LevelBlue's Strategic Acquisition of Stroz Friedberg: Strengthening Position in Cybersecurity Services

LevelBlue, a global leader in cloud-based, AI-driven managed security services, has signed a definitive agreement to acquire Aon's Cybersecurity and Intellectual Property (IP) Litigation consulting groups, which include recognized cybersecurity firm Stroz Friedberg, and Elysium Digital. This announcement marks a significant shift in the cybersecurity landscape, bringing together approximately 300 technology professionals with strong relationships across Fortune 500 enterprises, 80 percent of the Am Law 100 and a majority of Top 20 law firms in the UK under LevelBlue's expanding portfolio.

The deal, while undisclosed financially, could position LevelBlue to become the largest independent pureplay Managed Security Services Provider (MSSP) globally by combining its carved-out AT&T services and ex-AlienVault AI-driven platform capabilities with Stroz Friedberg's digital forensics and incident response expertise and Elysium's intellectual property and trade secrets disputes capabilities.

Nine Years of Growth and Integration at Aon

Since Aon acquired Stroz Friedberg in 2016, the cybersecurity consulting firm has undergone significant transformation and expansion. The nine years under Aon's ownership were focused on building out proactive capabilities and integrating them with reactive incident response services. When Aon first acquired Stroz Friedberg, the strategy to combine proactive "readiness" services with reactive "response" was quite new. Stroz understood cyber is not just a technology problem, but a business risk problem which includes considering balance sheet risk transfer as an augmentation to that.

This vision led to substantial integration efforts between Aon's brokerage capabilities and Stroz Friedberg's consulting services. The team worked to create a holistic approach where clients could address cybersecurity not just through technical controls, but through risk transfer mechanisms like cyber insurance. During this period, Stroz Friedberg significantly expanded its proactive services, acquiring companies like Gotham Digital for testing capabilities and building out advisory practices with former Big Four professionals.

The integration wasn't just about adding services—it was about creating synergies. The two solutions—proactive and reactive—were integrated and feed each other and build off each other. As an example, the incident response teams share real-world threat actor tactics with the testing teams, who then incorporate these techniques into penetration testing scenarios for other clients.

Under Aon's ownership, Stroz Friedberg also developed what they call "resilience retainers"—comprehensive service packages that go beyond traditional incident response retainers to include threat intelligence, testing services, and even technology procurement through strategic partnerships. This evolution represented a move toward more recurring revenue models and deeper client relationships.

Why Aon is Ready to Let Go

In my estimation, the decision for Aon to divest Stroz Friedberg wasn't driven by poor performance, but rather by strategic misalignment and market realities. From my analysis, I believe several factors contributed to this decision.

First, there was a fundamental market evolution challenge. In 2016, the CISO and the risk manager were much further apart than they are today. Selling the integrated services took more time than first planned. And during this decade with Aon, cyber insurance has successfully created guardrails for incident response that are quite helpful for buyers, but challenging to a market that had hockey stick growth. Hourly rates once in the $400 an hour range, plummeted. Again, good for the buyer; not so much for the provider.

Second, Aon's strategic focus has shifted back to its core competencies. The consulting business, while profitable, didn't meet the recurring revenue and EBITDA thresholds that Aon's other businesses achieve.

Perhaps most significantly, the Aon ownership had become a competitive disadvantage rather than an asset. Insurance brokers limit which DFIR firms buyers can engage with and the fact that Stroz Friedberg was owned by Aon detracted from the overall consulting opportunity. This conflict-of-interest perception was limiting Stroz Friedberg's addressable market to essentially only Aon-brokered clients.

Finally, there was the platform challenge. The cybersecurity market has increasingly moved toward platform-based solutions, with companies like CrowdStrike and Palo Alto Networks offering "platformization" where they get their technology in place and then build services around it. Aon was never going to make the investments needed to compete in this technology-driven market.

The Strategic Value for LevelBlue

The acquisition brings together two complementary companies in ways that create significant strategic advantages for LevelBlue. Stroz Friedberg's capabilities span four key practice areas that perfectly complement LevelBlue's existing platform:

• Security Advisory Excellence: Stroz Friedberg's advisory team brings deep expertise in cybersecurity strategy, governance, risk assessments, and emerging areas like AI security. This practical expertise in applying existing security frameworks to new technologies will be invaluable as LevelBlue's clients navigate emerging risks.

• Strong Testing and Red Team Capabilities: The acquisition includes a red team which has uncovered devastating vulnerabilities in a broad range of industries from finance and retail to critical infrastructure. This technical depth, combined with the ability to emulate real threat actor tactics, brings a level of sophistication that will differentiate LevelBlue's offerings.

• Threat Intelligence and Executive Risk Services: Stroz Friedberg's threat intelligence practice goes beyond traditional threat feeds to provide "managed intelligence" services. Their executive vulnerability assessments have helped clients prevent multi-million-dollar business email compromise attacks by identifying risks before they're exploited. This human-centric approach to threat intelligence will complement LevelBlue's AI-driven threat detection capabilities.

• Digital Forensics and IP Litigation: Perhaps most uniquely, the acquisition includes Elysium Digital's intellectual property litigation capabilities. This creates opportunities for LevelBlue to serve clients through the entire lifecycle of a cyber incident, from initial response through potential litigation.

The timing is particularly strategic given market trends toward continuous threat exposure management (CTEM). Combining the operational side with both firms' technical expertise, proactive incident readiness and DFIR with digital risk management and IP litigation is a virtuous cycle both from a business standpoint and benefiting clients. With this acquisition LevelBlue can now offer this complete cycle of services.

The acquisition also solves the platform challenge that Stroz Friedberg faced under Aon. LevelBlue brings the technology platform that can serve as an anchor for client relationships, while Stroz Friedberg brings the high-end consulting capabilities that create stickiness and differentiation.

Furthermore, the continued strategic relationship with Aon means LevelBlue gains access to Aon's cyber insurance expertise and client relationships without the conflicts that limited Stroz Friedberg's market reach. This creates a unique competitive position where LevelBlue can serve both Aon clients and the broader market that was previously inaccessible.

A Strong Strategic Move with Execution Ahead

This acquisition represents a well-considered strategic move for LevelBlue. The company needed an infusion of additional capabilities and talent to compete with the platform-based approaches of companies like CrowdStrike and Palo Alto Networks. By acquiring Stroz Friedberg and Elysium Digital, LevelBlue gains not just significant incident response capabilities, but a complete suite of proactive and reactive cybersecurity services backed by deep technical expertise and prestigious client relationships.

The strategic logic is compelling: combine LevelBlue's AI-driven managed detection and response platform with Stroz Friedberg's consulting excellence to create a unified cybersecurity services platform. This positions LevelBlue to offer everything from 24/7 monitoring and threat detection to strategic advisory services, penetration testing, incident response, and even IP litigation support.

The success of this acquisition will depend on LevelBlue's ability to maintain the high-caliber talent that makes Stroz Friedberg special while successfully integrating their methodologies and client relationships into a unified service delivery model. Both organizations bring strong cultures and established ways of working that will need to be thoughtfully combined.

If executed well, this acquisition could establish LevelBlue as a strong independent alternative to the platform vendors, offering clients the deep expertise of a boutique consultancy with the scale and technology capabilities of a global managed services provider. This positions the combined organization well for the evolving cybersecurity landscape, where clients increasingly seek comprehensive solutions that span prevention, detection, response, and recovery.