MSSP, Managed Security Services

Trustwave and Cybereason to Merge in Major MDR Play

Managed security services companies Trustwave and Cybereason are merging to create a larger player in a fast-growing managed detection and response (MDR) market fueled by the expansion of such technologies as AI, cloud computing, and the internet-of-things (IoT) and the ongoing shortage of cybersecurity talent.

Japanese multinational company SoftBank is the majority investor in the merger, which was announced on November 12 and is expected to close in early 2025. Softbank has been a major investor in 12-year-old Boston-based Cybereason, putting in $200 million in 2019 and another $100 million last year when SoftBank executive Eric Gan became Cybereason’s CEO. The company has about 1,000 employees.

Trustwave, founded in 1995 and headquartered in Chicago, is owned by the MC² Security Fund, an affiliate of The Chertoff Group that bought the company earlier this year. Trustwave is an MSSP Alert Top 250 MSSP and Top 40 MDR company that has about 1,600 employees.

The deal will fold Cybereason’s endpoint detection and response (EDR) platform into Trustwave’s expansive managed security services offerings that include not only MDR but also database and email security, digital forensics, and incident response (DFIR), penetration testing, and firewall and technology management.

Combining the Capabilities

The merger is about more than business, according to Trustwave CEO Eric Harmon.

“It is a confluence of expertise, innovation, and a shared commitment to protecting our clients against the ever-evolving threat landscape,” Harmon wrote in a blog post. “By combining our strengths, Trustwave and Cybereason are poised to deliver an unrivaled suite of complementary cybersecurity solutions that cater to the diverse needs of our global clients.”

It also enhances Trustwave’s MDR offering across all market segments and expands its capabilities in DFIR and offensive security, he wrote. Organizations will be better able to detect threats before they become an issue and address incidents when they occur, helped by merging both companies’ threat intelligence services.

“Our combined resources in threat intelligence from Trustwave SpiderLabs and Cybereason researchers will deliver cutting-edge research on global threat actors,” Harmon wrote. “This in-depth knowledge and situational awareness, embedded in our offerings, will empower us to better detect, isolate, and contain threats, providing unmatched protection for our clients.”

That said, being a security provider these days is as much about size as it is about capabilities, according to Jack Gold, analyst with J. Gold Associates.

“Most enterprises, and even SMBs, are consolidating away from the large number of discrete security components they have had in place,” Gold told MSSP Alert. “They are also going to the major players more, especially as they offer cloud-based managed services, like Microsoft, Cisco, and others. Indeed, as more of corporate compute moves to the cloud, so too does the use of cloud-based security services. That doesn’t mean you don’t need detection and response. It just means it’s much harder to do that on-premises these days, and so services are more effective for many.”

A Greater Reach

The deal will create a more end-to-end security offering that reaches from endpoints to the data center, according to Rob Enderle, principal analyst with The Enderle Group.

“With the level of threat continuing to increase across enterprises, the need to reduce complexity while increasing coverage is pronounced,” Enderle told MSSP Alert. “This merger should allow the tools from both companies to better integrate, reducing management and deployment complexity while allowing for solutions with greater coverage thus providing higher levels of protection.”

The two companies are looking for the combined entity to give them a larger presence in a crowded MDR space that includes such vendors as CrowdStrike, SentinelOne, Secureworks, Sophos, and Arctic Wolf Networks. Last year, IBM launched an AI-powered MDR service.

There is opportunity in a global market that analysts with Fortune Business Insights predicts will grow from $1.89 billion this year to $8.59 billion by 2032.

Enderle said that “hostile entities, particularly those funded by hostile governments, are becoming more pronounced, and damage levels are increasing. This is driving a far higher need for comprehensive solutions that can identify and mitigate these threats before they can do significant damage.”

The increasing number and sophistication of threats and the difficulty finding skilled security pros are hindering organizations’ attempts to run cybersecurity operations in-house and fueling the demand for third-party services, the analyst said.

The Need for Services

“Generally, unless a company is a security company, attracting and retaining the kind of talent you need is problematic because the career path is limited, and management doesn’t understand the problems or the remedies making the job unattractive to the very people you need to hold it,” he said. “Security companies who provide managed services can attract and retain this talent better, and this is a shared resource which also drops the cost and risk of this capability.”

Enterprises and SMBs can then get better cybersecurity coverage for a lower cost.

“Generally speaking, most companies can’t keep up with the emerging threat landscape, especially with the dawn of AI both for security enhancements, but also increasingly being used by bad actors,” Gold said. “In today’s world, it’s about scale and having the right security information at hand about threats and threat actors. That’s why scaling up is important.”

The merger will allow the combined company to better target specific markets through accelerated investments in its offerings and deliver more robust consulting services. It also will help organizations better maximize their Microsoft security investments, Harmon wrote.  

“We will continue to deliver rapid advancements in Microsoft services,” he wrote. “Our clients will benefit from an expanding suite of MXDR [managed extended detection and response] offerings, achieving exceptional outcomes through a cohesive Microsoft Security and MDR solution.”

You can skip this ad in 5 seconds