Lucy: Yesterday evening some big news happened in the local cybersecurity community: the publicly traded Rapid7 announced it has acquired Komand, a security orchestration and automation platform founded by Threat Stack co-founder Jen Andre.
Dylan: One of the most intriguing things about this acquisition is that the deal is worth up to $50M, a source told BBJ. Other sources told the publication Rapid7 paid about $15M in cash. Separately, the company said it’s giving 12 Komand employees 270K shares of common stock, which would be worth $4.59 million at the company’s current stock price of about $17 per share. BBJ said it wasn’t clear that earn-out packages for top executives at Komand would look like. Regardless, it’s still very impressive for a company that is less than two years old and had only raised a $1.25M seed round. (Update: This blurb was updated after the original newsletter was sent.)
So why did Rapid7 pay so much for Komand? Corey Thomas, Rapid7’s CEO, declined to discuss the acquisition price, but he did tell me why the company was so interested in buying Komand (Rapid7 was among several bidders, including Carbon Black and Cylance, a source told BBJ). The biggest reason for Thomas? In a word, automation.
Komand provides what is essentially a central command console that unites all of a company’s security tools, regardless of vendor, under one interface. That’s the “orchestration” part. On the automation side, Komand lets IT and security teams at companies build automated workflows without writing a single line of code, which has previously helped Komand’s customers cut the time to detect, investigate and respond to security incidents by up to 83%.
Thomas said automation is important because “there aren’t enough skilled workers” in the cybersecurity workforce, meaning it’s important to find ways to make existing IT and security teams more efficient.
“There has to be a way take the same population and make them more productive,” Thomas said.
Chris Lynch, who was a Komand investor with Cort Johnson through Hack Secure, told me Komand was seen as a valuable acquisition target because it was an early mover in the security automation space. That’s becoming top of mind for some companies, including Microsoft, which reportedly paid $100M to acquire Boston-based Hexadite, another player in security automation.