Francisco Partners Snaps Up EfficientIP in DNS Security Play

Francisco Partners has acquired EfficientIP, a Paris-based provider of DNS security and network automation software, in a deal that underscores growing private equity interest in the infrastructure layer of cybersecurity. Terms weren't disclosed, but the transaction marks Francisco's continued expansion into enterprise software that sits below the application layer — where breaches increasingly originate.

EfficientIP specializes in DNS, DHCP, and IP address management — the unglamorous plumbing that routes internet traffic and assigns device identities across corporate networks. It's a category that's gained urgency as hybrid cloud architectures multiply attack surfaces and nation-state actors exploit DNS vulnerabilities to exfiltrate data or launch distributed denial-of-service attacks.

The company serves more than 1,000 customers globally, including Fortune 500 enterprises across financial services, telecommunications, and government sectors. EfficientIP says its SOLIDserver platform automates IP address management while embedding security controls that detect anomalies in DNS query patterns — a common indicator of compromised endpoints or lateral movement by attackers.

"DNS has become a primary vector for cyberattacks, yet it remains one of the least visible parts of most organizations' security stacks," said David Weiss, co-president of Francisco Partners, in a statement. The firm plans to scale EfficientIP's go-to-market operations and accelerate product development around zero-trust network architecture — a framework that's moved from buzzword to board-level mandate over the past 18 months.

DNS sits at the foundation of how devices find each other on the internet. When you type a web address, DNS translates that human-readable name into the numeric IP address that computers use to connect. It's fast, distributed, and largely invisible — which is precisely why attackers love it.

According to IDC, 88% of organizations experienced at least one DNS attack in 2025, with the average cost per incident exceeding $950,000 when factoring in downtime, investigation, and remediation. The attack surface has expanded as companies adopt multi-cloud strategies: DNS queries now traverse public clouds, on-premises data centers, and edge locations, creating blind spots that legacy security tools struggle to monitor.

EfficientIP's pitch is that securing DNS requires purpose-built technology, not bolted-on features from firewall vendors. Its platform sits inline with DNS traffic, applying machine learning models to flag suspicious queries in real time — like a sudden spike in requests to newly registered domains, a hallmark of command-and-control infrastructure used in ransomware campaigns.

For Francisco Partners, the thesis extends beyond DNS alone. The firm has built a portfolio of infrastructure software assets — including prior investments in network observability (Kentik), API security (Salt Security), and data center automation — that collectively address the modernization of enterprise IT architecture. EfficientIP fits that pattern: it solves a specific, high-stakes problem that CIOs can't ignore as they dismantle legacy networks.

EfficientIP is headquartered in Paris, with R&D operations in France and sales teams across Europe, the Middle East, and North America. The company has historically been stronger in Europe than in the U.S., where it competes against incumbents like Infoblox and newer entrants like BlueCat Networks.

Francisco Partners has a track record of acquiring European software companies and using its operational resources — and access to U.S. enterprise buyers — to scale them globally. Previous deals include the acquisition of Netherlands-based cybersecurity firm Fox-IT (later sold to NCC Group) and German business intelligence provider Jedox.

The playbook typically involves injecting go-to-market talent from Francisco's operating team, expanding channel partnerships with U.S.-based managed service providers, and bundling the acquired product with complementary portfolio companies to create more comprehensive solutions for large enterprises.

In EfficientIP's case, the firm will likely push harder into the North American market — where DNS security spending is growing fastest — while maintaining the company's European customer base and regulatory credibility. The latter matters: European enterprises increasingly prioritize vendors with local data residency and GDPR-compliant architectures, an advantage for Paris-based providers selling into multinational financial institutions or telecom operators.

The competitive landscape for DNS security is consolidating under private equity ownership. Vista Equity Partners acquired Infoblox in 2016 and has since used it as a platform for add-on acquisitions. Madison Dearborn bought BlueCat in 2017. That leaves EfficientIP as one of the few remaining independent specialists in the category — until now.

The company's core product, SOLIDserver, combines three historically separate functions — DNS, DHCP, and IP address management — into a single control plane. It's designed for enterprises that operate hybrid environments where some workloads run on-premises, others in AWS or Azure, and still others at the edge in IoT deployments or retail locations.

This acquisition is Francisco's third in the cybersecurity infrastructure space in the past two years. In late 2024, the firm invested in network observability platform Kentik, which helps enterprises visualize traffic flows across multi-cloud environments. Earlier in 2025, it backed API security startup Salt Security, which detects vulnerabilities in the application programming interfaces that connect modern software services.

The through-line: Francisco is assembling a portfolio of companies that address blind spots in hybrid cloud security. DNS, APIs, and network telemetry are all components of the infrastructure layer that traditional security tools — firewalls, endpoint detection, identity management — don't fully cover.

"We're seeing a fundamental shift in where security needs to be enforced," said Ezra Paquette, a principal at Francisco Partners, in an earlier interview about the firm's infrastructure strategy. "The perimeter is gone. Applications are distributed. The only constants are the network layer and the identity layer, and both need purpose-built security." EfficientIP extends that logic to the DNS layer.

The firm's bet is that these infrastructure categories will consolidate — either through acquisition by larger security platforms (Palo Alto Networks, CrowdStrike, Microsoft) or through roll-ups by financial sponsors. Francisco appears to be positioning for the latter, building a collection of assets that could eventually be bundled into a comprehensive infrastructure security suite.

That strategy carries risk. Infrastructure software can be sticky — enterprises hate changing DNS providers once they're embedded in production — but it's also commoditizing. Hyperscalers like AWS and Google Cloud offer basic DNS services for free, and open-source alternatives exist for IP address management. EfficientIP's value proposition rests on security features and automation capabilities that free tools don't provide, but maintaining that differentiation requires continuous R&D investment.

Francisco structured the transaction as a full buyout, though the company didn't disclose whether existing investors or founders rolled equity. EfficientIP had previously raised capital from European venture firms, but was largely bootstrapped and profitable — a rarity in cybersecurity software, where most companies burn cash to fund sales and marketing.

The company's profitability likely made financing straightforward in an environment where software buyout debt is expensive and lenders remain cautious. Francisco typically uses a mix of equity from its fund and moderate leverage — often 2-3x EBITDA — for deals in this size range, avoiding the aggressive capital structures that characterized pre-2022 tech buyouts.

EfficientIP's leadership team will remain in place, according to the announcement. CEO David Williamson, who joined the company in 2018 from Cisco, will continue to lead day-to-day operations. That continuity matters for enterprise customers, who tend to view ownership changes as a risk signal — particularly in cybersecurity, where trust and reliability are non-negotiable.

The product roadmap will likely emphasize integrations with adjacent security tools — SIEM platforms, extended detection and response (XDR) systems, and zero-trust network access (ZTNA) solutions. Francisco has a network of portfolio companies and partners that can accelerate those integrations, potentially positioning EfficientIP as a data source for broader security operations centers rather than a standalone point solution.

One near-term question: whether Francisco will pursue add-on acquisitions to expand EfficientIP's capabilities. The DNS security market includes smaller players focused on threat intelligence, DNS filtering, or specialized verticals like healthcare or critical infrastructure. Rolling up complementary assets is standard playbook for infrastructure software buyouts — Vista did it with Infoblox, Madison Dearborn did it with BlueCat.

For customers, the main risk is product stagnation. Private equity ownership sometimes means leaner R&D budgets and a focus on margin expansion over innovation. Francisco, to its credit, has a reputation for investing in product — it's a differentiator in a market where many sponsors are financial engineers first — but the proof will show up in product release velocity over the next 12-18 months.

The company's customer base skews toward regulated industries: banking, telecommunications, government agencies, and critical infrastructure operators. That creates both opportunity and constraint. Regulated buyers have budget and urgency — they can't afford DNS outages or breaches — but they also move slowly, require extensive compliance documentation, and often demand on-premises deployments rather than SaaS. EfficientIP will need to balance the appeal of high-margin SaaS revenue with the reality of its existing install base.

EfficientIP is one of dozens of cybersecurity infrastructure deals announced in the past 18 months. Thoma Bravo bought ForgeRock (identity management) and SailPoint (identity governance). Vista recapitalized Ping Identity. TPG invested in Zscaler's cloud security platform. Clearlake bought Ivanti, which includes endpoint management and security tools.

The common thread: these are companies selling infrastructure-layer software that enterprises consider non-negotiable. Unlike application security or security awareness training — categories where buyers can delay or deprioritize spending — infrastructure security addresses existential risks. If your DNS infrastructure goes down, your business stops. If your identity system is compromised, attackers get the keys to everything.

That positioning gives these assets defensive revenue characteristics — high retention, predictable renewal rates, limited exposure to economic downturns. It also creates exit optionality: large security platforms (Palo Alto, Cisco, Microsoft, CrowdStrike) are perpetually hunting for infrastructure assets to round out their suites, and strategic buyers will pay premiums for market-leading technologies with sticky customer bases.

The challenge for sponsors is that infrastructure software multiples remain elevated despite broader market volatility. Cybersecurity companies with recurring revenue and net retention above 100% still trade at 8-12x forward revenue in the public markets — high by historical standards, but down from the 15-20x peaks of 2021. Private market valuations have compressed less dramatically, meaning entry prices are still rich and exit paths depend on multiple expansion or significant revenue growth.

Three things will determine whether this deal creates value or becomes a cautionary tale. First, execution on the U.S. market expansion. EfficientIP has a foothold in North America, but it's competing against well-funded incumbents with entrenched channel relationships. Francisco's go-to-market resources matter, but so does timing — if enterprises have already standardized on Infoblox or BlueCat, displacing them is a multi-year effort.

Second, product innovation. DNS security is a technology category where differentiation erodes quickly. Machine learning models for anomaly detection are table stakes. The next wave of value will come from integrating DNS security with broader zero-trust frameworks, embedding it into cloud-native architectures, or providing real-time threat intelligence that informs response at the application layer. EfficientIP will need to stay ahead of commoditization.

Third, the exit environment. Francisco typically holds assets for 4-6 years, which means any exit likely occurs in 2030 or later. By then, the cybersecurity M&A market may look entirely different. If large platforms continue consolidating infrastructure assets, EfficientIP becomes an attractive acquisition target. If the market shifts toward integrated suites — where DNS security is just one module in a broader SASE or zero-trust offering — standalone providers face margin pressure.

The deal ultimately reflects a bet that DNS security is a growing, defensible category with pricing power and strategic value. Whether that bet pays off depends on how much urgency CIOs assign to a layer of infrastructure that's been largely invisible — until it breaks. And in cybersecurity, the thing that's invisible is usually the thing you should've been watching all along.