams face, such as malware alerts, phishing
incidents, etc.
Exabeam User and Entity Behavior Analytics gives you the ability to track threats Funding Summary
across multiple tactics and removes the analysis boundaries between physical and
cloud infrastructures Date Stage Amount Raised ($M) Selected Investors
Feb 2017 Series C $30.0
Sep 2015 Series B $25.0 Shlomo Kramer
Insider Threat User & Entity Data Loss Advanced Threat Compliance Breach Jun 2014 Series A $10.0 Shlomo Kramer
Evaluation Behavior Analytics Prevention Detection Reporting Investigation
229

Description SentinelOne provides endpoint security solutions. Its products include SentinelOne
The Endpoint Protection Platform (EPP) unifies prevention, detection, and response in a single platform driven by
Endpoint Detection & Response which stops advanced threats and provides real-time
sophisticated machine learning and intelligent automation
forensics across multiple platforms and SentinelOne Endpoint Protection Platform, an
endpoint security solution that combines prevention, detection, mitigation, remediation, Predict Malicious Behavior Protection Across Major Vendors
and forensic capabilities. The company also provides professional services, including ▪ Continuous System-level ▪ Take advantage of powerful behavior-based threat detection to
forensic consultation and malware analysis and support. Monitoring protect private data from advanced malware and digital attacks
▪ Behavioral Detection of ▪ Software compatible with Windows, OS X, and Linux platforms
Advanced Malware,
Exploits & Live Attacks Machine Speed Response
▪ Real-time Forensic ▪ Automatically eliminates threats immediately when they are
Founders / Analysis detected and quarantines any malicious processes
Management ▪ Attack Story Visualization
Attack Visualization
Tomer Weingarten Almog Cohen Ehud Shamir Sameet Mehta Jeremiah Grossman Rapidly Eliminate Threats ▪ Gain full-context attack forensics, complete endpoint
Co-Founder & CEO Co-Founder & CTO Chief Security Officer CFO & Board Member Chief of Security Strategy ▪ Zero-Touch Mitigation visibility, and a comprehensive identification of all track
▪ Robust Containment
Founded 2013 attacks in real time
▪ Full Remediation
HQ Palo Alto, California Lower TCO (Total Cost of Ownership)
Seamlessly Adapt Defenses
▪ Encompasses prevention, detection, & response in a single platform
Total Amt. Raised $109.5M ▪ Auto-Immunization
▪ Simplicity of use & comprehensiveness of software allows for
▪ Cloud Intelligence
efficiency in time and costs
Sentinel One Unified Approach Industry Solutions
Pre Execution
Oil & Gas Healthcare
Funding Summary
▪ Prevention
Single Lightweight Agent
▪ Whitelisting/ Date Stage Amount Raised ($M) Selected Investors
▪ Blacklisting
On Execution Jan 2017 Series C $70.0

Single Management Console ▪ Dynamic Malware
Endpoint & Exploit
Financial Services Education Oct 2015 Series B $25.0
Detection
Protection
Fewer FTEs Platform (EPP) Post-Execution Apr 2014 Series A $12.0
▪ Mitigation
▪ Remediation Mar & Aug 2013 Seed $2.5
Reduced TCO ▪ Forensics
230

Description ProtectWise is disrupting the security industry by providing a pervasive view of the
network, layered with refined analytics and a clear interface that enables high Network Memory
performance threat hunting and accelerated incident response. The ProtectWise Grid The ProtectWise Grid is a memory for your network
combines unlimited visibility and the detection of complex threats that develop over
time, giving the security team the strategic advantage to stop attacks before they reach Adaptive Network Unlimited Forensic Flexible Network
their goal. By harnessing the power of the cloud, ProtectWise has the unique ability to Capture Recording Coverage
create an unlimited retention window with full-fidelity forensics, automated
retrospection and advanced visualization. Unified Data
Secure API Access Fast, Intuitive Search
Haystack
Founders /
Management
Wisdom Engine ProtectWise Visualizer
Threat Intelligence and Automated Network Security Overview with Clear,
Scott Chasin Gene Stevens Michael Lipfield Ramon Peypoch David Gold Retrospection Capabilities Comprehensible Interface
Co-founder & CEO Co-Founder & CTO CFO CPO VP, Product Management
Founded 2013
HQ Denver, Colorado Analyzes and Detects real- Provides
inspects over time targeted collaborative Comprehensive Advanced Situational Full visibility
Total Amt. Raised $67.0M 4,000 applications attacks correlation of view of the threat reporting on into network
and protocols security events network visualization events by stage traffic &
Integration Partners across customers bandwidth
Funding Summary
The ProtectWise Grid: How It Works
Jan 2017 Series B-II $25.0
Remote Enterprise ProtectWise Enterprise Corporate Nov 2015 Series B $20.0

Offices DMZ Grid Core Cloud
The ProtectWise software sensors deploy anywhere in the security network, to optimize May 2013 Seed $3.1
and passively replay all network traffic into the secure cloud platform
231

Description Phantom provides a security automation and orchestration platform that orchestrates key
stages of security operations from prevention to triage and resolution. The company’s Phantom Operates On Data Sources
platform integrates with users’ existing security technologies to provide a layer of Phantom operates internally on JSON, giving it full access to data contents. Data can be pushed to
connective tissue between them; streamlines security operations through the execution of Phantom or pulled from externally supported SIEM or analytic tools
digital Playbooks that are the codification of security operations plan; automates arbitrary
security data, such as incidents, threat indicators, vulnerabilities, emails, and more; Phantom Executes Playbooks
supports actions across its set of supported products; and orchestrates security operations Phantom uses advanced Python scripts called “playbooks” to execute any security operations needed.
on security and infrastructure assets. Playbooks execute actions on any devices and/or assets that the client connects to Phantom
Playbooks Call Actions

Founders / Phantom abstracts high level Playbook processes into actions that the client can call. For example,
Management calling “block URL” or “quarantine device” or “Hunt File” will execute the user’s desired action
Oliver Friedrichs Sourabh Satish CP Morey Erich Baumgartner Dan Ramaswami Actions Are Exposed By Phantom Apps
Founder & CEO Co-Founder & CTO VP, Products & Marketing VP, Field Operations Dir. Security Engineering
Phantom is able to integrate with third party security products, adding it to the security operations
Founded 2014 interface and providing a comprehensive security ecosystem
HQ Palo Alto, California
Apps Connect To Assets
Phantom coordinates security operations on security assets, such as firewalls, SIEMs, etc. Owners can
Phantom Is Revolutionizing Enterprise Security be assigned to certain assets so they can give permissions before any action is performed on that asset
Smarter Faster Stronger Funding Summary

Playbooks act and respond Incident response lifecycle is Consolidation of security
to critical situations on their shortened due to automatic operations creates a
coordination of security assets to Date Stage Amount Raised ($M) Selected Investors
own accord stronger security capability
respond together
Phantom Integrates With A Number of Applications
Sep 2015 Series A $6.5
Apr 2015 Seed $2.7
232

Bitglass provides security solutions that automatically segment, track, and secure
Cloud Mobile Discovery
businesses’ sensitive data across cloud and mobile without invading the employees’
Protect Your Data Secure Mobile Devices Gain Actionable Intelligence
privacy. Its mobile security solutions offer alerts and insights into suspicious behavior, as Across All Apps Without Agents & Limit Damage
Description well as warn clients of potential policy or security issues. The company’s cloud solution
enables users to track an organization’s sensitive data, including confidential files and OUR SECURITY SOLUTIONS
corporate data through the Internet, as well as alert clients on policy violations, data Cloud Security Cloud Encryption
leakage, and other security issues. ▪ Gain visibility into cloud usage; ▪ Protect sensitive cloud data at-rest
integrates with popular SIEMs to while maintaining application
consolidate security awareness functionality
▪ Secure data with Citadel DLP ▪ Omni multi-protocol proxy architecture
▪ Control Data Access—Limit access ensures robust, real-time protection
Founders / based on user context from any device
Management
Mobile Security Shadow IT & Breach Discovery
Nat Kausik Anurag Kahol Drew Urushima Chris Chan Anoop Bhattacharjya ▪ Control mobile data access ▪ Quickly uncover threats to corporate
CEO CTO SVP, Finance SVP, Engineering Chief Scientist
▪ Select wipe capability can limit data data security
Founded 2013 leakage in event of device loss/theft ▪ Discover threats that are invisible to
▪ Works with iOS, Android, and other traditional firewalls, proxies & NGFs
HQ Campbell, California major platforms ▪ Fast & easy solution deployment
Security & Compliance For Any Cloud App Broad Industry Coverage Funding Summary
Financial Date Stage Amount Raised ($M) Selected Investors
Education Healthcare
Services
Jan 2017 Series C $45.0
Government Manufacturing Aug 2014 Series B $25.0
233
VII. About
Momentum Cyber
VII. About Momentum Cyber
Firm Overview.
i. Momentum Cyber: Lifecycle Advisory For Cybersecurity 236
ii. About The Firm 237
iii. The Launch of Momentum Cyber 238
iv. Balanced & Highly Experienced Advisors 239
v. Tremendous M&A Track Record In Cybersecurity 240
vi. M&A In Cybersecurity | A CEO’s Unique Perspective 241
vii. Momentum’s Vast Cybersecurity Network & Reach 242
viii. Thought Leadership In Cybersecurity 243
235
Momentum Cyber
Lifecycle Advisory For Cybersecurity.
The Founders
World Class Operators & Advisors Empathy
Momentum Cyber is the premier Dave DeWalt
Founder & Chairman Objectivity
trusted advisor to the Cybersecurity 30+ Years in Tech, 17 Years as CEO
>$20B in Value Creation
industry providing bespoke high-impact Action
Michael Tedesco
advice combined with tailored senior- Founder & Managing Partner
20+ Years M&A and Board Advisory Across
Enterprise IT, Board Member, & Investor
level access. The firm was founded by Tenacity
Eric McAlpine
world-class operators and advisors and Founder & Managing Partner
20+ Years Cybersecurity Board/CEO
caters to the unique needs of both Advisor, Founder & Engineer Innovation
earlier stage Founders, CEOs, & Boards
as well as the complexity of later stage
Keith Skirbe Dino Boukouris
Director
Long Term Loyalty
Director
& public companies throughout their

Sense of Humor
lifecycle – Incubation to Exit. 200+ Deals $200+ Billion
236
About The Firm
World-Class Operators & Advisors.
Momentum Cyber provides world-class M&A and strategic advice combined with unparalleled senior-level access to the Cybersecurity
ecosystem. We advise on a broad range of strategic activities, including mergers and acquisitions, board & special situations, corporate strategy
& development, corporate finance, and operational excellence. We are a mission driven firm with a passion for Cybersecurity.
2018 33 $14B 200+ $200B+

Year Founded After Highly Successful Wall Cybersecurity M&A Transactions & Total Deal Total M&A Transactions & Deal Value
Street & Cybersecurity Executive Careers Value Executed By Team Members Since 2002 As A Team Since 1994
$433M $140M $20B+ 70+

Average & Median Cybersecurity Value Creation To Shareholders Combined Years In Cybersecurity As
M&A Deal Value As CEO, Board, & Investor World-Class Operators & Advisors
Cyber Exit Savvy – Deep Expertise Unparalleled Access Across the Unrivalled Thought Leadership In
Selling to Strategic & Financial Buyers Cybersecurity Ecosystem with Executives, Cybersecurity Through Insightful
Board Members, Investors, & CISOs Research, Market Reviews, Media
Appearances & Speaker Engagements
237
The Launch of Momentum Cyber
Testimonials About Momentum Cyber.
“The launch of Momentum Cyber is a monumental development for the cybersecurity industry, filling an unmet need for “The new partnership between Dave, Eric and Michael is
deep domain expertise combined with world-class strategic advisory and M&A experience, particularly for emerging extremely exciting as it will fill a significant gap by combining
growth companies. At Momentum Cyber, we will serve our clients as the premier firm singularly focused on providing the hands-on operational experience with advisory expertise, making
highest level of trusted advice to the ever-evolving cybersecurity ecosystem. I created this partnership with Michael and Momentum Cyber massively differentiated throughout the
Eric specifically for their combination of industry depth, unrivalled M&A track record, and pensive forward-thinking.” cybersecurity industry.”
– David DeWalt, Founder & Chairman, Momentum Cyber - Jay Leek, Managing Director & Co-Founder, ClearSky Security
“Momentum has been serving as ADT’s cybersecurity strategic advisor this year as we look to expand our “Dave’s experience and network as a visionary executive,
cybersecurity offering, We researched a number of advisors to serve this CEO-driven initiative and the choice was hands-on board member, and investor is without peer in
clear given Momentum’s unrivalled industry knowledge and experience advising both emerging companies and large cybersecurity. Creating Momentum Cyber with Michael and
enterprises like ADT. We have developed a winning cyber strategy with Momentum and very quickly moved from Eric as the industry’s first purpose-built advisory firm will be a
drawing board to execution given their experience and access.” tremendous asset to our entire ecosystem.”
- ADT’s Chief Administrative Officer, Dan Bresingham - Bob Ackerman, Founder, AllegisCyber
Momentum Cyber is the completion of a vision that Tedesco and McAlpine Momentum Cyber will provide life-cycle services to cybersecurity firms ranging
conceived in 2015 when the duo formed Momentum Partners. In just two years, from incubation and helping companies get started to developing and executing
Momentum has emerged to become the ‘go to’ M&A advisor to companies large an exit strategy via a merger, initial public offering or potential liquidation.
and small in the dynamic cybersecurity sector. This includes recent transactions
such as ADT’s acquisition of DATASHIELD, Weblife’s sale to Proofpoint, and The company's most significant advantage over major investment banks such
Cyphort’s sale to Juniper Networks. Earlier this year, Momentum’s team was as Citi, Morgan Stanley and J.P. Morgan is its domain knowledge of the
selected by ADT, the leading physical security provider to businesses and security space. Momentum Cyber is involved with an average of eight to 10
residences, to help drive its inorganic cybersecurity strategy and execute through cyber deals annually, while the big banks typically work on two or fewer cyber
M&A, investments, and partnerships. deals each year, according to an overview put out by the company.
─ Eric McAlpine & Michael Tedesco ─ Michael Novinson
Source: BusinessWire: Momentum Cyber Launches As Industry’s Premier Cybersecurity Advisory Firm, Momentum CYBER Press Release and CRN: Momentum Cyber Lands Dave DeWalt As Chairman, Goes All In On Security M&A, Advisory Services
238
Balanced & Highly Experienced Advisors
A Bespoke High-Impact Advisory Boutique With Unique Senior-Level Access.
Advice. Access.
▪ Mergers & Acquisitions 41%
59% Executives
- Sellside
- Buyside
Board Members
- Divestitures
Buyside Sellside
- Joint Ventures
Investors
▪ Board & Special Situation Advisory 19%
47%
Entrepreneurs
▪ Corporate Strategy & Development 34%
Policy Influencers
▪ Corporate Finance
<$100M $100M - $400M >$400M
▪ Partnerships & Business Development Chief Security Officers

$433M Average $140M Median
239
Tremendous M&A Track Record In Cybersecurity
Significant Deal Experience And Comprehensive Coverage Across The Cybersecurity Landscape.
Network ● Vulnerability Mgmt. ● Web ● Email ● Cloud ● SIEM ● Analytics ● Threat Intel ● Mobile ● Endpoint ● MSSP ● IoT
acquired by acquired acquired by acquired by acquired by acquired acquired acquired by
Web Managed Security Cloud Secure Cloud Mobile Endpoint SIEM

Security Detection & Analytics Security Orchestration Security Security
Response
$60M $220M $65M $160M
acquired by acquired acquired acquired by acquired by acquired acquired acquired by
Network / Web Network Email Vulnerability Email Managed Security Intrusion Industrial IoT
Security Security Security Management Security Services Detection Security
$465M $295M $274M $86M $695M $145M $135M $403M
240
M&A In Cybersecurity | A CEO’s Unique Perspective
Tremendous M&A Track Record As CEO, Chairman, & Investor For Three Decades.
Executive Insights Into: (i) Strategic Thesis Development, (ii) Board Communication & Management, (iii) Investor Messaging, and (iv) Merger Integration
acquires acquires acquires acquires acquires acquired by acquires
IPO TRUST DIGITAL
Network Orchestration & Threat Network Incidence SIEM Diversified Mobile

Security Automation Intelligence Forensics Response Security Security
$116M $28M $269M $67M $1.0B $160M $7.7B $33M
acquires acquires acquires acquires acquires acquires acquired by acquires
ScanAlert
Email Application Network / Web Data Loss Web Endpoint Content Mgmt. Collaboration
Security Control Security Prevention Security Encryption Software Software
$169M $46M $465M $50M $81M $350M $2.1B $111M
Note: Deals with disclosed deal values greater than $25 Million.
241
Momentum’s Vast Cybersecurity Network & Reach
A Unrivaled Global Network of Buyers, Innovators, Investors, & Security Professionals.
Executives Investors
7,500+ 1,800+
Companies CISOs
2,500+ 750+
242
Thought Leadership In Cybersecurity
Momentum’s Team Is Dedicated To Providing Thought Leadership In Addition To Our Dealmaking & Advisory Services.
Industry Research Sector Research Landscape Reviews
[ ]
243
Advice. Access.
Momentum Cybersecurity Group, LLC
340 Brannan Street | Suite 501
San Francisco, California 94107
For inquiries or information on the Cybersecurity Almanac:

almanac@momentumcyber.com

2018 Cybersecurity Almanac-1 PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

2018 Cybersecurity Almanac-1 PDF

Uploaded by

Copyright:

Available Formats

Eric McAlpine

Key Trends | 2017 Key Predictions | 2018

Large Tech Vendors Will Look To Break Into Cybersecurity

in potential costs from WannaCry

Private Equity ‘s acquires

101% 83% 49%

Momentum Cyber About Us

ADVICE ACCESS EXECUTION

200+ Deals $200+ Billion MANAGING GROWTH

Dave Robert Yoav Ofer

IV. M&A Activity In Cybersecurity 57

V. Financing Activity In Cybersecurity 82

118% 86% 64% $150M $100M $125M

60% 55% 53% $100M $100M $89M

MSSP Financing Activity M&A Activity

Selected Acquisition Activity Selected Financing Activity Public Equity

4/17: IPO: $187M

NAC SDN DDoS Protection DNS Security

MSSP Data Security Mobile Security

Security Incident Response

Fraud & Transaction Security

i. Private Equity Continues To Cybersecurity 14

ii. Private Equity By The Numbers 15

iii. The State of Israel’s Cybersecurity Market 16

iv. CYBERscape | Israel 17

v. Data Breach Tracker: As of December 31, 2017 18

vi. A Tale of Two Breaches: Equifax & Uber 19

vii. The Cybersecurity Mega Cycle Aftermath 20

viii. Cybersecurity Automation Is Coming To The Rescue 21

ix. The Cybersecurity Skills Shortage 22

xi. Cloud Security 24

xviii. Major Industry Conferences | 2018 33

PE Firm Platform Add-Ons Exit Recent Cybersecurity PE Activity

($2.4B / NA) ($4.7B / 7.9x) Target

(NA / NA) ($710M / 6.0x)

Cyber Private Equity Universe Cyber Private Equity Universe

Yoav Leitersdorf Ofer Schreiber

Source: Tech Crunch: The State of Israel’s Cybersecurity Market..

NAC SDN DDoS Protection DNS Security

Network Analysis & Forensics Endpoint Detection & Response

MSSP Data Security Mobile Security

Security Incident Response

Fraud & Transaction Security

Median Time of Compromise to Discovery

CarPhone Premera TalkTalk

# of U.S. Breaches 780 1,093 ( 40%) 1,579 ( 44%)

▪ Security team observes suspicious network traffic

▪ Three senior executives dispose of $1.8 million in

▪ Announces an additional 2.5 million consumers had 600K ▪ Drivers Licenses

20 military agencies have attacked and

Robert Cybersecurity Automation Was Predictable

Threat Detection Must Be Rapid Cyber Automation

Nationwide Cybersecurity Job Postings National Level Cybersecurity Job Market

Total Cybersecurity Job Openings 285,681

Total Job Postings Total Employed Cybersecurity Workforce 746,858

Securely Provision 11% 26%

3,017-7,059 Protect & Defend

10,406-33,454 Oversee & Govern 25%

Top Cybersecurity Job Titles

What is GDPR? Companies Addressing GDPR

What Is Required Of Companies To Comply? Are Companies Prepared?

organizations that will fully comply by

of companies did not have a definitive