- +1. What is the significance of today’s announcement?
- On December 20, 2016, Rohde & Schwarz Cybersecurity purchased all outstanding shares of DenyAll from its owners, including private equity firms Truffle Capital and Omnes Capital.
This is an important milestone in the execution of Rohde & Schwarz Cybersecurity‘s strategy, aiming at becoming a global leader in cybersecurity with ‘made in Europe’ solutions.
The acquisition gives Rohde & Schwarz Cybersecurity access to a bigger market opportunity, with a broader portfolio now composed of:
- Network security
- Endpoint security,
- Application security, and more specifically:
- Web Application Firewall,
- SOA Gateway & Web Services Firewall,
- Web Access Management (Web Single Sign On),
- Dynamic Application Security Testing).
- Vulnerability Assessment,
- Network analytics including Deep Packet Inspection.
This deal is good news for customers and partners: a stronger vendor will guarantee the long-term viability of the investments organizations have made in the technologies of both companies. DenyAll will continue to develop and support all existing products, bringing additional innovation and value through cross-pollination of features and integration of complementary technologies.
- +2. Who is Rohde & Schwarz Cybersecurity?
- Rohde & Schwarz Cybersecurity is a division of Rohde & Schwarz, a German technology company worth 2B€ in revenue, which delivers advanced solutions in test and measurement, broadcasting, secure communications, radio-monitoring, radiolocation and cybersecurity. Rohde & Schwarz is a private, family-owned business, founded in Munich in 1933, with more than 10,000 employees worldwide.
Rohde & Schwarz has been active for over 20 years in the field of IT security. All cybersecurity activities have recently been grouped into a new division, Rohde & Schwarz Cybersecurity. 400 people strong, it is composed of various businesses acquired by Rohde & Schwarz in recent years. DenyAll is now a part of Rohde & Schwarz Cybersecurity.
- +3. What products does Rohde & Schwarz Cybersecurity currently offer?
- Rohde & Schwarz Cybersecurity develops and produces high-end encryption products (hi-speed LAN/WAN encryption), next-generation firewalls and unified threat management (UTM) appliances, network traffic analytics (DPI) and endpoint security software (browser sandboxing, mobile device security).
- +4. Why is Rohde & Schwarz acquiring DenyAll? What is the vision of the merged company?
- Rohde & Schwarz Cybersecurity’s long term goal is to become Europe’s leading player in IT security solutions, by providing a comprehensive set of cybersecurity technologies, all made in Europe. To complete their portfolio with complementary technologies, Rohde & Schwarz Cybersecurity has been acquiring several companies in recent years, all based in Germany until now. DenyAll is the first acquisition outside of Germany, adding a complete set of application security and vulnerability management products, which complement Rohde & Schwarz Cybersecurity’s existing products.
- +5. Why do this now?
This is an ideal time for Rohde & Schwarz Cybersecurity and DenyAll to come together and create a stronger, European leader. For the following reasons:
First, the market is maturing quickly: with mobility and cloud computing, customers are realizing that their applications are both vital to their business operations and seriously at risk. At the same time, cloud computing combined with the maturing of technologies aiming at securing APIs, machine-to-machine communications and Web applications and services, makes it much easier than ever before, to deploy security controls that effectively stop attacks, without disrupting the business.
Second, recent revelations and scandals have acted like a wake-up call for many customers worldwide: preventing corporate and state-sponsored espionage using the technologies and services of companies subject to the US Patriot Act is perceived by many as a serious challenge, a paradox of sorts. European vendors like Rohde & Schwarz Cybersecurity and DenyAll have a positive reputation worldwide and are seen as valid alternatives to US vendors in many countries.
Third, the market needs a whole new level of innovation and integration to be delivered, in order to meet the challenge of securing a cloud-enabled and mobile digital world. Only vendors mastering key technologies in network security, endpoint security, encryption and application security, can meet that challenge.
Finally, the political and legal environments are moving towards greater coordination at the European level on matters of cybersecurity. The General Data Protection Regulation recently passed into European law intends to strengthen and unify data protection for individuals within the European Union. The secure cloud initiative launched by the German BSI and French ANSSI reinforce cooperation between the German and French governments to create a common environment for cybersecurity in Europe.
- +6. What does this mean for customers and partners?
This is excellent news for customers and partners.
All products will be maintained and supported as initially planned by both vendors before the acquisition, with a larger team behind them.
Incremental value will be delivered to customers and partners by the cross-pollination of product features and by virtue of the companies’ development, security research, QA and support teams cooperating to share best practices and deliver integrated solutions over time.
The acquisition is a good sign of the financial health and long term viability of the company. Partners betting on DenyAll will enjoy a higher return on their investment as a result. For all, the merger means that new, innovative security solutions will be brought to market by an even stronger player.
- +7. What does this mean for employees?
- The acquisition creates great opportunities for employees of both companies.
The stronger portfolio of Rohde & Schwarz Cybersecurity ensures its increased relevance in the global security market, where size and having a comprehensive offering are key success factors. It guarantees both the longer term success of DenyAll’s offerings and the emergence, over time, of integrated solutions, spanning network security, endpoint security and application security.
Furthermore, employees in R&D, QA, Support, Sales, Marketing, Finance & Administration will have many opportunities to cooperate with a broader team, to expand their contributions to other technologies, territories and fields of excellence.
- +8. Will any products be discontinued?
- No. All available products from both companies will be maintained and supported as they would have been according to each company’s support policies. Existing DenyAll products will be maintained and supported for a minimum of 3 years, per the company’s support policy. New features will be added to the DenyAll products. New solutions will be created as a result of the integrations within the Rodhe & Schwarz Cybersecurity portfolio.
- +9. How do the companies’ revenue and profitability compare?
- The Rohde and Schwarz group doesn’t disclose any revenue or profitability numbers at the division level. DenyAll has been a profitable business for years. The team is composed of 60 people. As a point of comparison, the Rodhe & Schwarz Cybersecurity division is currently 400 people strong. Combining the businesses creates a stronger team and a business with higher profitability. The backing of the Rohde & Schwarz parent company provides the ability to invest more in innovation and international expansion.
- +10. What was the amount of the transaction?
- The Rohde and Schwarz group doesn’t disclose any such information when operating mergers & acquisitions.
- +11. Who will lead the combined company?
- DenyAll will continue to operate as a whole unit and legal entity, under the leadership of its CEO, Jacques Sebag. Mr Reik Hesselbarth, CFO of Rohde & Schwarz Cybersecurity is the new president of the DenyAll board. Other members of the board include Ammar Alkassar, CEO of Rohde & Schwarz Cybersecurity, Patrick Poetschke, Rohde & Schwarz Corporate Finance and Jean-Christophe Prunet, managing director of Rohde & Schwarz France.
The DenyAll management team is fully committed to ensuring the future development and success of DenyAll as a Rohde & Schwarz Cybersecurity subsidiary. The 2 entities are very complementary in terms of product portfolio and geographical presence. We have great perspectives and an ambitious goal to become Europe’s cybersecurity leader.
- +12. What is the headcount plan/objective? Will there be any reduction in force?
- DenyAll has been profitable for years. There is no overlap in products, hence no need to reduce headcount. As part of the integration plan, the teams will work together to identify which synergies make most sense and require additional investments, especially to integrate the products into solutions.
- +13. Will DenyAll sell Rohde & Schwarz Cybersecurity products? Will Rohde & Schwarz Cybersecurity sell DenyAll products?
- The plan is for both teams to sell all products in the geographies they currently address. This will happen as early as possible in 2017. The two organizations have minimal geographic overlap today, Rohde & Schwarz being strong in the DACH region as well as in Eastern Europe and the Nordics, while DenyAll has a strong foothold in France but also in Luxembourg, French-speaking Switzerland and North Africa. In emerging territories such as the Middle East, South East Asia or the Americas, the two teams will figure out the best way to leverage their existing channel relationships and the local operations of the parent company, to expand and grow their business. A meaningful entry into North America will be planned in the course of 2017 for execution in 2018.
- +14. Will the DenyAll brand disappear?
- The DenyAll brand is a key asset and will continue to be used in the near future. 2017 will see the development of the Rodhe & Schwarz Cybersecurity brand. The two brands will be associated with the addition of the signature “A Rohde & Schwarz Cybersecurity company” to the DenyAll logo. The longer term branding strategy will be defined over the course of 2017.
- +15. Will there be changes to the roadmap?
- There is no impact on current priorities, we will deliver the planned versions of DenyAll WAF, WSF and WAM, add the features we’ve identified to Vulnerability Manager and Cloud Protector. Longer term, new features will be added to the roadmap as we identify synergies and opportunities to integrate products to create more value and competitive differentiation. We will leverage the skills and experience of the Rohde & Schwarz Cybersecurity teams to complete our vision. It will give us new ideas for innovative and differentiating features.
- +16. What is the roadmap for integrating the products?
- The roadmap will be defined jointly over the coming weeks. The intent is to leverage the strength of each technology to deliver stronger, more comprehensive and manageable cybersecurity solutions that span the entire IT infrastructure, from networks to applications and devices.
Although no decision is finalized and we therefore don’t have a timetable yet, possible near term integrations that will be explored include:
- Bundling the Next Generation Firewall and Next Generation WAF,
- Integrating server-side WAF and client-side security for end-to-end application security,
- Delivering a single management console for deployment and reporting across the entire portfolio,
- Integrating the Next Generation Firewall and Vulnerability Manager to deliver network-level virtual patching,
- Integrating basic WAF capabilities into the UTM,
- Adding network security features to Cloud Protector, DenyAll’s cloud-based Software-as-a-Service Offering.
Details about the timing and nature of the integrations will be communicated to customers and partners as the teams come together and define the next phases of the company’ roadmap.
- +17. Will some DenyAll products be stopped, such as Cloud Protector, Vulnerability Manager or Web Access Manager?
- DenyAll offers a large portfolio of application security products, which add a lot of value to Rhode & Schwarz’s current portfolio by completing it. No decision to stop any products has been made to date. Any such decision will be considered as part of the integration process. In the near term, the priorities are unchanged and DenyAll will continue to develop and sell its entire product line.
- +18. Will a global team provide support for all Rodhe & Schwarz Cybersecurity products?
- The two organizations will look into every opportunity to leverage their technical support teams’ respective strengths, processes, technical skills and language proficiencies. A positive environment of best practices sharing will be fostered. No organizational changes will be made in the near term.
- +19. Will the DenyAll Technical Support team provide support on Rohde & Schwarz Cybersecurity products?
- No, the DenyAll Tech Support team will continue to focus on providing support services on the DenyAll products only.
- +20. Will we provide support for DenyAll products in German?
- Definitely, eventually. We will look into ways to leverage the resources of Rohde & Schwarz Cybersecurity in Germany to provide support in German.
- +21. Will there be any changes to 24/7 support?
- DenyAll will continue to deliver 24/7 support to its clients & partners. In the longer run, DenyAll customers will take advantage of Rohde & Schwarz’s 24/7 support capabilities.
- +22. What are the expected synergies?
- The synergies that will be leveraged are based on the observation that Rohde & Schwarz Cybersecurity and DenyAll have a lot in common:
- A strong European identity,
- A culture and focus on innovation, quality and customer proximity,
- Complementary geographic market coverage,
- Complementary IT security products.
As the DenyAll and Rohde & Schwarz Cybersecurity teams work on the integration plan, they will make sure to leverage these common traits, with a view to providing a consistent and augmented value proposition to customers and partners.
In the short term, we will leverage the complementary geographical implantations to cross sell our solutions. In the longer run, we will develop a comprehensive security solution that will be a genuine European alternative to US solutions.
- +23. How is the combined company positioned in the market?
- DenyAll has been recognized as security experts and innovators by customers, partners and industry analysts. Innovation is also in the Rohde & Schwarz Cybersecurity DNA. Thanks to its global deployment, Rohde & Schwarz provides a strong capacity to execute more effectively and in more markets internationally. The combination will result in the creation of a European leader in security, a viable alternative to US vendors with global customer reach (Europe, Asia, Americas).
- +24. What is the company’s cloud strategy?
- All DenyAll products are available on main cloud infrastructure (Amazon, Azure). Customers want to optimize their resource consumption internally (Private Cloud) and externally (Public Cloud, SaaS Solution). An objective of future development and future architecture is to be more flexible and more scalable: micro service or service oriented architecture. These architectures are designed for the Cloud, they can be deployed on premise (physical or virtual appliances), on Cloud infrastructure or on hybrid solutions.