News & Analysis

Life before and after acquisition: Scott Crane shares the Packetloop story

- August 22, 2014 5 MIN READ

Many startup founders enter the game not only to disrupt an industry, but also to be acquired by a larger company. For others, acquisition offers come out of the blue and founders have to grapple with the decision of whether to let go of the power they have over what has become their ‘baby’. But what happens post-acquisition? Do founders purchase jets and migrate to an island? Do their innovations fall into the cracks of obscurity? Startup Daily spoke with Packetloop’s former co-founder Scott Crane to find out about life before and after acquisition.

Sydney-founded security analytics innovator Packetloop was acquired by a global leader in the field of network security, Arbor Networks, in September 2013 – two years after the startup was founded by computer security consultants Scott Crane, Michael Baker and Tyson Garrett. Due to contractual obligations, the terms of the deal are staying sealed inside an envelope.

The co-founders started Packetloop in 2011 with the singular goal of offering a platform that would change the way industries performed security analytics. Packetloop’s solution is delivered as a Cloud platform so that customers can upload and analyse their own packet captures at any time.

The startup also developed an on-premise, real-time network solution that consists of prepackaged Virtual Machines and hardware appliances. The on-premise solution connects the customer to the Cloud for real-time processing to complement the historical forensic capabilities of the Cloud solution.

“The platform had to solve what no one else had yet achieved; how to process and present network packet captures on a massive scale, from anywhere in the network. This meant processing terabytes of data representing months of network traffic. All of these elements went into the development of Packetloop and drove a cycle of constant innovation that led to us having the first Cloud based Big Data Security Analytics platform in the market,” Crane wrote on Arbor Networks’ blog.

Confused? We don’t blame you. Crane, who’s always been a biking enthusiast, compares the concept of the Packtloop technology to drug testing procedures in the cycling world.

“The key feature of the platform is the ability to hold old traffic. In sports drug testing, competitors have two samples taken. One is tested immediately, the other is frozen for retrospective testing over ten years as new methodologies emerge in case they find something. Think of what happened to Lance Armstrong – they detected EPO in his sample five years after the initial testing,” he says.

“Retrospective testing hadn’t been done with networking, so we started to record old network data for analysis. So, if an attack comes into the environment, we can go back into the old traffic records and update the detection capability of the product using the new threat intelligence.”

The Packetloop platform revealed its capabilities when the software bug Heartbleed became a matter of public panic. Considered ‘the biggest security threat of our time’, reports suggested that more than 500 million websites could be affected – leaving important data exposed to hackers such as customer email addresses and credit card information.

On the day of attack, the Packetloop team had the product updated within four hours, and made 20 updates in the following four days. They were able to reprocess all customer data and gave customers the ability to say definitively that, ‘Yes we had a vulnerability, we had to put a patch in, no we were not exploited.’

Arbor Networks, R&D Centre Entrance

Arbor Networks, R&D Centre Entrance

Following the acquisition, Packetloop has became the core of Arbor’s Australian R&D division. Their technology is now part of the company’s global product portfolio; and is considered a hosted analytics alternative to current Security Incident and Event Management systems.

The acquisition has also allowed Packetloop’s technology to scale faster. Since September, they’ve signed up over 350 companies – that’s about one new client per day.

Crane insists that Packetloop was “never for sale but was always for sale”. The team liked working for themselves. They enjoyed the creative freedom that the entrepreneurial lifestyle affords, so they never actively went out to sell the business.

But things changed after an article was written about the bootstrapped startup on tech publication GiggaOM in 2012. Venture capitalists and some of the world’s leading security players started vying for their attention. At this point, Packetloop was operating from a little, window-less office on Pitt Street, Sydney.

“That was the start – the phones lit up after that article came out.  We had acquisition offers from smaller firms, big vendors and VCs. It became a daily task of taking calls with acquisition offers from some huge names in the industry. Which was a great validation of the product,” says Crane.

Although Packetloop received a number of offers, there was only one that was appealing to them.

“We had a lot of conversations with a lot of vendors – Arbor were the first guys that truly got it and gave us a vision of where it could actually fit. For us, we got a great space to work in, the ability to hire a great team of talented people and access to a global sales team,” says Crane.

Following the acquisition, Packetloop moved into Arbor Network’s mitigation technology space. They now have 12 developers on staff – 10 in Australia and two in the US – with open requisition to hire four more. Their smart new offices in Sydney’s CBD and brand new research and development lab is intended to attract some of Australia’s best IT talent.

What’s particularly interesting is that Packetloop had only been commercial for one month when Arbor approached them. Crane says there was “no real revenue growth to speak of”. This goes to show that Arbor was less fazed by the Packetloop’s monetisation model, and more interested in the technology and vision.

“It is innovative and does what no other product does in the market. Also once we met the management team [at Arbor Networks] it was clear that we were very similar in culture and approach which made integration quite easy,” Crane adds.

An acquisition can be just as scary as it is exciting. But the original co-founders of Packetloop were already familiar with the process. The trio, who has worked together in the technology industry since 1998, built their first business together ThinkSecure in 2003. The business was a security consultancy that they eventually sold to former customer Leighton Holdings in 2007.

“We had previously sold a security consulting business, so we were quite comfortable with the process and there were no great surprises,” says Crane.

The team continued with the acquired company for another three years before starting a new security consultancy, Black Foundry. Almost in the same breath, they started Packetloop.

Crane says that the team hasn’t lost much control over their company following the acquisition.

“Arbor has invested in us staying in Australia and growing the team which was always one of our ‘conditions’ of sale,” Crane explains.

“We have retained a lot of control over the direction of the product and we are still intimately involved with everything to do with its creation and release. Selling certainly meant we could accelerate development in ways we would not have achieved on our own without outside investment.”

Another point Crane makes in the aforementioned Arbor Networks blog post is that they see their relationship with Arbor Networks as “more than just an acquisition” – it’s a partnership.

“It is bringing together two powerful and complimentary security solutions and two organisations who are incredibly similar in every way despite the obvious difference in size,” he wrote.

So what advice does Crane have for startups? He says quite bluntly, “Don’t build a business looking to sell it.”

“Build a business based on the right product/idea, a product you would want to use and make it the best it can be.”

And, of course, we should never forget that startups must “work like crazy”.

“If you do these things then chances are acquisition will happen naturally. But it should not be the only goal. Look at companies like Atlassian, Freelancer and CampaignMonitor,” says Crane.


Demonstrating that tech entrepreneurs should never stop innovating – at the very least, to prevent the loss of momentum – Crane and his immediate team, alongside Arbor Networks, will be delivering a bunch of technical roadmap innovation to take the existing security analytics product to the next level.

We’ll have to wait and see how they do it.

Featured image: Kris Lamb, VP Engineering and Scott Crane, Director Product Development, Arbor Networks. Source: Provided.