A seven-million-dollar line in the veterans' ledger

On 27 September 2025 — three days before the federal fiscal year expired — the Department of Veterans Affairs obligated $6,976,425.80 to a service-disabled-veteran-owned reseller called Metgreen Solutions for "brand name RedSeal cyber risk analytics." The order, placed against NASA's SEWP government-wide vehicle, carries a base-and-all-options ceiling of $14.27 million in the same filed record, with a potential end date of 26 September 2027; trade coverage of the award reports the identical two-year value. Nothing about the line is exotic. That is what makes it valuable. It is a fiscal-year-end renewal, justified by brand name, routed through a set-aside intermediary, for software the VA has been buying since at least 2017.

The buyer's habit, not the product's novelty, is the asset. RedSeal — legally RedSeal, Inc., a Delaware corporation that began life in 2004 as RedSeal Systems Inc — sells a modelling engine that ingests the configuration files of routers, firewalls, switches and cloud accounts and computes what can reach what. Institutions do not buy that capability the way they buy productivity software. They buy it against an audit, after an incident, or under a mandate, and then they renew it because the model has become the map their compliance paperwork stands on. This essay works through what that renewal machine earns, what it costs, who owns it, and how long a topology specialist can defend a niche that platform vendors now give away in bundles. Every load-bearing number below comes from a filed award, a registry object or a securities filing; where an estimate appears, it is labelled as one.

The one-line thesis: RedSeal's economics are those of an annuity written on institutional anxiety — high-retention, low-growth, priced flat for a decade — and the public record is unusually complete in showing it.

One Delaware company, three names, and a stray record in Plano

Start with identity, because the directory row that carries this company into registry data is itself a small archaeology lesson. The American Registry for Internet Numbers holds two objects under the name. The first is a customer record, "REDSEAL SYSTEMS INC-090311232251", created on 12 March 2009 at a Plano, Texas address: a reassignment of exactly eight IPv4 addresses — 99.160.129.232/29 — from SBC, the AT&T operating company. That is the footprint of a business DSL circuit with static addressing: a home office or tiny sales outpost, registered under the company's original legal name and last touched in July 2018, seven years after the name itself had been retired. The second object is an organisation record, "RedSeal, Inc.", registered in March 2011 at 940 Stewart Drive, Sunnyvale, California, holding a direct IPv6 allocation of a /48. The contact on that object still lists e-mail addresses at both redseal.net and the older redsealnetworks.com — the brand fossil embedded in the plumbing.

Why does a software firm hold address space at all? Not to run a network. RIPE's routing measurements show the /48 visible to zero of 321 route-collector peers today: registered, unrouted, almost certainly lab space acquired in 2011 when the product needed to model IPv6 before most of its customers did. The address space is evidence of engineering intent, not operations. The directory's country field, likewise, records where the registry member sits in ARIN's service area; it is corroborated as headquarters here by other records, not proven by the registry alone.

The corporate chain is cleanest in federal securities filings. SEC EDGAR carries the company as CIK 1305683, a Delaware corporation whose former names are recorded as RedSeal Systems Inc (from October 2004) and RedSeal Networks, Inc. (2011) before the current RedSeal, Inc. The same filings trace the address from San Mateo to Sunnyvale; the company today lists its headquarters in Menlo Park. An attempt to pull the parallel California registration through the Secretary of State's public search interface returned nothing usable — the query system refused non-browser requests — so the EDGAR chain and the company's own filings carry the name history here, and they are sufficient: one corporation, three names, twenty-two years, no breaks.

One housekeeping note on names. Registry-derived listings render this company in the stamped formats of the records themselves — the customer object's machine-suffixed "REDSEAL SYSTEMS INC-090311232251," prefixed variants generated by registry tooling, the bare "SYSTEMS INC" fragment — and none of these is a trading name. They are shadows of the same Delaware entity cast at different angles, and the reconciliation above is what turns them back into one company.

The slug this profile sits under preserves the oldest of the three names, the same one frozen in the Plano registry stub. That is fitting. RedSeal is a company whose earliest infrastructure records outlived two rebrandings, and whose business, as the next sections show, is precisely the maintenance of institutional memory about networks that everyone else has half-forgotten.

The product is a map; the purchase is an insurance premium

What RedSeal ships is, at bottom, a calculation. Feed it every device configuration in an enterprise — firewall rules, routing tables, load-balancer settings, cloud security groups — and it builds a model of all feasible paths through the network, then overlays vulnerability-scan data to rank which exposed weakness actually matters. The company describes itself today as an exposure-management platform for hybrid environments, claims integrations with more than 2,000 device and system types, and counts "hundreds of companies and over 75 government agencies" as customers. The government share of that sentence is the load-bearing half.

The federal relationship is old and structural. In January 2011, In-Q-Tel — the strategic investor that scouts technology for US intelligence — signed a development and investment agreement with what was then RedSeal Systems, explicitly to adapt its continuous-monitoring engine for intelligence-community networks. In October 2013 the US Army selected RedSeal Networks for continuous monitoring as part of a network-security upgrade. In June 2018 the platform was added to the Defense Department's unified-capabilities approved products list, the accreditation gate through which software must pass to sit on DoD networks. Each of those milestones is a moat-stone: not a feature, but a permission — expensive to earn, painful for a rival to replicate, and invisible to anyone reading only commercial market share.

The commercial side of the customer book is harder to see, by design: banks, utilities and insurers do not file their software purchases. What the record supports is the company's own count — the "hundreds of companies" claim on its current site, and the 220 Global 2000 corporations cited in the 2019 investment announcement. Those two claims, seven years apart, describe a commercial base that has at best held steady, and the vocabulary shift — from a precise count to a round word — is the kind of change a careful reader weighs. For sectors that mirror federal buying habits (regulated utilities answering to reliability auditors, banks answering to examiners), the renewal logic below applies with the serial numbers filed off: the map is bought to survive an examination, and once an examiner has seen the map, not having it next year becomes a finding.

Why do such buyers renew? Because the model becomes the audit substrate. Federal information-security law requires continuous monitoring of security posture; the risk-management paperwork that authorises a system to operate cites the tooling that produces the evidence. Rip out the tool and you do not just lose a dashboard; you invalidate the documented basis of your accreditation and retrain everyone who touches it. RedSeal's own commercial terms quietly harden this dependency. Its published units-of-measure document — the fine print defining what a licence covers — states that on term deals "no perpetual licenses are granted," and that no right of termination for convenience applies during any term. That language matters because the government once bought this software outright: a 2018 Health and Human Services order covered support for "RedSeal Layer 3 perpetual licenses." The perpetual era ended; the subscription era, in which lapsing means losing the map entirely, is the one the fine print now enforces. Fear, renewed annually, is not a metaphor. It is the licence model.

Ten years of the federal ledger, read end to end

Because RedSeal's public-sector business flows through named, filed contract awards, its federal trajectory can be read with a precision private software companies almost never permit. A keyword pass across award descriptions in the federal spending database returns more than a hundred contracts whose text names the product, with award amounts summing to roughly $160 million since 2012. The fiscal-year rhythm of obligations runs: about $132,000 in FY2012; $922,000 in FY2013; $1.0 million in FY2014; $7.0 million in FY2015; $2.2 million in FY2016; then a step-change — $16.9 million in FY2017, $19.5 million in FY2018, $24.8 million in FY2019 — followed by a lumpy plateau: $5.9 million in FY2020, $18.7 million in FY2021, $8.0 million in FY2022, $16.0 million in FY2023, $10.6 million in FY2024, $14.5 million in FY2025. Two caveats bound the series honestly. It matches description text, so it captures multi-product bundles — a $12.2 million Department of Education order lists RedSeal alongside ServiceNow, Tanium and Qualys — and it misses any order whose description omits the brand, including whatever sits in classified budgets, where a company selected by In-Q-Tel presumably does some business. Directionally, though, the shape is unmistakable: a surge into the high twenties as the DoD standardised on the product, then a decade of oscillation between renewal troughs and option-year peaks, with no growth trend since 2019.

The individual awards put texture on that skeleton. The largest single line is the Defense Information Systems Agency's "RedSeal unlimited term license" — $27.0 million obligated between December 2016 and December 2021, $31.8 million with options, or roughly $5.4 million a year for department-wide rights. The State Department built an "Enterprise Network Mapping Project" on the product, paying $5.37 million for a single year in September 2021 and then $15.97 million for the three years through September 2025. The VA's current renewal traced above follows an earlier $18.6 million implementation running 2017-2020. The Marine Corps signed a $5.1 million base-plus-options subscription in 2023. Homeland Security components, the FBI, Space Force deltas, the Treasury and the Transportation Department all appear, some annually for a decade.

The cadence between the big anchors is just as telling. The FBI's procurement office renewed its licences and maintenance for $3.71 million on 26 September 2023 and again for $3.67 million on 26 September 2024 — the same date, one year apart, at essentially the same price, which is what an annuity looks like when it is working. The Transportation Security Administration bought its first $2.15 million tranche in 2017 and has renewed in the mid-six to low-seven figures nearly every August since, including a $573,826 maintenance year in 2021 and a $1.33 million two-year renewal in 2022. And the installed base varies enormously in size: on the same Navy-negotiated enterprise vehicle, September 2025 saw both a $3.91 million device-licence order and a $196,214 DISA software renewal — the agency that once paid $27 million for unlimited rights now maintaining a foothold at a two-hundredth of that run rate, a reminder that even sticky products get resized when enterprise agreements lapse.

The clustering of order dates carries its own risk information. The VA anchor starts 27 September; the State orders, 30 September; the FBI renewals, 26 September; the Navy licence order, 1 September. RedSeal's federal year is effectively one month long. That concentration makes revenue hostage to the annual appropriations ritual: a September government shutdown or a long continuing resolution does not merely delay this company's bookings, it compresses them into whatever window contracting officers are given to spend expiring money. The same concentration cuts the other way in flush years — use-it-or-lose-it budgets favour the incumbent renewal that can be obligated in an afternoon over the new procurement that cannot. Either way, a vendor with this profile is less a supplier to the government than a barometer of its fourth-quarter plumbing, and any reading of its fiscal-2026 numbers has to wait for the October data to mean anything.

Notice who never appears: RedSeal itself. Every dollar routes through resellers — FCN, immixTechnology, World Wide Technology, Norseman, PanAmerica, Metgreen and others — a channel structure universal in federal software. The vendor gives up a margin slice (SEWP contract fees are fractions of a percent; reseller markups on schedule orders typically run single digits) in exchange for contract vehicles, set-aside eligibility and invoicing machinery it never has to build. The channel's own paperwork shows how long the franchise is expected to run: FCN advertises a department-wide enterprise-software BPA for RedSeal — N66001-22-A-0081, negotiated under the DoD's enterprise software initiative — with ordering open into 2032. Somebody at the Pentagon has already decided this dependency has at least another six years to live.

What a licence actually costs

Now the arithmetic, built only from filed transaction prices — not list prices, which RedSeal does not publish, and not analyst estimates. Three anchors, each a real order by a real buyer.

First, the per-unit anchor. In June 2023 the Navy's information-warfare systems command ordered "base yr RedSeal license (63 systems)" through immixTechnology's GSA schedule contract: $6,992,990.63, with a period of performance running to June 2026. Read as sixty-three licensed systems over the order's three years, that is about $37,000 per system per year; read as a single base year with the licence count fixed, about $111,000 per system. Either reading is a transaction price on a government schedule vehicle, and either way the unit is expensive: this is five-to-six-figure-per-enclave software, sold in dozens rather than thousands of units.

Second, the renewal price pair — the headline metric of this piece, and it is contemporaneous, same-buyer, same-product. The State Department's single-year 2021 order works out to $5.37 million per year; its three-year follow-on signed twelve months later works out to $5.32 million per year. Renewal at parity, to within one percent, in nominal dollars, across the same network-mapping programme. The VA pair spans longer: $18.58 million over three years from 2017 is $6.19 million a year; $14.27 million over two years from 2025 (the ceiling filed as the award's base-and-all-options value, the first-year obligation filed directly) is $7.13 million a year — a 15 percent nominal rise across eight years in which cumulative US inflation exceeded 25 percent. The pattern in both pairs is the same: the renewal machine holds its dollar price and quietly cedes real price. That is what pricing power looks like for a mature niche vendor whose buyers cannot leave but will not expand: retention near perfect, escalation near zero.

Third, the enterprise ceiling. DISA's $27 million unlimited-rights deal shows what the whole Defense Department was worth as a single line: roughly $5.4 million a year at the largest network on earth. Multiply the observed anchors across the visible customer base and the federal side of the business supports low-to-mid-tens of millions of dollars a year in end-buyer spending — which the fiscal-year series confirms directly, averaging about $13 million a year of keyword-matched obligations across FY2021-FY2025, before whatever classified demand adds.

From here to total revenue requires inference, and it should be labelled as such. Two independent triangulations: first, from the ownership transaction — Reuters reported that STG bought roughly 70 percent for about $70 million in April 2019, implying about $100 million of equity value; control deals in slow-growth infrastructure software then priced at roughly two to four times revenue, implying $25-50 million of revenue at acquisition. Second, from headcount: employee-database trackers place the company around 185 staff — an estimate, not a filing — and mature security-software firms typically generate $200,000-$350,000 of revenue per employee, implying $37-65 million. The two methods overlap in the $35-60 million band, with the observed federal floor of $13-15 million a year of end-buyer obligations sitting comfortably inside it once reseller margin is deducted and commercial customers — the banks and utilities of the company's marketing — are added. Nothing in the public record supports a number materially above that band; a company still growing would not show a flat federal ledger and shrinking bridge financings, which is where the story turns to ownership.

Where the money goes

The cost side of the ledger is not filed anywhere, but its shape can be reconstructed from what the product demonstrably is. RedSeal's engineering burden is dominated by a treadmill few outsiders appreciate: the platform's value depends on correctly parsing the configuration syntax of the more than 2,000 device and system types it claims to ingest — every firewall firmware revision, every cloud provider API change, every switch operating system a customer might run. Each integration is a small, perpetual maintenance obligation; collectively they are the moat and the millstone at once. A rival cannot cheaply replicate twenty years of parser coverage, but neither can RedSeal stop paying for it, because a model that misreads even one border firewall is worse than no model at all. This is the classic economics of format-translation software: revenue scales with customers, but cost scales with the world's heterogeneity.

The rest of the cost base is comparatively light. The company sells software and modest rack-mounted analysis appliances — commodity servers under a badge, with support contracts priced in the low thousands of dollars a year in reseller catalogues — and offers cloud delivery through channels such as its AWS Marketplace storefront, which means its hosting is rented, not owned. The registry evidence agrees: the one block of address space the company holds directly is, as noted, unrouted lab space. There is no data-centre estate, no field force, no manufacturing. Distribution costs are largely variable — the reseller margins and government-vehicle fees embedded in every award above — and a separately maintained federal end-user licence agreement plus accreditation upkeep represent the fixed compliance overhead of staying sellable to Washington.

That leaves people as the overwhelming expense, and here the arithmetic closes the loop with the revenue band inferred earlier. At the tracker-estimated 185 employees — again, an estimate, not a filing — and a fully loaded cost of $180,000-$250,000 per head typical of a California-headquartered security vendor with senior engineering staff, payroll alone runs $33-46 million a year. Against inferred revenue of $35-60 million, that spread is the entire story of the company's last seven years: at the low end of the revenue band the business only works if the headcount has been cut to well below its venture-era size, which is precisely what the ownership chapter and the employment chatter suggest happened. The margin, in other words, was not found; it was manufactured, one reduction at a time, out of a cost base built for a growth story that did not arrive.

Private equity buys the renewals, not the dream

The venture chapter closed slowly, and EDGAR preserves the deceleration in three documents. In January 2015 the company raised $14.1 million of a planned $18.5 million round — the relaunch era, when former Venrock partner Ray Rothrock had taken the chief executive role and FedScoop covered the pivot from configuration auditing to "digital resilience" scoring. In December 2016 it raised $5.0 million. In December 2017, $975,000 — a bridge of a bridge, the syndicate writing its smallest possible cheque while a buyer was found. Sixteen months later, STG Partners announced its investment; Reuters put the terms at about $70 million for roughly 70 percent, of a company into which investors had put $142 million. The arithmetic deserves a plain sentence: the implied valuation was about 70 cents per dollar of capital ever raised. The 2019 transaction was not an exit. It was a controlled write-down, converting a stalled venture story into a private-equity annuity.

The buyer deserves a paragraph, because its subsequent behaviour frames what RedSeal is inside the portfolio. STG was not, in 2019, the security-industry landlord it later became; RedSeal was an early, small position. Within thirty months the firm led the $2.075 billion carve-out of RSA from Dell and the $4.0 billion purchase of McAfee's enterprise business, which it re-cut into Trellix and Skyhigh. Against those positions, a sub-$100 million network-modelling vendor is a rounding error — too small to justify partner attention, too cash-generative to abandon, too niche to merge into the bigger platforms without destroying the accreditations that make it valuable. Assets in that position tend to be run for cash by a succession of operating executives, which is exactly the pattern the record shows.

What does a private-equity owner do with an asset like this? The observable moves match the standard operating manual. Leadership turned over on a metronome: Rothrock gave way to Bryan Barney, formerly of Symantec's enterprise business, in June 2020; Barney gave way to Gregory Enriquez in January 2023 — three chief executives in under four years, each announcement promising a "next phase of growth" that the federal ledger does not show arriving. The licence terms tightened, as documented above: perpetual grants gone, termination-for-convenience excluded, every customer converted to a term that must be re-bought. The cost base thinned: the company that once occupied Sunnyvale and San Jose addresses now lists a Menlo Park headquarters, and employment reviews (treated properly as anecdote, below) describe repeated reductions. None of this is scandalous. It is what buying renewals looks like: maximise the annuity's yield, minimise its carrying cost, and defer the existential question of growth to the next owner.

The unanswered question in the record is the exit. STG has held for seven years — long by the standards of a firm that assembled and re-sold McAfee's enterprise business inside three. No filing, announcement or credible report visible in public sources describes a sale process, a recapitalisation or a merger for RedSeal as of early July 2026. A holding that long, of an asset that small, usually means either a quiet cash-flow harvest or a valuation gap between what the owner paid and what strategic buyers will offer for a flat-revenue vendor. Probably both.

The competitor that died, and the competitor that ships free

The sharpest way to price RedSeal's niche is to look at what happened to the company most like it. Skybox Security — Israeli-founded, similarly two decades old, selling network-model-driven exposure and firewall-policy management to the same class of buyers — shut down abruptly on 24 February 2025, dismissing its roughly 300 remaining employees the same day its assets were sold to rival Tufin. Skybox had raised more than $330 million, over twice RedSeal's lifetime funding, including $50 million as recently as 2023. The lesson is not that the category is worthless; customers still needed the maps, which is why Tufin paid for the remains and courted the orphaned installed base within hours. The lesson is that the category cannot carry venture-scale capital structures. Modelling networks is a fine $40 million business and a terrible $400 million one. RedSeal's controlled write-down in 2019 now reads as the soft version of the fate Skybox met in one afternoon: same economics, resolved six years earlier, at lower altitude, with the renewals intact.

The second front is harsher because nobody dies visibly. Platform vendors have absorbed "good enough" exposure mapping into products customers already pay for. Microsoft's Security Exposure Management reached general availability bundled into E5 licences, attack-path analysis included at no incremental cost for Microsoft-integrated estates. Tenable, Qualys and Wiz — the scanners and cloud-security platforms whose data RedSeal ingests — each now sell their own attack-path views, which makes RedSeal's supplier relationships double as competitive exposure: its most important integrations are APIs controlled by rivals. Meanwhile the network-digital-twin ground it pioneered is contested from the operations side by newer, better-funded specialists such as Forward Networks and NetBrain, selling path verification to network teams rather than fear to security committees.

The supplier relationships deserve to be read as a dependency map, because they run in an uncomfortable direction. RedSeal manufactures nothing and hosts little; what it consumes is data — scan results from Tenable, Qualys and Rapid7, configuration exports from Cisco, Palo Alto and Fortinet estates, inventory from cloud APIs whose terms Amazon, Microsoft and Google set unilaterally. Every one of those upstream parties is either a competitor in exposure management already or one product-management decision away from becoming one. None of them depends on RedSeal in return. A vendor whose product is a synthesis of other vendors' outputs holds a peculiar strategic position: its integrations are simultaneously its inventory and its vulnerability, and the price of that inventory is whatever the platform owners decide API access and export formats should cost in engineering effort each year. So far the openness has held, because enterprises demand it. The risk is not a dramatic cut-off; it is a slow degradation of second-class access while the platforms' own bundled views improve.

RedSeal's defensible remainder is specific: environments the platforms cannot see. Air-gapped and classified networks, where cloud-delivered exposure tools are non-starters; hybrid estates where the truth lives in firewall configurations rather than cloud APIs; institutions whose accreditation paperwork already cites the product. That remainder is real — the 2032 ordering window on the DoD vehicle proves an institutional bet on it — but it is a remainder. Every year, some fraction of the addressable estate migrates to clouds whose native tooling is free-at-the-margin, and the niche's boundary moves inward. The renewal machine's revenue holds; its total addressable market quietly erodes. Flat nominal pricing, shown in the State and VA pairs, is exactly what theory predicts for a vendor in that position: strong enough to keep every customer, not strong enough to charge them more.

Signals from the cheap seats

Beneath the filed record sits a layer of softer evidence, worth reading carefully rather than dismissing. Employment reviews are the loudest channel: RedSeal's Glassdoor profile carries about 85 reviews averaging in the high threes, with recent entries praising remote work and pay while one describes "three layoffs within six months" and others complain of management churn and product-relevance doubts. A rating in the 3.6-3.9 band is unremarkable for the industry; what the pattern suggests is not distress but steady-state cost management — an employer that trims annually and pays adequately, consistent with the private-equity harvest hypothesis rather than either growth or collapse. A run of one-star reviews clustered in a single quarter, or a sudden hiring surge in sales, would each falsify that reading; neither appears.

The competitive undercurrent shows in marketing plumbing. AlgoSec, a policy-management rival, maintains a page ranking "RedSeal alternatives" — the kind of search-capture content vendors build only when they believe a competitor's customers are actively shopping. Tufin ran an aggressive migration programme at Skybox's orphaned customers within days of that shutdown; the same machinery points at RedSeal whenever renewal season arrives. On the pricing side, opacity is itself a signal: RedSeal publishes licence definitions but no price list, review platforms list its pricing as quote-only, and the one channel through which its real prices leak is the federal record used throughout this essay. A vendor confident in its price-to-value ratio tends to publish; one managing a delicate installed base tends not to.

Pricing opacity has a second-order effect worth noting: it pushes the entire burden of price discovery onto exactly the records this essay uses. A prospective commercial buyer who wants to know what RedSeal costs must either request a quote — entering a sales motion designed to anchor high — or do what a diligent analyst does and read the federal ledger, where the GSA-schedule and SEWP transaction prices sit in public view. The asymmetry is stark: government buyers negotiate knowing every prior filed price; commercial buyers negotiate blind. If RedSeal's commercial pricing materially exceeds its federal transaction prices — which channel economics make likely, since federal schedule prices are contractually anchored to most-favoured-customer terms — then the company's most price-transparent segment is also its cheapest, and its opaque segment subsidises the visible one. Nothing in the record proves that split; a single leaked commercial quote would settle it.

Two absences complete the picture. First, no keyword-matched federal obligations had posted for fiscal 2026 as of this writing, against $14.5 million in fiscal 2025; given that RedSeal's order flow concentrates brutally in September — the VA, State and Navy anchors all start within days of fiscal year-end — that gap reads as reporting rhythm rather than churn, but it is the single series most worth re-checking in October. Second, no funding, acquisition or executive announcement of substance has appeared since the 2023 chief-executive change, an unusually quiet three years for a security vendor. Companies being groomed for sale usually get louder. Companies being harvested get quieter.

What would move this judgement

The judgement, stated plainly: RedSeal is a solvent, defensible, structurally stagnant annuity — worth in the tens of millions of dollars of revenue, priced flat in real terms, protected by accreditation moats and switching costs inside a shrinking perimeter, owned by an investor whose remaining move is an exit at a modest multiple. Several observable facts would change that assessment, in either direction.

Policy is the ambient variable behind all of them. RedSeal's demand is downstream of mandates — the continuous-monitoring requirements that In-Q-Tel cited in 2011 remain the statutory floor, and each successive federal push toward zero-trust architectures and cyber-readiness scoring adds paperwork that a network model can feed. Mandates giveth; consolidation taketh away. The current administration's pressure on departments to rationalise duplicative software licences is aimed squarely at line items like these — six agencies separately renewing the same modelling tool through six different resellers is the textbook case a consolidation reviewer flags. A single government-wide enterprise agreement would be double-edged: larger and stickier than today's fragmented renewals, but negotiated once, hard, against a vendor with no alternative buyer of comparable scale. Watching whether the fragmented September renewals persist through fiscal 2027, or fuse into something centrally negotiated, may be the cleanest single indicator of where the operating margin settles.

A competitive recompete lost in public would cut hardest: if the State Department's mapping programme, the VA's analytics renewal or the Navy's licence base moved to Tufin, Forward Networks or a platform vendor at the next option break, the retention assumption underpinning the annuity would fail, and Skybox's endgame would become the base case rather than the avoided one. Conversely, a new department-wide enterprise agreement — a successor to DISA's unlimited licence at comparable scale, visible as a nine-figure ceiling on a filed award — would prove the franchise still compounds. On ownership, a filed transaction would resolve the exit question that seven years of silence has left open; the price would instantly re-rate the whole category, as the only post-Skybox mark for a standalone network-modelling asset. The fiscal-2026 and 2027 obligation series will show whether September 2025 was a plateau or a peak; two consecutive years below $8 million of keyword-matched spending would signal the federal base itself eroding. A published price catalogue surfacing through a state contract or the GSA's systems would replace this essay's transaction-inferred unit economics with list-anchored ones and reveal the discount structure the channel currently obscures. And the softest tell would remain the truest: the September rhythm. The year the renewals stop clustering at fiscal year-end is the year the fear stopped being mandatory.

Evidence register

The spine of this piece is the public record; each key source below carries the claim indicated.