Cyber Security Firm LogRhythm Setting Tempo for March to an IPO

Logging in to a network, whether for work, to check your bank balance, or to play video games, has become one of life’s routine hassles. But if you think logging in is a hassle, try running a network that must track thousands or millions of people trying to get access—and instantly predicting who has bad intentions.

Managing those logs, identifying threats, and making sure the network meets compliance standards is a pretty big pain point in the cyber security world. It’s also where LogRhythm hopes to make its name and fortune.

LogRhythm quietly has become one of Colorado’s most promising startups, although the Boulder-based company has outgrown the label over the past year or two. The company won’t disclose its revenue, but co-founder and CTO Chris Petersen says revenue is growing 40 to 50 percent year-to-year. It now employs about 250 people and sells worldwide.

LogRhythm’s growth trajectory has reached the point where an IPO looks like the next big step, and that’s what the company has in mind, Petersen said. LogRhythm’s leadership foresees an IPO in about 18 to 24 months, and they have been getting ready, for example, by adding new board members with experience running cyber security companies or government cyber security programs.

“As a company, we have to evaluate whether or not we’ll go public late next year or early 2015,” Petersen said. LogRhythm has “revenue and a growth rate that would support a public company, and this is still a rapidly growing and evolving market that would support a lot of innovation.”

LogRhythm is an emerging player in security information and event and log management software, which is an increasingly important part of the larger cyber security market. The goal of companies in that segment is to build software that can help clients detect potentially dangerous activity obscured by the millions of activities that occur across their networks each day.

An example would be spotting a suspicious log-in attempt from a foreign country where the company doesn’t have an office or do business, or a series of attempted logons that indicate an orchestrated attack.

But companies and government agencies with sensitive information and networks to protect don’t want to learn that after the fact. LogRhythm’s strategy is to develop programs that can immediately identify something suspicious, and take actions to protect a network.

LogRhythm’s software also helps companies meet increasingly complex compliance laws and regulations.

Clients that LogRhythm can publicly reveal include Bank of the West and NASA, and it serves such specialized industries as banking and finance, retail and hospitality, and healthcare industries.

In the past month, LogRhythm bolstered its board by adding Dick Williams, president and CEO of Webroot. Webroot is a cyber security company based in Broomfield, CO, between Boulder and Denver. Like LogRhythm, Webroot’s formative years were spent in Boulder, and it remains a private company.

Williams has experience leading emerging IT companies to IPOs or acquisitions. He led Webroot’s restructuring, and guided the company’s new focus on developing cloud-based security applications for mobile and businesses.

LogRhythm asked Williams to come on board to give it more seasoned executive management as it navigated the next stages of its growth, Petersen said. The company also appointed Robert Lentz to the board in May Lentz is the former deputy assistant secretary of defense for cyber, identity, and information assurance and was the department’s chief information security officer. LogRhythm hopes to expand its sales to the government, especially to the Department of Defense and other agencies focused on national security, and recruited Lentz to help in those areas.

LogRhythm’s prospects for going public or securing a very lucrative exit have enticed VCs. Since its founding in 2003, the company has raised $31.4 million from investors. Much of the early money invested in LogRhythm has come from the Colorado offices of Access Venture Partners, Grotech Ventures, and High Country Venture. Siemens Venture Capital and Adams Street Partners joined later rounds, including the $15 million Series D round the company closed last year.

The money poured in after several years of bootstrapping, which included Petersen selling his house and using the money to finance the company.

LogRhythm claims to be the largest independent company in the event and log management security segment. While that’s an achievement LogRhythm’s proud of, the key word in that sentence might be “independent.” LogRhythm’s competitors are some of the biggest names in the IT industry, including Hewlett-Packard, IBM, and Intel. They’ve built their businesses by snapping up LogRhythm’s competitors.

“We’re competing against the big boys,” Petersen said.

Accordingly, LogRhythm will focus on the classic startup strategy of continually improving and developing products, staying nimble, and offering better service. “This is all we do, unlike the larger companies, where it’s a small percentage of their revenue,” Petersen said. “This is all we do, so we have to excel at it, and we do.”

Trending on Xconomy