Which vendors carry buyer risk?
Financial health, renewal trends, PE ownership, valuation multiples, and acquisition signals — updated quarterly from public sources. The intelligence that analyst firms won't publish, because the vendors being assessed are their paying clients.
Why Gartner and Forrester won't show you this
Every Gartner Magic Quadrant and Forrester Wave in data security is funded by the vendors it evaluates. Vendors pay for analyst briefings, inquiry access, reprint rights, and advisory services. The structural incentive is clear: vendors that invest heavily in analyst relations receive more coverage and more favorable positioning. A vendor in financial distress, with stalled product investment and accelerating customer attrition, will still appear in the Leaders quadrant as long as they're paying Gartner's fees. VendorAudit takes no money from vendors. Read our independence policy →
| Vendor | Risk level | Ownership | Last valuation | Runway / financial signal | Key risk signals | Cap score |
|---|---|---|---|---|---|---|
| ⚠ High buyer risk | ||||||
Trellix McAfee Enterprise + FireEye (2022 merger) |
High risk | PE · STG Partners | Not disclosed | No clear PE exit path or IPO signal Limited post-merger R&D investment |
Declining product trajectory Customer attrition to Purview, Cyera Legacy McAfee/FireEye install base eroding |
58 |
Forcepoint Network DLP, gov-focused |
High risk | PE · Francisco Partners | Not disclosed | PE-owned since 2021, no exit signal GetVisibility acq. 2025 = integration risk |
Declining commercial enterprise investment Support quality declining per reviews Government channel still stable |
60 |
Symantec / Broadcom Legacy network DLP |
High risk | Divisional · NASDAQ: AVGO | AVGO market cap $800B+ | Broadcom harvesting Symantec install base R&D investment near zero |
Channel partners exiting the product Support SLAs degrading systematically Still present in large regulated orgs |
62 |
| 👁 Watch — elevated signals | ||||||
Varonis Public · NASDAQ: VRNS · AllTrue.ai Feb 2026 · Disclosed |
Watch | Public · NASDAQ: VRNS | Market cap ~$3.8B (Apr 2026, post-recovery) | ARR $745M · 16% YoY growth · SaaS 86% of ARR FCF $132M in 2025 · 2026 guidance near breakeven |
20yr history · founder-led · 8,000+ customers AllTrue.ai (AI TRiSM) acquired Feb 2026 Securities class action re SaaS conversion disclosures Cap 80 · public-source only · health revised 70→78 ic-source only) |
80⚠ |
Cyera Series F · $9bn valuation · Dec 2025 · Cyberstarts-incubated |
Watch | Acquired · Veeam Dec 2025 · $1.725B | $9bn · Dec 2025 · ~90x ARR | $1.7B raised total — strong runway Valuation multiple creates renewal risk |
Contract 2+ pricing pressure likely Cyberstarts incubation: Sunrise CISO programme investigated by Forbes (Oct 2024) — investor-level controversy, not Cyera directly, but warrants buyer disclosure Capability trajectory strong Negotiate annual price cap at signing |
79 |
Proofpoint Email-led DLP · Normalyze acquired |
Watch | PE · Thoma Bravo | ~$12.3B (2021 take-private) | Thoma Bravo under exit pressure IPO/sale expected 2026–2027 |
Ownership transition = integration uncertainty Email DLP heritage remains strong Normalyze integration still maturing |
64 |
BigID Series E · Privacy-led DSPM |
Watch | Private · Series E | ~$1.25B (2022) | No public funding update since 2022 Burn pressure in rising rate environment |
Market positioning under pressure from Cyera Strong connector breadth (200+) IPO/acquisition candidate |
73 |
| ✓ Stable — lower buyer risk | ||||||
Microsoft Purview Integrated suite · M365 |
Stable | Divisional · NASDAQ: MSFT | MSFT $3.2T market cap | Existential risk near zero July 2026 E5 price increase planned |
Deepest M365 integration On-prem scanner degraded by design Partner implementation: $150K–$1M+ |
71 |
Rubrik DSPM Backup + DSPM convergence |
Stable | Public · NYSE: RBRK | $1.46B ARR · $238M FCF FY26 | Public company, strong balance sheet Improving trajectory |
Agent Cloud GA · identity 900 customers · 90%+ win rate $238M FCF · NRR>120% · 34% ARR growth |
72 |
Sentra Cloud-native pure-play DSPM |
Stable | Private · Series B | ~$200M est. (2023) | Lean team, capital-efficient Series B — reasonable runway |
Fast time-to-value Mid-market pricing Acquisition candidate (positive) |
75 |
Securiti Privacy + security platform |
Stable | Private · Series C | ~$1B est. (2022) | Profitable segments reported Broad compliance market tailwind |
EU AI Act compliance demand growing Complex platform, implementation-heavy |
76 |
Wiz DSPM CNAPP + DSPM · Google-acquired |
Stable | Divisional · Google (NASDAQ: GOOG) | Acquired $32B · Q1 2026 | Google parent = existential risk near zero Integration uncertainty post-acquisition |
Best for existing Wiz CNAPP customers Standalone DSPM capability still maturing |
70 |
Palo Alto Dig DSPM via Dig Security acq. |
Stable | Divisional · NASDAQ: PANW | PANW market cap ~$120B | Strong parent balance sheet Platformisation strategy well-funded |
Best for existing Prisma Cloud customers Dig integration still in progress |
70 |
Immuta Analytics data access governance |
Stable | Private | ~$1B est. (2022) | Snowflake/Databricks partnership moat Narrow use case limits growth ceiling |
Best-in-class for analytics governance Acquisition candidate for Snowflake/Databricks |
71 |
IBM Guardium Database activity monitoring heritage |
Stable | Divisional · NASDAQ: IBM | IBM market cap ~$200B | Global support, no existential risk Limited cloud-native innovation |
Strong for regulated DB environments Legacy architecture limits cloud use cases |
65 |
AWS Macie S3-native · Pay-as-you-go |
Low risk | Divisional · Amazon (NASDAQ: AMZN) | AMZN market cap ~$2T | No vendor risk — AWS infrastructure S3-only limits to AWS estates |
Zero vendor risk, pay-per-use Not a standalone DSPM platform |
64 |
Google Cloud DLP GCP + Workspace native |
Low risk | Divisional · NASDAQ: GOOG | Google market cap ~$2T | No vendor risk GCP/Workspace lock-in |
API-first, strong for GCP estates Limited to Google ecosystem |
58 |
Concentric AI Semantic unstructured data specialist |
Stable | Private · ~$95M raised | ~$250M est. | Capital-efficient, focused niche Small team (~180), limited APJ |
Best-in-class semantic labelling Acquisition candidate (positive signal) |
68 |
Normalyze Acquired by Proofpoint 2024 |
Watch | Acquired · Proofpoint (PE) | Acq. terms not disclosed | Integration into Proofpoint platform Parent PE exit uncertainty |
Cloud DSPM roadmap integration pending Strong Snowflake/analytics coverage |
70 |
Privacera Apache Ranger heritage · Analytics DAG |
Stable | Private | ~$150M est. | Profitable open-source heritage Narrow niche limits upside |
Ranger-native environments: best fit Limited outside analytics governance |
67 |
Gartner's own research found that only 32% of planners actually migrated to security tools that were implemented. DSPM has the same problem. A successful deployment requires policy decisions that security teams have typically deferred for years. The vendor risk isn't just financial — it's operational. A platform that discovers 3 million sensitive data items in week one is useless if nobody decides what to do with that finding.
90-day deployment methodology →Vendor licence costs are the smallest part of total cost of ownership. Microsoft Purview's headline price is bundled in M365 E5. A mature, running Purview deployment — including partner implementation, policy workflow build, ongoing tuning, and integration work — typically costs 3–5× the licence value in year one. Ask every vendor for their documented implementation costs before signing. Vague answers are the answer.
3-year TCO calculator →Risk signals are derived from public sources: SEC filings, earnings call transcripts, press releases, Crunchbase, PitchBook estimates, G2 review trends, and VendorAudit channel intelligence. Valuation estimates for private companies are based on published funding rounds and comparable transaction multiples. No vendor has paid for or influenced this analysis. Varonis data is held to higher evidence bar — see methodology disclosure. Updated quarterly — next update Q2 2026.