Security Experts:

Connect with us

Hi, what are you looking for?


Management & Strategy

Damballa Vanishes in Fire Sale to Core Security

Atlanta-based Damballa has been bought for what amounts to a pittance by neighboring Roswell-based Core Security.

Atlanta-based Damballa has been bought for what amounts to a pittance by neighboring Roswell-based Core Security. Early reports from the Atlanta Business Chronicle suggested that “Damballa failed to meet revenue expectations and investors refused to continue to fund the business.” It is said that following investments totaling roughly $60 million, Damballa was acquired by K1 Capital for less than $10 million. 

By mid-day on Friday, Core Security (a K1 portfolio company) announced that it had acquired Damballa. It did not say for how much.

In its current form, Core Security is a result of Courion acquiring Boston-based Core Security Technologies, a provider of vulnerability assessment and penetration testing tools, back in December 2015. Also in late 2015, Courion acquired SecureReset, a maker of enterprise password reset tools. K1 orginally acquired Courion back February 2015, and later rebranded the combined company to Core Security in May 2016.

Since Damballa was, and Core Security is, a private company, it may be some time before we learn the details. However, Damballa is not unknown to Core. Announcing the acquisition, Core’s CEO David Earhart commented, “I have firsthand experience with this company and I am extremely excited about the technology and intellectual property that this adds to our Actionable Insight platform.” In fact, Earhart had been a senior VP at Damballa until one year ago when he joined Core.

So where did it all go wrong for Damballa? SecurityWeek talked to previous Damballa executives to get an insight.

One common view is that the company suffered from being a pioneer. “The company’s technology was too early to the market and required too much customer education to understand the value,” we were told. Damballa was one of the first companies to use serious machine learning technology to aid in threat detection. But, “it’s only been the last 3 years that the industry and tech buyers have begun to understand the advantages and scale.”

This technical complexity meant the firm suffered particularly in comparison with FireEye. Until 2013 it was basically FireEye vs. Damballa in the field of ‘next-gen breach detection’. FireEye’s technology — using virtual dynamic analysis — was an easier technology to understand than Damballa’s DNS machine learning approach. “FireEye was able to push boxes to prospects faster and was simpler to deploy, and was able to bring on customers faster. That faster adoption enabled follow on rounds of investment to be more heavily weighted to their sales machine, while Damballa fell behind on sales closure speed and had to allocate higher percentage of funds to market and customer education.”

That’s where things started to go wrong. Instead of broadening the technology base of the company to make things easier for customers to understand and use, it sought partnerships with other technologies — simply making successful deployments even more complex for the user.

At the same time, business and technology leadership began to diverge. The technology itself was and is good — but some parts of management failed to see what was necessary.

“Poor executive leadership,” SecurityWeek was told, “allowed an inexperienced and dysfunctional product management team take ever-greater control of research and engineering – driving the core technical talent away, dissolving important and founding relationships with GA Tech, and failing to adopt technology innovation they could not understand.”

Perhaps the most damning comment was this. While the market was still primarily FireEye Vs. Damballa, “Damballa attracted several acquisition offers (in the hundreds of millions of dollars range) but the board investors were greedy — demanding much higher multipliers on the then current revenues.”

Instead of making a reasonable profit, such investors have now taken a serious loss. Damballa’s technology, however, may well have found a good new home with Core Security.

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

CISO Conversations

SecurityWeek speaks with two leading CISOs in the aviation industry – Mitch Cyrus of Honda Aircraft, and Mark Ferguson of Bombardier.