Damballa Vanishes in Fire Sale to Core Security

Atlanta-based Damballa has been bought for what amounts to a pittance by neighboring Roswell-based Core Security. Early reports from the Atlanta Business Chronicle suggested that “Damballa failed to meet revenue expectations and investors refused to continue to fund the business.” It is said that following investments totaling roughly $60 million, Damballa was acquired by K1 Capital for less than $10 million. 

By mid-day on Friday, Core Security (a K1 portfolio company) announced that it had acquired Damballa. It did not say for how much.

In its current form, Core Security is a result of Courion acquiring Boston-based Core Security Technologies, a provider of vulnerability assessment and penetration testing tools, back in December 2015. Also in late 2015, Courion acquired SecureReset, a maker of enterprise password reset tools. K1 orginally acquired Courion back February 2015, and later rebranded the combined company to Core Security in May 2016.

Since Damballa was, and Core Security is, a private company, it may be some time before we learn the details. However, Damballa is not unknown to Core. Announcing the acquisition, Core’s CEO David Earhart commented, “I have firsthand experience with this company and I am extremely excited about the technology and intellectual property that this adds to our Actionable Insight platform.” In fact, Earhart had been a senior VP at Damballa until one year ago when he joined Core.

So where did it all go wrong for Damballa? SecurityWeek talked to previous Damballa executives to get an insight.

One common view is that the company suffered from being a pioneer. “The company’s technology was too early to the market and required too much customer education to understand the value,” we were told. Damballa was one of the first companies to use serious machine learning technology to aid in threat detection. But, “it’s only been the last 3 years that the industry and tech buyers have begun to understand the advantages and scale.”

This technical complexity meant the firm suffered particularly in comparison with FireEye. Until 2013 it was basically FireEye vs. Damballa in the field of ‘next-gen breach detection’. FireEye’s technology — using virtual dynamic analysis — was an easier technology to understand than Damballa’s DNS machine learning approach. “FireEye was able to push boxes to prospects faster and was simpler to deploy, and was able to bring on customers faster. That faster adoption enabled follow on rounds of investment to be more heavily weighted to their sales machine, while Damballa fell behind on sales closure speed and had to allocate higher percentage of funds to market and customer education.”

That’s where things started to go wrong. Instead of broadening the technology base of the company to make things easier for customers to understand and use, it sought partnerships with other technologies — simply making successful deployments even more complex for the user.

At the same time, business and technology leadership began to diverge. The technology itself was and is good — but some parts of management failed to see what was necessary.

“Poor executive leadership,” SecurityWeek was told, “allowed an inexperienced and dysfunctional product management team take ever-greater control of research and engineering – driving the core technical talent away, dissolving important and founding relationships with GA Tech, and failing to adopt technology innovation they could not understand.”

Perhaps the most damning comment was this. While the market was still primarily FireEye Vs. Damballa, “Damballa attracted several acquisition offers (in the hundreds of millions of dollars range) but the board investors were greedy — demanding much higher multipliers on the then current revenues.”

Instead of making a reasonable profit, such investors have now taken a serious loss. Damballa’s technology, however, may well have found a good new home with Core Security.