Proofpoint Enters into Definitive Agreement to Acquire ObserveIT for $225 Million in Cash; Extending Leadership in People-Centric Security and Compliance to Deliver Post-Perimeter Data Loss Prevention
November 03, 2019 By BlueAlly
Proofpoint’s market-leading information protection capabilities extended to prevent data risks and insider threats across email, cloud, and the endpoint
Sunnyvale, Calif.—November 3, 2019 – Proofpoint, Inc., (NASDAQ: PFPT), the leader in people-centric cybersecurity, has entered into a definitive agreement to acquire ObserveIT, the leading insider threat management platform. Closing of the transaction is expected to occur late in the fourth quarter of 2019, and is subject to customary closing conditions, including Hart-Scott-Rodino merger review, and any other required regulatory approvals.
With this acquisition, Proofpoint will extend its data loss prevention (DLP) capabilities with endpoint joining email, CASB, and data-at-rest to form an enhanced enterprise DLP offering. The combination of ObserveIT’s leading lightweight endpoint agent technology and data risk analytics with Proofpoint’s industry leading information classification, threat detection, and intelligence, will give enterprises unprecedented insights into user activity with their sensitive data, wherever it resides. In tandem, Proofpoint will invest in ObserveIT’s leading insider threat management solution, which empowers security teams to detect, investigate, and prevent potential insider threat incidents by delivering real-time alerts, and actionable insights into user activity in one easy-to-use solution.
“Today’s ObserveIT acquisition underscores Proofpoint’s commitment to providing organizations with people-centric cybersecurity and compliance solutions that protect what matters: their people and the data they have access to, in a post-perimeter, cloud-first world,” said Gary Steele, chairman of the board and chief executive officer of Proofpoint. “Defending data requires the ability to detect risky insider threat behavior and risky user activity, and swiftly mitigate risk across cloud apps, email, and endpoints. We are the only security company that provides organizations with deep visibility into their most attacked people—and with ObserveIT, we will bring to market the first truly innovative enterprise DLP offering in years. We are thrilled to welcome ObserveIT’s employees and customers to Proofpoint.”
More than 99% of today’s cyberattacks require human interaction to work, making individual users the last line of defense as cyber criminals increasingly targeting companies through their employees. With more and more users accessing data from endpoints off the corporate network in both sanctioned and unsanctioned cloud apps, organizations need to ensure they have the most effective people-centric security controls in place to understand how, when, and where users interact with critical data and intellectual property. As highlighted in the 2019 Verizon Data Breach Investigation report, this is particularly critical to avoid data breaches that leverage compromised credentials (29% of total breaches), compromised endpoints (32%), or are perpetrated by malicious insiders (34%).
Further, as more companies are encouraging their employees to work from anywhere, on any device, enterprise data loss prevention (DLP) must evolve from a legacy, perimeter-based control and compliance checkbox to an intelligent, activity-based solution to detect and respond to risks to data across cloud apps, email, and lightweight endpoint agents.
The integrated DLP platform will deliver real-time detection of the anomalous interactions across people, data, devices, and applications allowing security teams to understand and respond to data being mishandled, whether on a corporate device, in a cloud app like Office 365, or via email.
“Proofpoint’s leadership in people-centric cybersecurity security, broader intelligence, and R&D resources are significant market differentiators and directly complement our ability to quickly detect insider threats and prevent critical information loss,” said Mike McKee, ObserveIT CEO. “We are very excited to join the Proofpoint team and provide customers with even more powerful solutions to mitigate insider threats, decrease incident investigation time, and make sure users don’t intentionally or accidentally send valuable, confidential information externally.”
The integrated solution will become part of the Proofpoint information protection suite and is expected to be available some time in 2020.
ObserveIT’s revenue model has historically operated under a perpetual licensing paradigm which Proofpoint intends to transition to subscription promptly after the transaction closes. ObserveIT’s annualized expense run rate was just over $40 million as of the third quarter of 2019.
Should the transaction close in December of 2019, Proofpoint expects that ObserveIT’s financial results would be nominally accretive for the company’s revenue and billings guidance for Q4 2019, last provided on October 24, 2019, and nominally dilutive to its guidance for non-gaap net income and free cash flow for the same period. For fiscal year 2020, the inorganic revenue and billings contribution from ObserveIT’s historical business model is expected to be quite limited due to this planned shift to a subscription-based model.
Proofpoint intends to provide additional commentary on the acquisition of ObserveIT during the company’s fourth quarter and year-ended 2019 earnings call to be held in early 2020.