The CEO of Cybereason has said an IPO is “the next step” for the US cybersecurity company but is unlikely to happen within the next six months.

Lior Div says the company he founded alongside CTO Yonatan Striem-Amit and Yossi Naar is “ready” to go to market now and is challenging “old guard” companies such as McAfee, Palo Alto and Microsoft.

However, Cybereason is waiting for the right time in the market to pull the trigger on its IPO.

Founded in 2012, Cybereason currently has 850 employees globally, with 350 of them based at Cybereason’s Israeli R&D centre. It provides an enterprise software platform for endpoint and extended detection and response (XDR) services.

“The next step for Cybereason is to become a public company,” Div tells Verdict. “We’re not talking about six months, we’re talking about a little bit more. But this is the sort of timeline that we’re talking about.”

Div’s comments confirm a report by GlobalData thematic analysts that identified Cybereason as a unicorn – a privately held company valued at $1bn or more – likely to go public in the next two years.

Following a $275m Series F funding round in July, the company was estimated to be valued at between $3.1bn and $3.3bn. Two years ago it declined an acquisition offer that valued Cybereason at $1.5bn.

Div declined to share a specific valuation figure but added that the numbers being reported are “not so wrong”. He confirmed that Cybereason would be pursuing the IPO route and not a merger with a special purpose acquisition company.

According to Div, the market has lagged behind and still views cybersecurity companies as specialising in one area, such as firewalls, endpoint or network. In his view, this is the incorrect way to view the market.

“Because when hackers look at the problem, they don’t think like this,” he explains. “They look at the attack surface, they’re thinking about what they need to achieve, and then they do it.”

Cybereason, a “self-driving car for security”

Cybereason uses machine learning and behavioural analysis technology to detect and prevent suspicious activity before it compromises a company’s network.

At the heart of its Cybereason Defense Platform is “MalOp”, an AI “brain” that replaces the decision making of a human being to respond in real-time and at scale.

Cybereason spent five years developing the technology, initially focusing on endpoint protection – “because that’s where the battlefield is” – before expanding to include extended protection, security services and security operations on the same platform.

It recently partnered with Google – “they approached us” – to create a joint solution that pulls Google’s “planetary-scale” data into Cybereason’s MalOp engine.

“Think of what we’re building as a self-driving car for security,” explains Div. “Is it really 100% self-driving yet? No. But if you look at the future and the kind of company that I want to IPO, this is the vision. It’s not an endpoint company. It’s not just a big data analytics company. It’s to exploit the AI capability, machine learning, behavioural analytics to the edge, in order to solve this massive problem that we see in front of us.”

A swathe of high-profile cyberattacks in 2021 has underscored the scale of the cybersecurity challenge keeping CEOs up at night.

Ransomware attacks against meat processor JBS, oil pipeline Colonial Pipeline and IT vendor Kaseya have cost tens of millions of dollars in cumulative damage.

At the start of the year, companies were still dealing with the fallout from a Russian supply chain attack that weaponised an update from IT vendor SolarWinds. Then in March, a zero-day attack by Chinese state hackers against on-premises Microsoft Exchange Servers affected 250,000 servers globally.

And with working from home the cybersecurity perimeter that traditionally comes with office-based IT setups “disappeared” overnight.

Div believes this means the attack surface has “changed forever” and will increase demand for companies like Cybereason and that it’s “inevitable” that a company will at some point be attacked.

“The question is what you’re going to do,” he says. “Can you protect yourself, can you be very strong against those attacks and push them before they create any damage?”

Out with the “old guard”

The cybersecurity industry is a crowded place, bursting with startups and companies with decades of experience.

Div sees an opportunity in a market that is “morphing in a very aggressive way” and says Cybereason is pursuing a slice of a total addressable market of “more than $100bn”.

He describes established cybersecurity vendors such as Symantec, McAfee, Kaspersky, Microsoft and Palo Alto as the “old guard and “not relevant”.

But he is particularly scathing about Microsoft.

“What you saw from the beginning of the year is every month there is a new zero-day that Microsoft is introducing that’s risking their customer,” Div told Verdict. “And then Microsoft goes to its customer base and says ‘hey, by the way, we’re going to protect you and buy security from us’.

“And I’m saying stop, Microsoft. Just stop. Do your best to protect yourself and prevent those zero-days from occurring.”

Div acknowledges that Microsoft’s sheer size makes it an attractive target for cybercriminals and that zero-days are inevitable. But he says Microsoft could still do better in areas such as informing customers of a vulnerability.

“If you’re a Microsoft customer, and you’re relying on Microsoft to protect yourself, you’re going to be in the news… Let the experts deal with security. And [Microsoft] is not an expert.”

A Microsoft spokesperson said: “We don’t agree with recent claims from a competitor in the cybersecurity space.”

According to Div, the upside of what he calls the “fall of Microsoft” is more business for Cybereason. He claims his company provided protection from the SolarWinds attack and there has been more demand for Cybereason’s “operation-centric approach”.

Market movements a boost for Cybereason IPO

There has been plenty of movement among major cybersecurity players that have spun off parts of their business and in some cases merging them with others.

Security software provider McAfee announced in March that it is selling its enterprise arm for $4bn to focus on the consumer market.

In 2019, US cybersecurity firm Symantec sold its enterprise security assets to Broadcom for $10.7bn to focus on consumer protection, creating NortonLifeLock.

That business then merged with British rival Avast to form a global consumer security powerhouse in August this year.

In June, FireEye sold its network, email, endpoint and cloud security products to a private equity group leaving Mandiant to focus on incident response and threat intelligence. And as reported by Verdict in September, F-Secure is considering a consumer security spin-off and listing it on the Nasdaq Helsinki Stock Exchange.

According to GlobalData’s deals database, there were 366 cybersecurity acquisitions globally in 2020, with a total deal value of $55.7bn.

“You see companies with the will to survive basically trying to separate the things that they know will drag them down from the thing they know will take them up,” says Div.

Div expects there to be more of this market consolidation. But where rivals are dividing to sell separate products, Div sees an opportunity for Cybereason.

“You don’t want to buy five different things to protect your cloud environment,” he says. “You want to buy one.”

He adds: “We’re not a single product company anymore – we have a platform.”

Visit our ‘Technology Deals Dashboard’ for the latest trends in M&A, PE, and VC activity, top deals and advisory league tables in the technology industry.