The Accenture / Dragos / runZero / NetRise deal may be the most significant single event in the OT Security Community & Market since Colonial Pipeline. I tackle this in 3 parts over the next 3 days.
- Part 1 – Accenture & Dragos
- Part 2 – The Dragos Product
- Part 3 – The Impact On The OT Security Product & Services Market
- NEW – Part 4 From Feedback On Series
In Part 1 I wrote how Accenture’s acquiring a majority stake in Dragos was a win for Dragos. Rob and Dragos maintain control even with a minority stake, swap out VC’s for Accenture, and have incentivized access to the largest projects in OT. Part 2 is not as positive.
TL;DR: Successfully integrating one acquired product into your platform is challenging. Dragos is trying to integrate four (Network Perception, Phosphorus, runZero, NetRise).
The right thing to do would be to analyze each of the four product integrations based on the fit and market demand. I can’t get over the audacity (mistake?) of trying to do four at once. If they are successful, measured by the resulting platform and marginal sales, with two of the four it would be a huge accomplishment.
Rob has proven my analysis hugely wrong before, most notably my writing that Dragos should and will hire a CEO and move Rob to Chairman and CTO in ~2019, he may do it again.
Were customers saying I would buy the Dragos product if it did xyz? Not a sizable number. This appears to be a play to offer a greater part of the OT security solution, to expand the product line, or as Dragos calls it the platform.
If a company decides to expand their product line they have a build or buy decision. The IT security market has a number of examples of companies (Network Associates, McAfee, Cisco) with failed examples of trying to buy and integrate. Failures even when all they were trying to do was have a common management application.
OPSWAT has tried the one-stop OT security shop approach by buying products in most OT security categories. This is not a fair comparison to Dragos. None of the OPSWAT products were product segment leaders, and the OPSWAT products were less closely related. Fortinet is a full product line offering, and yet the large majority of their revenue comes from the firewalls and switches.
When Dragos acquired Phosphorus I wrote that the best path might be to keep the products separate and share data between them with agentic AI until Dragos developed the xOT capabilities in their platform. This same approach could be done with runZero. I’m hearing this is not the plan. There will be one Dragos Platform with modules.
The Network Perception and Phosphorus acquisitions were done deals. I’ll limit my brief analysis to runZero and NetRise.
The NetRise / Dragos combination makes the most sense, particularly if Dragos and Accenture wanted to have a supply chain offering. The integration is simple data sharing / querying of NetRise results by the Dragos platform and perhaps a bit of work on the NetRise GUI. It really is a case of whether the near term market is worth the investment (Accenture) and distraction (Dragos).
runZero with Dragos is more difficult because there is overlap. They both are visibility and vulnerability / exposure management solutions, albeit with minimal market overlap. It wasn’t common for runZero and Dragos to compete head to head.
Is the runZero active querying and vulnerability management so much better than Dragos that it warrants integration?
If I had to make a case for runZero & Dragos, it would be runZero is the bridge between IT and OT. The runZero module is an all of company view and the gateway to OT cyber risk management. It could be an effective sales and marketing story with large asset owners. Although this hasn’t been successful, most notably with the Tenable / Indegy offering.
I’m looking forward to seeing the runZero module demo in the Dragos Platform and how this differs from the existing Dragos Platform capabilities. Again, a case could be made to keep the products separate and prioritize work on the data exchange and querying.
Accenture had the option of acquiring runZero and NetRise and letting them continue to run as independent companies, not putting them under the Dragos umbrella. Not moving towards one product to rule them all. Three bets instead of one. (More on Accenture in Part 4. I’ve receive a lot of feedback on their part in this.)
The best part of bringing runZero and NetRise into Dragos may be bringing HD Moore, Thomas Pace, and their uber-talented teams into Dragos … if they can do this. Integrating people and cultures can be more difficult than integrating technology.