Dive Brief:
- Cybersecurity vendor Barracuda Networks acquired Evo Security, adding the privileged access management provider to its expanding cyber resiliency platform, the companies announced Tuesday.
- KKR-backed Barracuda plans to embed Evo’s products, which include PAM and identity access management, into its resiliency tech stack. The companies have run pilots with joint customers and partners. They did not disclose the financial terms of the transaction.
- Barracuda is buying Evo for its technology and talent while offering a large partner and customer base, CEO Rohit Ghai told Channel Dive. “The power of the acquisition is to really scale this technology, leveraging our global reach and our partner ecosystem, and offer industry-best support that our customers value very much, especially these small customers,” Ghai said.
Dive Insight:
Identity security was a gap for Barracuda and the SMBs its partners protect. The company over the last few years internally built capabilities such as identity security posture management but didn't yet have an answer for PAM.
“Before Evo, we would have offered best practices in terms of manual steps to configure,” Ghai said.
Customers and partners could buy enterprise-focused platforms from vendors like Palo Alto Networks, which acquired CyberArk in February, but Ghai said those platforms are complex to configure and cost too much, Ghai said.
Evo, founded in 2018, built a platform for managed service providers to take to market for SMBs. Evo CEO and Founder Michael Roth said the company built the platform from the ground up trying to take on the persona of an MSP technician.
“That was how we woke up every day, saying, ‘Okay, if I'm a technician, what would I want to do next? How would I want to engage with this platform?’” said Roth, who will work as VP of identity product management at Barracuda.
It was also trying to address the problem of what Roth calls aggregate identity sprawl: MSPs using too many disparate identity tools that don’t talk to each other and cause confusion.
That’s the case for cybersecurity in general, as MSPs and managed security services providers seek to reduce tool sprawl. The largest security vendors have cited tool sprawl as a catalyst for buying niche providers. Barracuda is among the vendors positioning its platform as a one-stop shop. But the reality, Ghai said, is that most platforms are not truly integrated. The acquired software products can all be purchased in the same place, but they remain fragmented.
“You haven't addressed the complexity issue in terms of operationalizing the technology,” Ghai said. “You consolidated from a vendor perspective, so I can buy my solution from one vendor, but really you haven't helped the cause of cybersecurity and the complexity to operationalize multiple fragmented tools.”
Partners are taking notice, Devan Adams, principal analyst at Channel Dive sister company Omdia, told Channel Dive in a message.
“MSPs are starting to complain more about the 'platform movement' and the lock-in they experience, especially when they notice disjointed platforms that seem more like a hodgepodge that lack real seamless integration, forcing them to then augment certain tools with third-party offerings,” Adams said.
An integrated platform collects information at the data layer, Ghai said. In practice, that means Evo’s authentication logs plug directly into Barracuda’s threat-detection engine, not just its dashboard.
“Not just superficial user interface-based integration. Not, ‘Hey, buy all these solutions from one place,’” Ghai said.
Evo received an investment from Sorenson Capital in 2022.